Security
Your deals never train anyone's model.
Pursuit runs on Anthropic's Claude API under a zero-data-retention arrangement. Your documents are used to underwrite your deal and nothing else. They are not used to train models and are not stored after processing.
Source discipline
Six guardrails. Built in, not bolted on.
Six guardrails ensure Pursuit's output can be trusted at IC committee level. By construction, not by policy.
Document-grounded extraction
Every figure originates from a submitted document. The AI does not infer or hallucinate values.
Source citation behind every number
Every value cites a document name and page number. The verbatim snippet is preserved alongside the parsed value.
Red flag on unsourced data
Fields the AI cannot confirm are flagged, not filled with estimates. The analyst decides what to use.
loan_amount → NOT FOUND · FLAGGEDAnalyst review before export
The model is a working draft, not an auto-final deliverable. Every deal requires analyst review before export. Gap flags are visible, not suppressed.
Full audit log
Every change is tracked, attributed, and timestamped. Every extraction session, model revision, and version output is logged with user ID.
Public-data cross-check
If two public sources contradict each other, Pursuit flags the discrepancy rather than guessing which to use.
Infrastructure
Isolated by design.
Each client organization runs in an isolated database partition. Audit logs capture user ID, timestamp, action, and data fingerprint for every operation.
Tenant isolation
Database-level access controls prevent cross-tenant queries. No deal, model, or document is accessible outside your organization.
Least-privilege access
Role-based access controls. Users get the minimum permissions needed. MFA for all production access.
Encryption
Encrypted in transit and at rest. Cardholder data never touches our servers. Stripe handles PCI DSS Level 1 compliance.
Compliance
Standards, stated honestly.
Only what is true today. Anything in progress is labeled in progress.
SOC 2 Type II
Security controls designed and implemented per AICPA Trust Services Criteria. Formal audit underway.
Data privacy
CCPA, CPRA, and GDPR aligned. Data retention off by default. Your deal data stays yours and is never used to train public AI models.
PCI DSS via Stripe
Payment processing through Stripe. Cardholder data never touches our servers. Stripe maintains PCI DSS Level 1.
Get started
Security built in. Ready to use.
Request access and get a live walkthrough of the source-discipline system.