Security & Trust — Newmark Intelligence

Six Principles

Built for the institutional bar.

Tenant isolation by default

Every row in every table is scoped to a tenantId. The AI layer, the broker agent, and the MCP server all enforce tenant scope before any query. Your deal data is never co-mingled with another firm’s.

Your data is never training data

Newmark Intelligence does not fine-tune shared models on tenant data. Prompts, completions, and tool-call logs stay in your tenant. Opt-in data sharing for benchmarking is available to enterprise customers and is always anonymized.

Encryption everywhere

TLS 1.3 in transit. AES-256 at rest on Postgres + S3 + backups. Per-tenant KMS keys for enterprise customers on request.

Scoped access tokens

Broker JWTs are per-user, HS256, 90-day expiry. MCP tokens are revocable from the admin console. No shared API keys, ever.

Full audit trail

Every broker-agent action, every AI decision, every routing rule fire is logged with actor, tenantId, brokerId, sessionId, and timestamp. 7-year retention.

Human-in-the-loop by default

Outbound AI responses go through an approval queue until your firm opts in to auto-send. Proposals and LOI drafts always require a broker signature before delivery.

Compliance & Attestations

The paperwork.

SOC 2 Type II

In progress · target 3Q26

Annual Type II audit by a tier-one firm. Interim Type I available under NDA.

GDPR

Compliant

Data Processing Addendum available. EU sub-processor list published.

CCPA

Compliant

California Consumer Privacy Act data-subject rights honored on request.

Fair Housing Act

Built in

Outbound AI filtered for prohibited screening language. Audit log available for HUD review.

ISO 27001

Roadmap · 2027

Scoped for enterprise + private-cloud customers.

HIPAA

Not in scope

Newmark Intelligence does not process protected health information.

Architecture

Under the hood.

Hosting

AWS us-east-1 (primary) · us-west-2 (DR). EU region available to enterprise on request.

Compute

ECS Fargate with private subnets. No public ingress except through the load balancer.

Database

Amazon Aurora PostgreSQL with pgvector. Multi-AZ. Point-in-time recovery: 35 days.

Object storage

S3 with versioning + replication. Server-side encryption with KMS.

Secrets

AWS Secrets Manager. Automatic rotation for all database credentials.

AI providers

Anthropic Claude (primary). Zero data retention contract. No training on tenant data.

Email channels

OAuth-scoped Gmail + Outlook. Tokens encrypted in KMS. Revocable per broker.

Backups

Continuous WAL archival + nightly snapshots. Restore tested quarterly.

Monitoring

Datadog APM + CloudWatch. Per-tenant error rate SLOs. On-call rotation 24/7.

Penetration testing

Annual third-party pen test. Summary report available under NDA.

AI Guardrails

The rails on the AI.

Legal advice blocker

The AI will not interpret lease clauses as legal advice. Detected legal questions are escalated to the assigned broker.

Fair Housing filter

Outbound content is scanned for prohibited screening language before send. Blocked messages queue for broker review.

Property grounding

AI only cites properties from your live inventory. No hallucinated addresses or SF figures.

PII handler

SSNs, dates of birth, and banking details are redacted at ingest. Originals stay encrypted at rest with scoped access.

Escalation triggers

Any unresolved question, any deal above a threshold, any guardrail hit — a human broker is paged.

Model-agnostic routing

Sensitive actions can be pinned to a specific provider (Claude default). No silent vendor swaps.

Built for the institutional bar.

Built for the institutional bar.

Tenant isolation by default

Your data is never training data

Encryption everywhere

Scoped access tokens

Full audit trail

Human-in-the-loop by default

The paperwork.

Under the hood.

The rails on the AI.

Legal advice blocker

Fair Housing filter

Property grounding

PII handler

Escalation triggers

Model-agnostic routing

Put Newmark Intelligence on your deal flow.