Adeft

Trust

Built for regulated work.

Mortgage processing is consumer-finance work. Adeft is built to match that bar. This page is where we show the receipts.

Human in the loop

Every outbound action is approved by a named processor.

Adeft prepares and queues; nothing sends without approval. The approval surface is where the human-in-the-loop promise lives, and that surface is reversible, attributable, and auditable. There is no "autonomy mode."

Data handling

Your borrower PII is not used to train models.

Customer files are processed for the purposes of operating Adeft on your behalf and stored under the retention windows you choose. We do not train foundation models on customer documents. Sub-processors are disclosed and contractually bound to the same standard.

Audit trail

Every action is timestamped, attributed, and exportable.

Classify, extract, draft, approve, send — each emits a structured event with actor, timestamp, and content hash. The audit log is the source of truth for compliance reviews and is exportable on demand.

Deployment

Private deployment available for regulated environments.

Enterprise customers can run Adeft in their own VPC with customer-managed keys. Either way, your data does not commingle with another customer’s.

Compliance posture

Where we are today.

GLBA-aligned controls

Engineered for

Access controls, encryption-at-rest, encryption-in-transit, retention windows, and breach-notification process built around the Safeguards Rule.

CCPA / CPRA

Compliant

Subject-access workflows for California consumers. Sub-processor list maintained at adeft.ai/security.

No model training on customer PII

Contractual

Stated in the MSA and the DPA. Includes anti-poisoning and prompt-isolation controls for shared inference endpoints.

Need our security packet, sub-processor list, or DPA template?