Request Access
00:00:00

Security

Your deals never train anyone's model.

Pursuit runs on Anthropic's Claude API under a zero-data-retention arrangement. Your documents are used to underwrite your deal and nothing else. They are not used to train models and are not stored after processing.

sub-processors Render · infrastructure Stripe · payments Anthropic · AI
01

Source discipline

Six guardrails. Built in, not bolted on.

Six guardrails ensure Pursuit's output can be trusted at IC committee level. By construction, not by policy.

guardrail 01

Document-grounded extraction

Every figure originates from a submitted document. The AI does not infer or hallucinate values.

guardrail 02

Source citation behind every number

Every value cites a document name and page number. The verbatim snippet is preserved alongside the parsed value.

guardrail 03

Red flag on unsourced data

Fields the AI cannot confirm are flagged, not filled with estimates. The analyst decides what to use.

loan_amount → NOT FOUND · FLAGGED
guardrail 04

Analyst review before export

The model is a working draft, not an auto-final deliverable. Every deal requires analyst review before export. Gap flags are visible, not suppressed.

guardrail 05

Full audit log

Every change is tracked, attributed, and timestamped. Every extraction session, model revision, and version output is logged with user ID.

guardrail 06

Public-data cross-check

If two public sources contradict each other, Pursuit flags the discrepancy rather than guessing which to use.

02

Infrastructure

Isolated by design.

Each client organization runs in an isolated database partition. Audit logs capture user ID, timestamp, action, and data fingerprint for every operation.

Tenant isolation

Database-level access controls prevent cross-tenant queries. No deal, model, or document is accessible outside your organization.

Least-privilege access

Role-based access controls. Users get the minimum permissions needed. MFA for all production access.

Encryption

Encrypted in transit and at rest. Cardholder data never touches our servers. Stripe handles PCI DSS Level 1 compliance.

03

Compliance

Standards, stated honestly.

Only what is true today. Anything in progress is labeled in progress.

In progress

SOC 2 Type II

Security controls designed and implemented per AICPA Trust Services Criteria. Formal audit underway.

Live

Data privacy

CCPA, CPRA, and GDPR aligned. Data retention off by default. Your deal data stays yours and is never used to train public AI models.

Live

PCI DSS via Stripe

Payment processing through Stripe. Cardholder data never touches our servers. Stripe maintains PCI DSS Level 1.

Get started

Security built in. Ready to use.

Request access and get a live walkthrough of the source-discipline system.

Request Access See pricing