Principles.

The company is the product. Software is the commodity.

When you sign with Norrsent, you are not buying access to software. You are getting a long-term operating partner. The platform is the delivery mechanism — what runs in the browser, what your team uses day to day. The actual product is the ability of Norrsent, as a company, to hold an enterprise's most sensitive operational record. Risk. Compliance. Sustainability. Audit. And whatever your enterprise needs to put on top of those.

Software-as-a-Service was the right model for the previous generation: customer pays for access to a feature set, vendor maintains the feature set, the relationship is transactional. That model fits when the value is in the features. It does not fit when the value is in the discipline of running your operating record without losing trust — which is the actual job we are doing.

Service-as-a-software, not software-as-a-service.

The inversion is real. Customers pay for outcomes — a working risk programme, a defensible disclosure, a clean audit, a board pack that survives scrutiny. They do not pay for feature lists. The software is how those outcomes are produced. The judgment, the methodology, the partnership, the ongoing engagement — those are the product.

This means the unit of value is the relationship, not the seat licence. It means the contract is denominated in outcomes, not features. It means the engineering organisation behind the platform is closer to a discipline than to a feature factory: every change has to preserve the trust the customer is paying for, not just add capability. We hold this constraint deliberately.

One operating record. Modules deploy on top.

An operating record is the architectural payoff of treating the company as the product. Instead of a portfolio of point-tools that each maintain their own data silos, Norrsent runs a single, signed, attributed record that sits underneath every module. Risk, threats, controls, policies, audits, disclosures, capital decisions — all of them read and write to the same record. There are no exports, no re-keying, no reconciliation step.

The architectural consequence: the foundation is loaded once. Identity, security review, integration patterns, the audit trail. Every additional capability deployed on top is a thin layer — the integration is already proven, the security is already cleared, the audit trail is already running. The marginal cost of a new capability collapses from a six-month project to a one- or two-week deployment. That is what makes the platform compound across years rather than depreciate.

Audit-grade by default. Discipline as a feature.

Every write to the platform is cryptographically signed and attributed when it happens. Not at the end of the cycle, not when the auditor arrives — at the moment the change is made. This is non-negotiable architecture, not a configurable option.

Most enterprise software treats audit trails as a compliance afterthought: a feature flagged on for the customers who ask. We treat them as the foundation of the platform. The reason is simple: when audit-grade discipline is the default, it ceases to be an extra cost. The platform that runs your daily work is also the platform that produces the assurance evidence. Cycle two reuses cycle one. The audit firm doesn't turn into a three-week scramble. That's what audit-grade means in practice.

Human-in-the-loop AI. No autonomous writes.

Norrsent Copilot drafts. A named human decides. Wherever AI shows up in the platform — risk identification, control suggestion, materiality scoring, capital decision drafting, audit response generation — the architecture routes every output to a person for review and signature before anything writes to the record or leaves the organisation. There are no autonomous writes. There are no GDPR Article 22 automated decisions.

The reason is not philosophical caution. It is practical: the value of this platform comes from the trust that the record holds, and the trust comes from the human accountability behind every entry. A platform that writes to the record on its own dilutes that trust. A platform that suggests, then defers to a human approver, preserves it. Copilot is designed to make humans more effective, not to replace the judgment that makes the record worth trusting.

EU-hosted. No exceptions, by architecture.

EU customer data is processed only in the EU. Frankfurt primary, Dublin disaster recovery. No data leaves the EU — neither in primary processing nor backup, neither under normal operation nor under any contractual arrangement. The company is EU-incorporated. Sub-processors are screened against the same constraint and listed publicly.

We treat Schrems II compliance as architecture, not policy. The 2023 EU–US Data Privacy Framework restored a legal mechanism for cross-border flow under conditions; it did not remove the underlying risk, and the framework itself is being legally challenged. Norrsent's position is structural: even if the framework holds, our customers should not have to re-evaluate their data residency assumptions every time the legal landscape shifts. The platform does not move data outside the EU. That removes a question from your security review.

Founding partners shape the defaults.

The platform's defaults — the naming conventions, the integration patterns, the workflow shapes, the scoring methodologies — are not retrofitted from a market. They are shaped by the first ten enterprises that run on the platform.

Twelve months. No fee. Quarterly engagement with the Norrsent team. Direct influence on roadmap. Permanent founding partner status, regardless of whether the partnership continues commercially. The asymmetry is deliberate. We could run a larger free-tier program; we'd dilute the partnership. We could run a shorter window; we'd produce too little signal. Ten enterprises, twelve months, then commercial — this is the cohort that lets us hold a real partnership while still shipping a product that works in production.

The value transfers both ways: the partner gets unusual influence over what the platform becomes; the company gets the deployment data and the operational rigour that comes from running real production systems. Both sides know what the trade is.