AI operations · built for mortgage lending

Find the basis points hiding in your operation.

GainSail works inside your lending shop the way your best operators do — tuning the database, watching the pipeline, telling every associate what to do first. And your data never leaves your network unmasked.

Request a demo See the architecture
gainsail · capital markets desk
desk@lender ~ $ gainsail briefing
 
⛵ MORNING BRIEF — 6 ITEMS, RANKED BY REVENUE AT RISK
 
1. 3 locks expire <4h · $1.2M volume · 38bps at risk
2. Hendricks: appraisal in 9d ago, conditions unsigned
clears today → funds this week
3. Pull-through dip · 30yr govt · 4 files stalled at docs
4–6 … `gainsail briefing --full`
 
desk@lender ~ $ gainsail optimize sp_PipelineRollup.sql
reading schema · indexes · 30-day query stats …
✓ rewrite ready: 14.2s → 0.9s · 2 index recs · plan diff ↗
desk@lender ~ $
Live surface · the same engine runs in browser, terminal, and API
The platform

Three crews, one ship.

Three operational capabilities built for how a mortgage lender actually runs — with a general assistant underneath that knows your schema, your pipeline, and your business.

01SQL Intelligence

Your database, tuned daily.

Schema-aware T-SQL optimization against your actual SQL Server — execution plans, index analysis, and query-store history included. Paste a slow proc; get back the rewrite, the reasoning, and the before/after plan.

RECOMMENDATIONS ONLY — humans apply changes.
The platform holds no write path to your database.
-- before · 14.2s avg
WHERE CAST(p.LockDate AS DATE) = @d
-- after · 0.9s avg
WHERE p.LockDate >= @d
AND p.LockDate < DATEADD(DAY,1,@d)
+ 2 index recommendations · plan diff ↗
02Monitoring Factory

Describe it. It's watched.

"If unactioned locks exceed 25 for 15 minutes, alert the secondary desk." That sentence becomes a running monitor — check, schedule, thresholds, stakeholder routing — in about a minute. Edit it in plain English; audit every change.

Alerts route only to pre-registered stakeholders.
Every monitor carries its full change history.
monitor: lock-desk-queue-depth
check: every 5 min
threshold: > 25 unactioned · 15 min
route: #secondary-desk · j.smith
FIRING · 31 UNACTIONED · 22 MIN
03Pipeline Intelligence

Every morning, ranked by money.

Each associate starts the day with action items ordered by revenue at risk — expiring locks, aging docs, stalled conditions. Ask why an item ranks first; get the answer from live pipeline data.

Scoped at the data layer — each user sees only
their own book. No prompt widens access.
① Locks <4h$1.2M · 38bps
② Hendricks conditionsfunds this wk
③ Stalled govt segment4 files
④ Docs aging >5d7 files
Architecture

Your data stays in your harbor.

Most AI vendors ask you to ship your data to them and trust the paperwork. GainSail inverts that: a small connector runs inside your network, and raw borrower data never crosses the breakwater unmasked.

Inside your network
01

The GainSail Connector

A small service your team deploys. Outbound-only — no inbound ports, nothing exposed. The only component that ever touches your database.

02

Read-only, replica-only

Read-only credentials against a replica. The platform is structurally incapable of writing to your systems of record.

03

Masking at the source

SSNs, DOBs, account numbers — fields the workflow doesn't need are stripped inside your walls, per a matrix your compliance team signs off on. Remaining identity fields are pseudonymized before egress.

GainSail cloud
04

The AI layer works on pseudonyms

By the time data reaches the reasoning layer, borrowers are tokens, not people. Names rehydrate only in your authenticated interface, at render time.

05

Zero-retention inference

The model layer runs under a zero-data-retention configuration: prompts and outputs are not stored there, and are never used for training.

06

Tenant-isolated everything

Per-tenant encryption keys, per-tenant connector certificates, append-only audit logs exportable for your own compliance reviews.

The sentence your vendor-risk team wants: the model never sees an SSN — structurally, not by policy. Masking happens inside your network, before anything egresses, on credentials that cannot write.

Surfaces

Meet your people where they work.

One platform, one permission model, one audit trail — three ways in. Every surface sees the same tenant config, the same scoping, the same tools.

№ 1 — Browser

The Workspace

Chat, dashboards, monitor management, and the morning briefing — for associates, desk leads, and managers. SSO in, working in minutes.

  • Pipeline briefing & drill-downs
  • Monitor builder & audit history
  • Admin, roles & usage console
№ 2 — Terminal

The CLI

A full agentic terminal for DBAs, analysts, and engineers. It reads and edits local files, works with your scripts and repos, and carries the same database tools as the workspace.

  • gainsail optimize <file.sql>
  • Local file & project awareness
  • Scriptable · CI-friendly
№ 3 — API

The Integration

Everything GainSail does, callable from your systems — embed the briefing in your LOS dashboard, trigger monitors from your schedulers.

  • REST + streaming endpoints
  • Webhook alert delivery
  • Same scoping & audit guarantees
Security & governance

Built for institutions that answer to regulators, investors, and borrowers — in that order, on the same day.

Single sign-on

SAML / OIDC against your identity provider. GainSail identities are your identities — joiners, movers, leavers flow through automatically.

Role-based access

Admins, builders, and associates see different tools entirely. Permissions enforce at the platform layer, not the prompt layer.

Row-level scoping

An associate's session is structurally limited to their own pipeline. No prompt, however creative, widens a user's data scope.

Encryption, both states

TLS 1.3 in transit with mutual-TLS connector authentication; envelope encryption at rest with per-tenant keys.

Append-only audit

Every query, tool call, and alert — who, what, when, under which scope. Exportable for your compliance team.

Nothing trains on you

Zero-retention inference configuration. Your data is never used to train any model — ours or anyone else's.

Trust & documentation

Built for your vendor-risk team.

When your third-party-risk or information-security team opens a vendor review, everything they need is ready. This page is the honest starting point — no vague promises, no unchecked boxes.

Data handling & security declaration
How your data is protected

Raw borrower data never reaches our servers — protection is structural, not a matter of policy you have to trust us to follow.

  • Unmasked borrower data stays inside your network
  • Encrypted in transit and at rest
  • Isolated per tenant — no cross-customer data paths
  • Access-controlled via SSO and role-based permissions
  • Every action fully audited and exportable
  • Retained only as long as needed, then purged on a defined schedule
The full security architecture, data-flow diagrams, and control documentation are provided under NDA during vendor security review. Serious vendors gate this detail — we're no different.
What we never do
  • Train on your data — ever, for any purpose
  • Allow raw borrower data to reach our servers
  • Sell, share, or combine your data with other customers' data
  • Use your data for any purpose beyond operating the contracted service
Access & isolation controls
  • SSO (SAML / OIDC) against your identity provider
  • Role-based access enforced at the platform layer
  • Row-level scoping — no prompt widens a user's data access
  • Per-tenant isolation — no cross-tenant key sharing
  • Append-only audit log: who, what, when, scope — exportable
  • Data deletion within 60 days of termination; written certification available
Vendor-review documentation

The artifacts your third-party-risk, information-security, or vendor-management team typically requests — with an honest availability status for each. Availability badges reflect current state; forward commitments are labeled as such.

Security architecture whitepaper
End-to-end data-flow diagram, connector design, masking model, encryption layers
On request
Data Processing Addendum (DPA)
GLBA-aligned processor agreement defining roles, obligations, and breach notification SLAs
Available
Subprocessor list
All third-party processors, their roles, data categories, and locations
Available
Data-flow & handling overview
Narrative description of how data moves from your network to the AI layer and back
Available
Access control, RBAC & SSO overview
Role model, identity federation, row-level scoping, and MFA requirements
Available
Incident response & breach-notification policy
48-hour notification commitment, escalation path, and post-incident report procedure
Available
SOC 2 Type II report
Independent audit of security, availability, and confidentiality controls
In progress
Third-party penetration test summary
Annual third-party pen test of cloud perimeter, connector auth, and tenant isolation
Planned
NYDFS Part 500 controls matrix
Mapping of GainSail controls to the NYDFS Cybersecurity Regulation requirements
In progress
GLBA Safeguards alignment statement
Narrative of how GainSail's security program satisfies service-provider obligations under 16 C.F.R. Part 314
On request
Business continuity & disaster recovery overview
BCP/DR scope, recovery objectives, and infrastructure resilience summary
In progress
Security questionnaire (SIG Lite / CAIQ)
Completed standardized questionnaire for your vendor intake process
On request
Key: AvailableReady now On requestProvided during security review In progressActive work in progress — forward commitment PlannedScheduled — forward commitment
Ready to run a vendor review?
We'll provide the full documentation package and answer your questionnaire in writing.
Request documentation
Security posture and current certification status are confirmed in writing during vendor security review and governed by the executed agreement.
Pricing

Priced per seat. Never per token.

Predictable line items your CFO can plan around — no usage meters, no surprise overages. Plans scale from a single desk to the whole operation.

For desks & mid-size lenders

Desk

  • All three pillars + assistant
  • Browser workspace & CLI
  • Standard connector deployment
  • Email & chat alert routing
  • Monthly or annual billing
Talk to us
Most lenders land here
For enterprise lending operations

Enterprise

  • Everything in Desk
  • SSO, RBAC & audit export
  • Dedicated connector & private tenancy
  • API access & webhook delivery
  • Compliance review support & SLA
  • Volume seat pricing + platform agreement
Talk to us
Request a demo

See your own operation through GainSail.

Bring a slow stored procedure and a question about your pipeline. The demo runs on your schema's shape — not canned data — so you'll see exactly what your team would.

Pilot programs for qualified lenders · deployment measured in days, not quarters