◆ Core principle: Epps.ai is designed so that financial calculations, modeling, and reporting occur locally in the client's browser. Optional AI-assisted features transmit only the content explicitly submitted by the user to the configured AI provider — no background collection or persistent storage occurs within Epps.ai infrastructure. We do not train models on client data. We do not store deal data.
This Data Policy applies to all Epps.ai products, services, and platform capabilities provided to investment firms, developers, and operators using the Epps.ai platform for real estate underwriting, investor reporting, and workflow automation.
This policy governs: (a) data processed by Epps.ai tools in client environments; (b) data transmitted to third-party AI API providers; (c) data stored by Epps.ai or its sub-processors; and (d) client obligations under this framework.
| Data Type | Classification | Where Processed | Epps.ai Stores? |
|---|---|---|---|
| Deal underwriting inputs (rent, NOI, cap rates) | Confidential — Client | Browser (client-side) | No |
| Investor report content | Confidential — Client | Browser (client-side) | No |
| Uploaded rent rolls / pro formas | Sensitive — Client | Browser memory only | No |
| Natural language prompts to AI | Sensitive — In Transit | Anthropic Claude API | No (not persisted by Epps.ai; Anthropic API follows applicable data handling terms) |
| Platform usage telemetry | Internal — Aggregated | Epps.ai analytics | Yes (anonymized) |
| Account credentials | Sensitive — Identity | Auth provider (SSO) | Hashed only |
Anthropic Claude (Primary AI Engine)
Natural language processing for memo generation, commentary drafting, and workflow automation uses the Anthropic Claude API. Epps.ai uses Anthropic API infrastructure configured for zero-retention processing where supported by API terms and deployment configuration.
- API calls are encrypted in transit via TLS 1.3
- Epps.ai is configured not to persist prompt history within its own infrastructure. Anthropic API processing follows applicable API data handling terms
- Clients should avoid including PII (names, SSNs, banking details) in AI prompts
- All AI outputs are drafts — client review and approval is required before distribution
⚠ Clients are advised not to include personally identifiable tenant information, investor SSNs, or banking credentials in AI prompt fields. These fields are designed for deal-level financial data only.
On-Premise Option
For clients with strict data residency requirements (US-only, EU GDPR, or air-gapped environments), Epps.ai offers a containerized on-premise deployment. In this configuration, no data leaves the client's environment. See the Deployment document for configuration options.
◆ AI-generated outputs are advisory only. Investment decisions, reporting distribution, underwriting conclusions, and investor communications remain subject to client review and approval.
Epps.ai tools are designed to augment — not replace — professional judgment. All outputs produced by AI-assisted features (IC memos, investor narratives, commentary, deal analysis, land screening assessments) are drafts intended for review by qualified investment professionals before any distribution, decision, or action.
- Underwriting models and sensitivity outputs are analytical tools — investment decisions rest solely with the client
- Investor communications and LP reports generated by the platform require client review and approval before distribution
- IC memos and investment narratives produced by AI are drafts — final approval authority remains with the investment committee
- Land screening risk scores are heuristic assessments — site-specific diligence, legal review, and professional engineering remain the client's responsibility
- Epps.ai does not provide investment advice, legal counsel, or fiduciary services
This principle applies across all platform tools and all AI-assisted outputs regardless of deployment configuration.
| Region | Default | On-Premise Option | Notes |
|---|---|---|---|
| United States | Available | Available | Default deployment; hosted on Netlify CDN |
| European Union | Near-Term | Available | GDPR-compliant on-premise now; cloud EU-West Q3 |
| Canada | Planned | Available | PIPEDA compliance |
- Deal inputs entered in the browser are held in browser memory only and cleared on session end
- Uploaded files (rent rolls, pro formas) are processed in-browser and never transmitted to Epps.ai servers
- Generated reports (PDFs, Excel exports) are created locally and downloaded directly — not stored on Epps.ai servers
- Optional AI-assisted features (memo drafting, narrative generation) transmit only the content explicitly submitted by the user to the configured AI provider. No background collection occurs.
- Account data is retained for the duration of the subscription and deleted within 30 days of account closure
- Anonymized usage telemetry (feature clicks, session counts) is retained for 24 months for product improvement
| Framework | Status | Notes |
|---|---|---|
| GDPR (EU/UK) | Compliant via DPA | Data Processing Agreement available; on-premise option for EU residency |
| CCPA (California) | Compliant | No sale of personal data; deletion rights honored within 30 days |
| SEC Regulation S-P | By Design | No client financial data stored; client is sole data controller |
| SOC 2 Type II | In Progress | Readiness assessment underway; audit targeted in a future release |
| Sub-Processor | Purpose | Data Shared | Region |
|---|---|---|---|
| Anthropic | AI language processing | Anonymized prompts only (no client identifiers) | US (Anthropic API; Epps.ai does not persist prompts) |
| Netlify | Static site hosting (CDN) | None — browser-native processing | Global CDN (US-primary) |
| Auth provider (SSO) | Identity management | Email, hashed credentials | US |
A complete sub-processor list is maintained and available upon request. Clients will be notified of material sub-processor changes with 30 days' advance notice.
Data privacy inquiries, deletion requests, and breach notifications should be directed to: privacy@epps.ai
Response SLA: 48 hours for general inquiries; 24 hours for breach notification. Enterprise clients have a dedicated channel through their account agreement.
◆ Epps.ai is browser-native by design. All underwriting computation, report generation, and Excel/PDF export happens in the user's browser. The server layer serves only static files. This architecture eliminates the largest class of data breach risk.
Browser-Native Processing
All financial calculations — IRR, equity multiples, waterfall distributions, sensitivity analyses, debt amortization — execute in the user's browser using standard JavaScript. No deal data is transmitted to Epps.ai servers at any point during underwriting.
Where AI-assisted features are used (memo drafting, narrative generation, workflow guidance), only the content explicitly submitted by the user is transmitted to the configured AI provider. All financial modeling, exports, and reporting generation remain entirely local.
- MF Acquisition Model: Institutional-grade acquisition model running client-side
- BTR Development Model: Full 10-year DCF computed in browser
- Sensitivity tables: 10×10 IRR/EM matrices computed locally
- Excel export: Generated in-browser via SheetJS — no round-trip to server
- PDF export: Rendered via browser print engine — no server involvement
AI-Assisted Features
Features that use AI (IC memo drafting, management commentary, workflow automation) make API calls directly from the browser to Anthropic's API. These calls contain only the content the user explicitly submits — no background data collection occurs.
- Direct browser → Anthropic API (no Epps.ai server proxy)
- Anthropic API configured for zero-retention processing where supported by API terms
- API key management: per-client, rotatable, not shared
- AI features are opt-in — all tools function without AI features enabled
| Control | Status | Implementation |
|---|---|---|
| Encryption in Transit | Live | TLS 1.3 for all connections; HSTS enforced |
| Encryption at Rest | Live | No persistent data storage (browser-native design) |
| Authentication | Near-Term | SSO / SAML 2.0 integration for enterprise |
| Role-Based Access | Near-Term | Admin, Analyst, Viewer roles |
| Audit Logging | Near-Term | Session-level activity log for enterprise clients |
| Pen Testing | Planned | Third-party penetration test scheduled pre-SOC 2 |
| Vulnerability Scanning | Live | Automated via Netlify + GitHub Actions CI |
| Content Security Policy | Live | CSP headers enforced; no inline script injection |
| Component | Provider | Region | Notes |
|---|---|---|---|
| Static hosting / CDN | Netlify | Global CDN (US-primary) | SOC 2 Type II certified host |
| Domain / DNS | Cloudflare | Global | DDoS protection, WAF included |
| AI API | Anthropic | US | API processing follows applicable Anthropic data handling terms |
| Auth (roadmap) | Auth0 / Okta | US / EU | SAML 2.0, OIDC, enterprise SSO |
| Monitoring | Netlify Analytics | US | Anonymized traffic only; no PII |
- Target uptime: 99.9% (Netlify SLA-backed CDN)
- RTO (Recovery Time Objective): < 1 hour — static site redeployment
- RPO (Recovery Point Objective): Zero — no stateful data to recover (browser-native)
- Incident response: Automated alerts via Netlify status page; client notifications within 2 hours
- Backups: Source code in GitHub with branch protection; no database backups required by design
| Tier | Description | Data Residency | Setup Time | Availability |
|---|---|---|---|---|
| Cloud (SaaS) | Hosted on Netlify CDN. Access via browser, no installation. Ideal for most clients. | US (browser-native — no deal data on server) | Immediate | Live |
| Private Cloud | Dedicated Netlify deployment on client subdomain (e.g. tools.yourfirm.com). Client controls access. | US (same browser-native model) | 1–3 days | Beta |
| On-Premise Container | Docker container deployed in client's own infrastructure. No internet required after setup. Full air-gap option. | Client-controlled — any region | 1–2 weeks | Planned |
| Enterprise Managed | Client-Branded Workspace with SSO, audit logs, RBAC, and dedicated support. Custom SLA. | Client-controlled | 2–4 weeks | Near-Term |
Requirements
- Docker Engine 20.10+ or Kubernetes 1.24+
- 2 vCPU, 4GB RAM minimum per instance (stateless — scale horizontally)
- NGINX or similar reverse proxy for TLS termination
- Outbound internet access to Anthropic API (only for AI features — optional)
- No persistent deal database required — all computation is stateless
Air-Gap Configuration
In an air-gapped environment, all financial calculation tools (underwriting models, sensitivity analysis, Excel export, PDF export) function without any internet connectivity. Only AI-assisted text generation features require outbound API access. These can be disabled via configuration flag.
◆ Clients who require full air-gap operation can disable all outbound API calls via a single environment variable: EPPS_AI_DISABLED=true. All modeling tools remain fully functional.
| Feature | Current | Enterprise Roadmap |
|---|---|---|
| Authentication | URL-based access (password-protected deployment) | SSO / SAML 2.0 / OIDC (Near-Term) |
| Role-Based Access | All-or-nothing per deployment | Admin · Analyst · Viewer · Read-only (Near-Term) |
| Audit Log | Not available | Session log with user, tool, timestamp (Near-Term) |
| IP Allowlisting | Available via Netlify or proxy config | Native in enterprise tier (Near-Term) |
| MFA | Via SSO provider | Native TOTP support (Planned) |
Current
- Excel export (.xlsx) — all models export to fully-formulated Excel workbooks
- PDF export — all reports export via browser print engine
- CSV export — summary data export from underwriting models
- Direct URL access — tools accessible via deep link for workflow embedding
Near-Term Roadmap
- REST API — programmatic access to underwriting engine (Near-Term Roadmap)
- Webhook output — push generated reports to client document systems (Planned)
- Yardi / AppFolio connector — direct rent roll import without file upload (Planned)
- DocuSign integration — countersigning for distributed LP reports (Planned)
| Tier | Uptime SLA | Support Response | Dedicated CSM |
|---|---|---|---|
| Pilot / POC | Best effort | 48 hours | No |
| Standard | 99.9% | 24 hours | No |
| Enterprise | 99.95% | 4 hours | Yes |
| Enterprise + On-Premise | Client infrastructure dependent | 2 hours + 24/7 on-call | Yes |
◆ This roadmap reflects Epps.ai's 2026 build priorities based on current pilot client feedback, with an institutional real estate investment firm as the anchor design partner. Product roadmap reflects workflows observed across institutional real estate investment, portfolio advisory, and development operations. Items marked Live are fully available. Items marked Beta are functional but require configuration or are in active testing. Items marked In Progress are actively being built. Items marked Planned are scoped and scheduled.
- MF Acquisition Model — full 10-year DCF, IRR, waterfall, sensitivity (10×10)
- IC Memo Generator — AI-drafted investment committee memos
- BTR Development Model — construction draw, lease-up, exit
- Rent Roll Parser — Yardi/AppFolio/custom upload with auto-mapping
- Quarterly Report Builder — 6 LP templates (Pension, Insurance, Family Office, IC, Developer, Custom)
- LP Template Library — same economics, different report structure per LP type
- Investor Format Standardization — configurable report sections per LP
- Land Acquisition Screening — APN, zoning, risk score, site observations
- Pro Forma Scenario Presets — Core, Core+, Value Add-Pension, Value Add-PE, Merchant Build
- SSO / SAML 2.0 integration (Okta, Azure AD)
- Role-based access control (Admin, Analyst, Viewer)
- Audit logging — session activity log
- Yardi / AppFolio direct connector (no manual upload)
- Lease-Up Modeling module
- Waterfall promote calculator (full IRR hurdle/tier logic)
- REST API — programmatic underwriting engine access
- Webhook output — push reports to document management systems
- Portfolio-level dashboard — multi-asset aggregation
- Automated quarterly report generation (scheduled, data-driven)
- DocuSign integration for LP report countersigning
- BTR Development Model — full construction DCF
- Cashflow Automator — residential REIT-standard cashflow statements
- Pro Forma Formatter — LP-ready output formats
- Land Acquisition Screening Tool — APN, zoning, risk scoring
- Pro Forma Scenario Presets — 5 institutional scenario types
- Construction Draw Schedule automation
- Entitlement tracker — timeline, risk flags, milestone tracking
- Construction lender package automation
- Certificate of Occupancy → lease-up handoff automation
- Comp sales database integration
| Feature | Status | Target |
|---|---|---|
| MF Acquisition Model (IRR, EM, waterfall, sensitivity) | Pilot Ready | Available for Design Partners |
| BTR Development Model | Pilot Ready | Available for Design Partners |
| IC Memo Generator (AI) | Beta | AI generation requires API configuration |
| Quarterly Report Builder (6 LP templates) | Pilot Ready | Available for Design Partners |
| Land Screening Tool | Pilot Ready | Available for Design Partners |
| Scenario Presets (Core, VA-Pension, VA-PE, Merchant) | Pilot Ready | Available for Design Partners |
| Excel Export (fully formulated workbooks) | Pilot Ready | Available for Design Partners |
| SSO / SAML 2.0 | In Progress | Near-Term |
| RBAC (Admin/Analyst/Viewer) | In Progress | Near-Term |
| Yardi/AppFolio Direct Connector | Planned | Near-Term |
| REST API | Planned | Planned |
| SOC 2 Type II Certification | Planned | Planned |
⚠ Epps.ai is currently in SOC 2 readiness preparation. Full Type II certification is anticipated in a future release. This document outlines the five Trust Services Criteria, current control status, and the path to audit. Enterprise clients may request a copy of our Security Questionnaire (SIG Lite) in advance of certification.
SOC 2 Type II certification verifies that Epps.ai's controls for security, availability, processing integrity, confidentiality, and privacy operate effectively over a defined audit period (typically 6 months). The audit will be conducted by an independent AICPA-accredited CPA firm.
- Gap analysis vs Trust Services Criteria
- Policy documentation
- Control inventory
- Vendor review
- SSO / RBAC deployment
- Audit logging
- Pen testing
- Incident response plan
- Auditor selection
- 6-month observation period
- Type II report issuance
- Annual renewal
| Criterion | Description | Current Readiness | Key Gaps |
|---|---|---|---|
| CC1 — Security | Protection against unauthorized access, disclosure, or damage | Partial | SSO, RBAC, audit logs, pen test |
| CC2 — Availability | System available for operation as agreed | Strong | Netlify CDN SLA; browser-native = no DB downtime risk |
| CC3 — Processing Integrity | System processing is complete, accurate, timely | Strong | AI-generated outputs are advisory only. Investment decisions, reporting distribution, underwriting conclusions, and investor communications remain subject to client review and approval. |
| CC4 — Confidentiality | Information designated confidential is protected | Strong | Browser-native: deal data never on server; TLS 1.3 |
| CC5 — Privacy | Personal information collected, used, retained per policy | Partial | Data policy live; formal privacy program documentation needed |
| Control Area | Required for SOC 2 | Current State | Target |
|---|---|---|---|
| Access Management | SSO, MFA, RBAC, offboarding procedure | URL-based access only | Near-Term026 |
| Audit Logging | User actions logged with timestamp and identity | Not implemented | Near-Term026 |
| Vulnerability Management | Regular scanning, patch management process | Automated CI scanning | Partial — expand scope |
| Incident Response | Documented IR plan, tested annually | Draft policy | Near-Term026 |
| Vendor Risk Management | Sub-processor review, contracts, annual reassessment | Anthropic, Netlify DPAs in place | Partial — formalize program |
| Change Management | Code review, testing, deployment controls | GitHub PR review + CI | Partial — document formally |
| Risk Assessment | Annual formal risk assessment | Not documented | Near-Term026 |
| Penetration Testing | Annual third-party pen test | Not conducted | Planned |
| Business Continuity | BCP documented and tested | Browser-native = minimal risk; not documented | Planned |
| Security Awareness Training | Annual training for all personnel | Not formalized | Near-Term026 |
While SOC 2 certification is in progress, Epps.ai provides the following to enterprise clients who require evidence of security controls:
- Security Questionnaire (SIG Lite) — available upon request
- Data Processing Agreement (DPA) — available and executed for all enterprise clients
- Architecture documentation — this document, available for client IT/security review
- Sub-processor list — maintained and available upon request
- Penetration test results — available upon completion (Future Release)
- Pilot engagements and design partner discussions available upon request
◆ Epps.ai's browser-native architecture means the attack surface is significantly smaller than a typical SaaS platform. There is no persistent deal database in current browser-native architecture, no persistent deal data to exfiltrate, and no server-side computation of client financial data. This is by design and is documented in our Architecture framework (Document 2).
For security questionnaires, DPA execution, architecture review calls, or SOC 2 timeline inquiries:
- Security & compliance: security@epps.ai
- Data privacy: privacy@epps.ai
- Enterprise accounts: enterprise@epps.ai
- Founder (Olesya Epps): olesya@epps.ai