All communication between your store and NoahFirst is encrypted using HTTPS (TLS). Data exchanged with third-party services (such as OpenAI) is transmitted over encrypted connections.

Data at rest is protected using infrastructure-level security controls provided by our hosting provider (IDCloudHost), including access control and storage-level protections.

NoahFirst operates on secure cloud infrastructure provided by: IDCloudHost.
We use a third-party AI provider: OpenAI

• The system processes limited data necessary to generate responses, including customer queries and relevant store data (such as product information and policies).
• Data is transmitted only when required to fulfill a user request.
• All providers are required to maintain appropriate security and confidentiality standards.
• A current list of subprocessors is available upon request.
• Data is processed solely to generate real-time responses and is not used by the subprocessor to train shared or public AI models.

Customer data is logically separated at the application level using account-based identifiers, ensuring that data from one store cannot be accessed by another.

Each request processed by NoahFirst is scoped to the specific store’s data and API is scoped authentication tokens.

Internal system access is restricted to authorized personnel and controlled through role-based access. Access is granted only as necessary for system operation and is logged.

We do not use customer data across accounts or for shared model training.

Third-party providers such as OpenAI process data per request and do not retain or use customer data for training shared models.

We maintain logs and monitoring to detect abnormal activity, including API usage patterns and system errors.

Logs are retained for operational and security purposes for a limited period.

If a security issue is identified:

• We investigate the affected systems
• We take corrective action to contain and resolve the issue

Affected users will be notified when required by applicable regulations.

Initial investigation is initiated as soon as reasonably possible after detection.