Product
Platform AI agents Security & governance
Who it's for
Asset management Acquisitions Finance & IR
Company
Resources PricingTrust Center Read the thesis Book a demo →

Built for capital that has to be defended.

Institutional real estate runs on money that answers to someone else: limited partners, investment committees, auditors, regulators, lenders. Software that touches that money has to be defensible to all of them. Built AI is engineered to be more auditable, more isolated, and more accountable than the analyst-and-spreadsheet process it replaces, not less.

Multi- or single-tenant·No model training on your data·SOC 2 Type II (in progress)·GDPR-aligned

Trust Center

Verify our posture in real time.

Our controls are continuously monitored and published to a hosted Trust Center. Certification status is shown live, and our security policies, control evidence, and audit reports are available to your team on request under NDA. Personnel and vendor specifics are kept private.

SOC 2 Type II · In progress ISO 27001 · In progress GDPR-aligned Continuously monitored
100%
Auditable outputs
0
Autonomous external actions
In progress
SOC 2 Type II ISO 27001
Your choice
Multi- or single-tenant, self-host or on-prem
At a glance
No model training Human approves every send Every number cited Read-only integrations Your data, exportable
01 · Deterministic by design

The black-box problem, and our answer.

Models whose reasoning cannot be reconstructed are disqualified from regulated capital. Our answer is to be more auditable than the analyst-and-Excel flow we replace.

EY named the obstacle that keeps most AI out of regulated finance the "black-box problem": models whose reasoning cannot be reconstructed or audited are disqualified from any process where capital is held in trust. For institutional real estate, that is the line between software you can deploy and software you cannot.

Most AI tools fail this test by construction. They generate plausible answers from a probabilistic model and present the output without a verifiable chain back to the underlying facts. The number looks right, but no one can prove it, and "the model said so" is not an answer a fiduciary can give. That is precisely the property that makes a tool unusable for an asset manager reporting NOI to an LP, a controller signing off on a distribution waterfall, or a GP whose underwriting will be re-examined years later in diligence.

Built AI is designed the opposite way. The platform is deterministic by design: every number it produces traces to a specific source, every computation it performs is reproducible, and every agent run can be replayed step by step. When the system reports that a property is running 4.2% under budget on operating expenses, you can click that figure and follow it back through the calculation to the line items, and from those line items to the source documents they were extracted from. Nothing is asserted. Everything is shown.

Two ways to produce a number
Black-box model versus deterministic by design
Black-box model
  • Plausible answers generated from a probabilistic model
  • No verifiable chain back to the underlying facts
  • Reasoning hidden inside model weights
  • "The model said so" is the only answer available
vs
Deterministic by design
  • Every number traces to a specific source
  • Every computation is reproducible
  • Every agent run can be replayed step by step
  • Derivation laid out as a traceable lineage you can audit
The reasoning is not hidden inside model weights. It is laid out as a lineage you can audit, the same way you would audit a workpaper.

The honest bar is not "as trustworthy as a black box." It is "more auditable than the analyst and the Excel file it replaces." That is the bar we hold ourselves to.

This matters because the manual process is not as auditable as people assume. A spreadsheet built by an analyst who has since left the firm, with formulas no one fully remembers and inputs pasted from a dozen statements, is a black box of a different kind. Built AI replaces that opacity with a system where the derivation of every figure is captured, versioned, and inspectable on demand. The reasoning is not hidden inside model weights. It is laid out as a traceable lineage you can audit, the same way you would audit a workpaper, except it is always current and never lost.

What this means for you

If you are the InfoSec lead or the controller who has to put your name on what the system produces: you are never asked to trust an unexplained output. Every figure carries its provenance. When diligence, an audit, or an IC challenge arrives, you reconstruct exactly how each number was reached in seconds, not by re-deriving it by hand.


02 · Data ownership

Your data stays yours. As architecture, not a promise.

Whichever way you deploy, your data stays inside your boundary and is never training data.

The most important sentence on this page is this: your data never leaves your tenant, and it is never used to train any model, ours or anyone else's. We want to be clear about why that is a statement about how the system is built rather than a line in a policy document you have to take on faith.

Built AI runs multi- or single-tenant, whichever your mandate calls for. In the managed multi-tenant deployment, isolation is enforced with per-tenant encryption, scoped credentials, and continuously tested access controls. When your mandate requires infrastructure-level isolation, the single-tenant deployment gives your firm its own instance, its own data store, its own compute, and its own boundary. You are not one row in a shared database alongside other funds; the isolation boundary is infrastructure you control, not configuration you have to trust. Firms that need that guarantee choose single-tenant or self-hosted; the managed rollout is the faster path.

For firms whose mandate or jurisdiction requires it, the instance can run inside your own cloud account or on-premise environment. In that configuration your deal data, rent rolls, financials, and investor information never traverse our infrastructure at all. They stay within a boundary you already control, govern, and have already cleared with your own security organization. Data residency requirements are met by putting the system where the data is allowed to live, rather than by promising to handle it carefully somewhere else.

No model, ours or anyone else's, is ever trained on your data. Your numbers are used to answer your questions, and for nothing else.

Whether your data trains anyone's models is the question every serious buyer asks first, and most AI vendors answer it badly. When your data flows into a product whose business model depends on improving shared models, you are usually told your data "may be used to improve the service." We do not operate that way. Your data is never used to train anything, and in a single-tenant or self-hosted deployment it is never even co-resident with anyone else's. In every deployment mode, your information works for you inside your boundary and is invisible everywhere else.

What this means for you

For the GP and the LP: confidential deal economics, fund performance, and investor data sit inside a boundary you control, on infrastructure you already trust. For the InfoSec team: there is no shared model and no training pipeline to interrogate, and in a single-tenant deployment there is no shared store at all.


03 · Human-in-the-loop by default

Nothing auto-sends. The system drafts; humans decide.

Zero autonomous external actions: the platform drafts and computes, then waits for a person to approve.

Built AI performs zero autonomous external actions. Nothing the platform does reaches outside your walls without a person approving it first. It does not auto-send an email to a lender. It does not auto-post a journal entry to your accounting system. It does not auto-commit a figure to an investor report. The catalog of agents that runs your investment lifecycle is built to do the work right up to the decision, then stop and wait for a human.

An agent gathers the rent roll, reconciles it against the lease abstracts, computes the variance, and assembles the draft of the report. Then it pauses. The output is a draft with its full reasoning attached, presented to the person whose judgment the firm relies on. That person reviews it, sees how every figure was derived, edits anything they choose to, and decides whether it moves forward. The agent never crosses that line on its own. Autonomy stops at the boundary of consequence.

Human-in-the-loop by default
The system drafts, a human approves, then it sends
1
The system drafts
The agent gathers, reconciles and computes, with full reasoning attached.
2
It pauses
Autonomy stops at the boundary of consequence. Nothing crosses on its own.
3
A human decides
The accountable person reviews the derivation, edits, and approves.
4
Then it sends
Only after approval does anything reach your books, an LP or a lender.
Built AI performs zero autonomous external actions. The catalog of agents does the work right up to the decision, then stops and waits for a person.

This is deliberate, and it maps onto how institutional firms already govern their work. Approval authority is not abstract; it follows your actual roles. The analyst prepares; the asset manager reviews; the controller signs off on anything that touches the books; investor relations approves anything that reaches an LP. Built AI mirrors that structure rather than flattening it. The system makes the analyst and the asset manager faster and removes the mechanical work, but it never removes the human who is accountable for the decision.

What this means for you

For the controller and the IR lead: no number reaches your books or your investors without passing through the person who is supposed to approve it. The system compresses the work of preparing the draft, then hands you a fully sourced version to accept, change, or reject. Accountability stays exactly where your governance already places it.


04 · The complete audit trail

Every number cited. Every run replayable. Every action logged.

Auditability is not a feature bolted onto Built AI. It is the substrate the whole platform is built on. Three things are always true, by design, for everything the system does.

Every number is cited to its source. No figure stands alone. Each one carries a link back to the document, statement, or system field it came from, and to the calculation that combined those inputs. There is no point in the chain where a number simply appears. You can always answer the question an auditor will ask: where did this come from?

Every computation is replayable. An agent run is not a one-time event whose logic vanishes after it finishes. It is a recorded sequence of steps. You can replay any run and watch the system reach the same result from the same inputs, which is what makes the output reproducible rather than merely plausible. If an input changes, you can see precisely which downstream figures change and why.

Every action is logged. Who ran what, who reviewed it, who approved it, what was changed before it went out, and when each of those things happened, all captured in an immutable trail. The record of human decisions is as complete as the record of the calculations.

An auditor should not have to take your word for anything. They should be able to open the system and watch the number assemble itself.

app.builtai.co/governance/audit
Governance › Audit log
Audit log
Every action recorded
0
autonomous external actions. Every send, write or filing waits for a named human.
09:42Covenant pack drafted · Block 37 Loan §6.2 · 5 sourcesWaiting approval
09:40Valuation recompute · Fund III deterministic engineComplete
09:38External send blocked · lender email awaiting humanBlocked
09:31Source linked · Yardi GL Q2 142 linesComplete
09:20Scenario run · +50bps rates Fund III · 18 assetsComplete
• Multi- or single-tenant · • No model training · • SOC 2 Type II (in progress)Built AI · governance
Every action lands in an immutable audit log: who ran what, who approved it, what changed, and when. Nothing leaves your tenant without a named human's approval.

The practical effect shows up at the moments that used to be painful. When an investment committee questions an underwriting assumption, you replay the run and show the basis in real time instead of going back to rebuild the model. When an auditor requests the support for a reported figure, the lineage is already there, complete and ready, rather than reconstructed from memory and a folder of attachments. When an LP asks how a performance number was calculated, the answer is a few clicks away. The work that used to consume the days before a deadline is simply already done.

What this means for you

For the auditor, the IC, and the diligence team: the support package is a live property of the system, not a fire drill. Provenance, reproducibility, and the full decision log are available on demand, which turns audit and review from a scramble into a lookup.


05 · Compliance posture & roadmap

Where we are, and where we are going. Honestly.

SOC 2 Type II and ISO 27001, both in progress, GDPR principles as a baseline, access role-based end to end. Stated plainly, ready to substantiate under NDA.

We will be precise about what is done and what is in progress, because vague compliance claims are exactly the kind of thing a serious security team is trained to distrust.

SOC 2 Type II is in progress. We are undergoing examination of our controls for security, availability, and confidentiality across an observation period. We say "in progress" rather than implying a completed report we do not yet hold. The controls are built and operating; the formal attestation is underway, and we are glad to walk your team through current status, scope, and timeline under NDA.

ISO 27001 is also in progress, extending the same control framework into a formally certified information security management system. We are progressing both deliberately rather than collecting badges, so that the underlying practice is real before the certificate is.

Data handling follows GDPR principles as a baseline: data minimization, purpose limitation, and the ability to export or delete your data on request. Because the system can run single-tenant inside your own environment, many cross-border and residency questions are answered by where the system is deployed rather than by how data is transferred out of it.

Access is role-based, end to end. Permissions are granular and follow the principle of least privilege: people see and do only what their role allows. Provisioning and deprovisioning integrate with your identity stack in the SCIM and SSO mold, so access is granted and, just as importantly, revoked through the systems your IT organization already governs. When someone leaves, their access ends where your directory says it ends.

See live certification status in our Trust Center →

What this means for you

For the compliance and InfoSec reviewer: you get a vendor that states plainly what is complete, what is in progress, and what is on the roadmap, with a security team ready to substantiate each claim under NDA. No badge is asserted before it is earned.


06 · Integrations respect your controls

We connect to your stack and inherit its rules.

Connections are read-only by default and inherit the permissions your systems already enforce.

Built AI is valuable because it connects to the systems you already run: your accounting platform, your asset management software, your data room, your property management systems. A connected tool is also a new path into your data, so the way those connections behave is a security decision, and we treat it as one.

Connections are read-only by default. The platform pulls the information it needs to build the knowledge graph and run its analysis, and that pulling is, by default, all it can do. It observes; it does not alter. Any action that would write back into a source system, post an entry, or change a record is not something the platform does on its own initiative. It is drafted, surfaced for approval, and executed only when a human authorizes it, consistent with the human-in-the-loop principle that governs the rest of the product.

Just as important, Built AI mirrors the permissions that already exist in your connected systems rather than overriding them. If a user cannot see a particular fund or property in your source system, connecting that system to Built AI does not suddenly expose it to them. The platform respects the access boundaries you have already drawn. It does not become a side door around your existing controls; it operates inside them.

What this means for you

For the InfoSec team evaluating the integration surface: connections are read-only unless a human explicitly approves a write, and existing permissions are inherited, not bypassed. The platform widens what your people can do with their data without widening who can see what.


07 · A buyer's checklist

Questions to ask any AI vendor.

You should put these questions to every AI company that wants access to your institutional data, including us. They are the questions that separate a tool built for regulated capital from one that merely demos well. Here is each one, and our answer.

Where does our data physically live?

If the answer is a shared environment with no isolated alternative, treat that as a flag. Our answer: you choose, a managed instance or your own single-tenant deployment inside your own cloud account or on-premise, so your data lives where you decide it lives and inside a boundary you control.

Is our data ever used to train your models?

This is the question that most often gets a soft answer. Ours is direct: never. Your data is not used to train any model, ours or anyone else's. It is used to answer your questions, and for nothing else.

Can we isolate or self-host the deployment?

Many vendors cannot offer this because their architecture is fundamentally multi-tenant with no isolated option. We can: alongside a fully managed multi-tenant deployment, the system supports single-tenant, self-hosted, and on-premise deployment, so full isolation is available whenever your mandate requires it rather than as a special arrangement.

Is every output auditable back to a source?

If a vendor cannot show you the derivation of a number, you cannot defend that number to your IC, your auditor, or your LPs. Every figure Built AI produces is cited to its source, every computation is replayable, and every action is logged. The output is auditable end to end.

Can the system take actions on its own?

Autonomy that reaches outside your firm is a liability in regulated capital. Built AI performs zero autonomous external actions. It drafts and pauses for human approval; nothing auto-sends and nothing auto-commits.

What happens to our data if we leave?

A vendor's exit terms reveal how it really thinks about your ownership. Because your data lives in your tenant, it is yours throughout and yours at the end. You can export it, and on termination it is deleted from any environment we operate. There is no residual copy living on inside a shared model, because it was never in one.

What this means for you

Bring this list to every vendor conversation you have, ours included. The questions that are hardest for most AI companies to answer cleanly are the ones we designed the product around. If a vendor hesitates on data training, isolation, auditability, or exit, you have learned the most important thing about them.

See how the platform is built →  ·  Read the thesis →  ·  See pricing →

Bring your security team. We'll answer every question.

We expect the hard questions about data, isolation, auditability, and control, and we are glad to take them. Sit your InfoSec and compliance people down with ours and put the architecture under real scrutiny.