The Sovereign Data Wellness Architecture

Security by Design. Governance by Default.

The Zero-Retention Data Plane

We Analyze Metadata, Not Data.

  • In-Flight Analysis

    The NuNorth Nero Intelligence Engine processes only the SQL AST (Abstract Syntax Tree) and schema metadata. We never see your rows.

  • Zero Data Extraction

    Actual query results flow directly from Google’s servers to your browser. No data ever touches our backend storage.

  • Ephemeral Memory

    Analysis results are stored in an encrypted Redis cache with a strict 10-minute TTL.

User Environment (Browser)NuNorth Nero EditorGoogle Cloud Platform (Your VPC)BigQueryNuNorth Nero Engine(Metadata Analysis)AST / SchemaRow Data (Direct)Metadata (Allowed)Row Data (Ignored)

Identity & Access: "Your Project, Your Rules"

NuNorth Nero integrates seamlessly with your existing Google Cloud environment, requiring zero "Service Account" key sharing.

NuNorth Nero (Cloud Run)Backend ServiceVPC Service PerimeterBigQuery APIVPC Access

Figure 2: NuNorth Nero Backend via Serverless VPC Access Connector

VPC Service Controls

NuNorth Nero is fully compatible with VPC-SC perimeters. Our backend communicates via a Serverless VPC Access Connector, keeping traffic within the Google Private Backbone.

Least-Privilege Scopes

We only request bigquery.metadataViewer and bigquery.jobUser. We physically cannot read your table data.

OIDC SSO

Authentication via Google Identity Services (OpenID Connect), inheriting your existing MFA policies.

The Agentic Optimization Loop

How we "Heal" your bill in under 200ms.

1
Intercept
The NuNorth Nero Editor captures the SQL input before execution.
2
Estimate
A parallel dryRun request fetches the projected byte count.
3
Refactor
The Agent analyzes the query against your Cached Table Metadata.
4
Guardrail
If the estimate exceeds your threshold, the execution is blocked.
NuNorth Security Sandbox
Cloud Health Metrics
[INTERCEPT] Query intercepted — analyzing AST
[AUTH] OIDC token validated — [email protected]
[SCAN] Dry-run complete — 2.1 GB estimated
[GUARD] Guardrail check passed — under 5 GB threshold
[VPC] Processing via VPC connector — no public egress
[EXEC] Optimized query forwarded to BigQuery API

Interactive Demo: Toggle "Cloud Health Metrics" to see NuNorth Nero in action.

Technical Specifications

DeploymentGoogle Cloud Run (CA-WEST1 / US-CENTRAL1)
Data ResidencyCanada CompliantCA-WEST1 (Calgary) / CA-CENTRAL1 (Montreal)
EncryptionAES-256 (At Rest), TLS 1.3 (In Transit)
ComplianceDesigned for SOC2 / HIPAA environments

Enterprise Procurement

Streamline onboarding with Google Cloud Marketplace Private Offers.

Private Offers

Consolidate billing directly onto your specific Google Cloud Invoice. We support custom EULA negotiation and private pricing tiers for enterprise volume.

Contact Sales for Custom Spec Sheet