β—† Data Privacy & Security

Governance built in
from day one.

Institutional real estate firms handle sensitive deal data, LP information, and proprietary underwriting. Epps.ai is designed with that responsibility in mind β€” not as an afterthought.

πŸ“‹
View Governance Framework Documents
Data Policy Β· Architecture Β· Deployment Β· Product Roadmap Β· SOC 2 Roadmap β€” all exportable to PDF
β†’

β—† Honest disclosure: Epps.ai is an early-stage platform. The principles below reflect how the system is architected today. Enterprise-grade features like role-based access controls and audit logging are actively in development. We will never overstate what exists.

β—† Core Principles

What governs every interaction
with Epps.ai today.

πŸ”’
Live β€” Enforced Today
Zero Persistence
Inputs processed within the active session only. No client data is retained by Epps.ai infrastructure after the session ends. Nothing is written to disk or stored server-side.
🚫
Live β€” Enforced Today
No Model Training
Client data is never used to train, fine-tune, or improve AI models. Inputs are processed and discarded. Your deal data stays yours.
🌐
Live β€” Enforced Today
Transmission Security
All AI API requests encrypted in transit via TLS 1.2+. Browser-native tool execution means reports are generated locally β€” data never transits a third-party server unnecessarily.
πŸ—οΈ
Live β€” Enforced Today
Browser-Native Architecture
Tools run in the user's browser. Excel files, rent rolls, and pro formas are parsed locally β€” not uploaded to a server. The data never leaves the user's machine.
πŸ”
In Development
Role-Based Access
User-level permissions, org management, and access controls for multi-user enterprise deployments. Analyst, manager, and admin roles with scoped access.
πŸ“‹
In Development
Audit Trail Logging
Timestamped activity log per user and session. Full query audit trail for enterprise clients requiring compliance documentation and oversight.
β—† How It's Built

Architecture designed for
institutional standards.

Data Flow
Excel/CSV files parsed in-browser via SheetJS β€” never uploaded
AI prompts sent to Anthropic API over TLS β€” session-scoped only
Reports generated and rendered locally in user's browser
No cookies, no tracking, no analytics on tool pages
Page refresh clears all session data β€” no persistence
Deployment Options
Hosted: Epps.ai managed β€” fastest to deploy, zero client IT
Private tenant: Dedicated client environment, no shared infrastructure
Client environment: Tools deployed inside client's own IT perimeter
All options support custom domain and branding
Deployment model determined by client governance requirements
AI Model Governance
Powered by Anthropic Claude β€” constitutional AI with safety built in
No persistent memory between sessions
Prompts scoped to session β€” no cross-client data exposure
API key managed by Epps.ai β€” never exposed client-side
Model outputs reviewed and validated before report generation
Access & Identity
Password-protected platform environment (Netlify Pro)
Per-client access credentials β€” no shared public access
Role-based access controls β€” in development
SSO / enterprise identity integration β€” on roadmap
Session audit logging β€” in development
β—† Governance Roadmap

What's built. What's
coming next.

Full transparency on where the platform stands today and what is actively being built.

ItemDescriptionStatus
Zero Persistence Architecture No data retained after session. Browser-native processing. No server writes. βœ“ Live
TLS Encryption in Transit All API requests encrypted via TLS 1.2+. No plaintext data transmission. βœ“ Live
No Model Training on Client Data Client inputs never used to train or fine-tune AI models. Enforced at API level. βœ“ Live
Browser-Native File Processing Excel/CSV files parsed locally in browser via SheetJS. Files never uploaded to server. βœ“ Live
Password-Protected Environment Platform access restricted to credentialed clients. Per-client access management. βœ“ Live
Privacy Policy & Terms of Service Formal legal documentation governing platform use and data handling. In Development
Data Processing Agreement (DPA) Standard DPA for enterprise clients under GDPR/CCPA frameworks. In Development
Role-Based Access Controls User-level permissions, org management, and scoped access for multi-user deployments. In Development
Audit Trail Logging Timestamped activity log per user and session. Compliance-grade documentation. In Development
Enterprise Backend (Persistent Storage) Encrypted-at-rest storage for clients requiring saved models and deal history. On Roadmap
SOC 2 Type II Program Certified auditor engagement for institutional compliance. Required for large LPs. Planned
US Data Residency Guarantee All data processed and stored exclusively within US infrastructure. Planned

Questions about data governance?

We're happy to discuss architecture, deployment options, and compliance requirements for your specific situation.

Talk to Us Get in Touch
Privacy Policy & ToS β†’ Data Processing Agreement β†’
Olesya
● ONLINE Β· REAL ESTATE AI COPILOT Β· EPPS.AI
Built by an operator. Underwriting Β· Reporting Β· Development Β· Advisory
Olesya Epps Β· Founder, Epps.ai
Institutional Real Estate Β· Operator-built AI workflows
β–Ύ
Olesya Epps
Founder Β· Epps.ai Institutional Real Estate Operator-built AI Workflows
About Epps.ai β†’
Ask Olesya
Hi β€” I'm Olesya, your AI copilot for real estate investment and development.

I can help analyze deals, explain tools, generate narratives, structure reporting workflows, and answer underwriting questions.

What are you working on today?
Need help directly?
Email Olesya Β· Book a Call