
Pillar 03 · Security
In CRE, your data is the deal.
Make it secure.
Rent rolls, investor PII, LP commitments, off-market terms — the data that makes AI useful is exactly the data you cannot afford to leak. Most AI tools route it through shared public endpoints you don't control. We build the opposite: private AI agents and dedicated infrastructure, engineered so your deal data never leaves your control.
What we deliver
Two ways to run AI that answers only to you.
Secure AI Agents
A private assistant your team reaches on a secure application. It answers a named allowlist of your people and no one else — and lives on infrastructure with no public doorway.
- Named allowlist — everyone else is refused
- One revocable certificate per person
- Every session logged
Fully Private AI Hosting
Frontier open models running on dedicated GPUs inside your own cloud. Prompts, documents, and replies never reach a third-party AI vendor. For mandates where nothing may leave — LP data, fund financials, off-market pipelines.
- 0 bytes of prompts or documents shared with any AI vendor
- Frontier open models, served side by side
- Flat, predictable infrastructure cost — no per-message fees
Enterprise-grade security.
Designed to support the data-protection obligations your clients and counsel care about — GDPR, CCPA, and the confidentiality terms already in your agreements.

ISO/IEC 42001:2023

SOC 2 Type II

Encrypted end-to-end

No training on user data

CCPA

GDPR
The architecture
Zero public entry points, by design.
Your deployment runs in your own cloud account: you own the keys, the code, and the logs, and every path your data can travel is written down and reviewable.
Your team
Named individuals only — one revocable certificate per person.
Your private cloud environment
AI agents
Hardened containers: non-root, read-only, zero kernel privileges.
Private AI models
Frontier open models on dedicated GPUs — plus proprietary models under business terms when you choose.
Encrypted secrets vault
Immutable audit logs
Continuous scanning
Your private channels
The agent dials out to where your team already works. Nothing dials in.
Under the hood
The technology — and why each choice matters.
Private-by-design network
The agent has no public address. It dials out; nothing on the internet can dial in.
Certificate-based VPN
Access requires a per-person cryptographic identity — revocable individually, not a shared password.
Customer-managed encryption
Credentials sealed in a secrets manager under a key you own and can revoke at any time.
Hardened OS in the cloud
Non-root, read-only, zero kernel privileges. If anything is compromised, it has nowhere to go.
Continuous vulnerability scanning
Every component is re-examined as new threats are published — not just at install.
Least-privilege everything
Each part may touch exactly one image, one vault, one log stream. Nothing holds broad access.
Data privacy
Privacy is not a feature we add. It's the position we start from.
Encrypted end to end
TLS in transit; sealed at rest under a key only you control. Revoke it and the data is unreadable — even to us.
Access you can name
The agent answers a named allowlist — everyone else is refused. One certificate per person; every session logged.
Never used to train AI
Private models keep prompts entirely in-network; any external calls run under business terms that bar training.
Minimal retention, on paper too
Runtime state is ephemeral — nothing accumulates unless you choose. NDA and DPA close the loop on paper.
During an engagement
How we handle your data while we work.
What we access
During an audit we typically review tool inventories, workflow documentation, and representative samples of the documents your teams handle — rent rolls, LOIs, reports. We ask for the minimum sample that makes the analysis honest.
What we don't take
We work in your systems under accounts you provision and can revoke. Client data doesn't leave your environment for our convenience; analysis artifacts we create reference your data rather than copying it wherever possible.
NDA before anything
Every engagement begins with a mutual NDA — before the first interview, before the first screen share. Yours or ours, whichever your counsel prefers.
No training on your data
Nothing we see in your engagement is used to train AI models, ours or anyone else's. Where we use AI tooling in our own analysis, it runs under enterprise agreements with training disabled.
Retention & return
At engagement end, access is revoked, working copies are destroyed, and we certify it in writing. What we keep is what we delivered to you: the policy, register, map, and roadmap.
If something goes wrong
You get a named contact and a committed notification window for any suspected incident involving your data. That commitment is in the engagement agreement, not just this page.
Questions your IT or counsel wants answered before an engagement? Send them through the contact page — security questionnaires welcome.
Next step
Bring your security questionnaire.
The discovery call is a fine place for your IT lead's hardest questions. We'd rather answer them before the engagement than after.