AI operations · built for mortgage lending

Find the basis points hiding in your operation.

GainSail works inside your lending shop the way your best operators do — tuning the database, watching the pipeline, telling every associate what to do first. And your data never leaves your network unmasked.

Request a demo See the architecture
gainsail · capital markets desk
desk@lender ~ $ gainsail briefing
 
⛵ MORNING BRIEF — 6 ITEMS, RANKED BY REVENUE AT RISK
 
1. 3 locks expire <4h · $1.2M volume · 38bps at risk
2. Hendricks: appraisal in 9d ago, conditions unsigned
clears today → funds this week
3. Pull-through dip · 30yr govt · 4 files stalled at docs
4–6 … `gainsail briefing --full`
 
desk@lender ~ $ gainsail optimize sp_PipelineRollup.sql
reading schema · indexes · 30-day query stats …
✓ rewrite ready: 14.2s → 0.9s · 2 index recs · plan diff ↗
desk@lender ~ $
Live surface · the same engine runs in browser, terminal, and API
The platform

Three crews, one ship.

Three operational capabilities built for how a mortgage lender actually runs — with a general assistant underneath that knows your schema, your pipeline, and your business.

01SQL Intelligence

Your database, tuned daily.

Schema-aware T-SQL optimization against your actual SQL Server — execution plans, index analysis, and query-store history included. Paste a slow proc; get back the rewrite, the reasoning, and the before/after plan.

RECOMMENDATIONS ONLY — humans apply changes.
The platform holds no write path to your database.
-- before · 14.2s avg
WHERE CAST(p.LockDate AS DATE) = @d
-- after · 0.9s avg
WHERE p.LockDate >= @d
AND p.LockDate < DATEADD(DAY,1,@d)
+ 2 index recommendations · plan diff ↗
02Monitoring Factory

Describe it. It's watched.

"If unactioned locks exceed 25 for 15 minutes, alert the secondary desk." That sentence becomes a running monitor — check, schedule, thresholds, stakeholder routing — in about a minute. Edit it in plain English; audit every change.

Alerts route only to pre-registered stakeholders.
Every monitor carries its full change history.
monitor: lock-desk-queue-depth
check: every 5 min
threshold: > 25 unactioned · 15 min
route: #secondary-desk · j.smith
FIRING · 31 UNACTIONED · 22 MIN
03Pipeline Intelligence

Every morning, ranked by money.

Each associate starts the day with action items ordered by revenue at risk — expiring locks, aging docs, stalled conditions. Ask why an item ranks first; get the answer from live pipeline data.

Scoped at the data layer — each user sees only
their own book. No prompt widens access.
① Locks <4h$1.2M · 38bps
② Hendricks conditionsfunds this wk
③ Stalled govt segment4 files
④ Docs aging >5d7 files
Architecture

Your data stays in your harbor.

Most AI vendors ask you to ship your data to them and trust the paperwork. GainSail inverts that: a small connector runs inside your network, and raw borrower data never crosses the breakwater unmasked.

Inside your network

Raw data stays put

Unmasked borrower data never leaves your environment. The connector lives inside your walls — that boundary is structural, not a setting someone can toggle.

No write path, ever

The platform is structurally incapable of modifying your systems of record. Recommendations surface to your people; your people apply them.

Masked before it moves

Sensitive identity fields are pseudonymized inside your network before anything egresses. The AI reasons over tokens — the model never sees an SSN, by design, not by policy.

GainSail cloud

Isolated per customer

Every tenant is cryptographically separated. There are no shared data paths between customers — audit logs are append-only and exportable for your compliance team.

Zero retention on inference

What the model reasons over is not stored, not logged by the model provider, and never used to train any model — ours or anyone else's.

Architecture shared under NDA

The detailed security architecture is provided during vendor security review. Serious vendors gate this — we're no different.

The sentence your vendor-risk team wants: the model never sees an SSN — by design, not by policy. The protection is structural, built into where data moves and what form it takes when it does.

Surfaces

Meet your people where they work.

One platform, one permission model, one audit trail — three ways in. Every surface sees the same tenant config, the same scoping, the same tools.

№ 1 — Browser

The Workspace

Chat, dashboards, monitor management, and the morning briefing — for associates, desk leads, and managers. SSO in, working in minutes.

  • Pipeline briefing & drill-downs
  • Monitor builder & audit history
  • Admin, roles & usage console
№ 2 — Terminal

The CLI

A full agentic terminal for DBAs, analysts, and engineers. It reads and edits local files, works with your scripts and repos, and carries the same database tools as the workspace.

  • gainsail optimize <file.sql>
  • Local file & project awareness
  • Scriptable · CI-friendly
№ 3 — API

The Integration

Everything GainSail does, callable from your systems — embed the briefing in your LOS dashboard, trigger monitors from your schedulers.

  • REST + streaming endpoints
  • Webhook alert delivery
  • Same scoping & audit guarantees
Security & governance

Built for institutions that answer to regulators, investors, and borrowers — in that order, on the same day.

Single sign-on

SAML / OIDC against your identity provider. GainSail identities are your identities — joiners, movers, leavers flow through automatically.

Role-based access

Admins, builders, and associates see different tools entirely. Permissions enforce at the platform layer, not the prompt layer.

Row-level scoping

An associate's session is structurally limited to their own pipeline. No prompt, however creative, widens a user's data scope.

Encryption, both states

TLS 1.3 in transit with mutual-TLS connector authentication; envelope encryption at rest with per-tenant keys.

Append-only audit

Every query, tool call, and alert — who, what, when, under which scope. Exportable for your compliance team.

Nothing trains on you

Zero-retention inference configuration. Your data is never used to train any model — ours or anyone else's.

Trust & documentation

Built for your vendor-risk team.

When your third-party-risk or information-security team opens a vendor review, everything they need is ready. This page is the honest starting point — no vague promises, no unchecked boxes.

Data handling & security declaration
How your data is protected

Raw borrower data never reaches our servers — protection is structural, not a matter of policy you have to trust us to follow.

  • Unmasked borrower data stays inside your network
  • Encrypted in transit and at rest
  • Isolated per tenant — no cross-customer data paths
  • Access-controlled via SSO and role-based permissions
  • Every action fully audited and exportable
  • Retained only as long as needed, then purged on a defined schedule
The full security architecture, data-flow diagrams, and control documentation are provided under NDA during vendor security review. Serious vendors gate this detail — we're no different.
What we never do
  • Train on your data — ever, for any purpose
  • Allow raw borrower data to reach our servers
  • Sell, share, or combine your data with other customers' data
  • Use your data for any purpose beyond operating the contracted service
Access & isolation controls
  • SSO (SAML / OIDC) against your identity provider
  • Role-based access enforced at the platform layer
  • Row-level scoping — no prompt widens a user's data access
  • Per-tenant isolation — no cross-tenant key sharing
  • Append-only audit log: who, what, when, scope — exportable
  • Data deletion within 60 days of termination; written certification available
Vendor-review documentation

The artifacts your third-party-risk, information-security, or vendor-management team typically requests — with an honest availability status for each. Availability badges reflect current state; forward commitments are labeled as such.

Security architecture whitepaper
Comprehensive security architecture and data-flow documentation, provided under NDA
On request
Data Processing Addendum (DPA)
GLBA-aligned processor agreement defining roles, obligations, and breach notification SLAs
Available
Subprocessor list
All third-party processors, their roles, data categories, and locations
Available
Data-flow & handling overview
Narrative description of how data moves from your network to the AI layer and back
Available
Access control, RBAC & SSO overview
Role model, identity federation, row-level scoping, and MFA requirements
Available
Incident response & breach-notification policy
48-hour notification commitment, escalation path, and post-incident report procedure
Available
SOC 2 Type II report
Independent audit of security, availability, and confidentiality controls
In progress
Third-party penetration test summary
Annual third-party pen test of cloud perimeter, connector auth, and tenant isolation
Planned
NYDFS Part 500 controls matrix
Mapping of GainSail controls to the NYDFS Cybersecurity Regulation requirements
In progress
GLBA Safeguards alignment statement
Narrative of how GainSail's security program satisfies service-provider obligations under 16 C.F.R. Part 314
On request
Business continuity & disaster recovery overview
BCP/DR scope, recovery objectives, and infrastructure resilience summary
In progress
Security questionnaire (SIG Lite / CAIQ)
Completed standardized questionnaire for your vendor intake process
On request
Key: AvailableReady now On requestProvided during security review In progressActive work in progress — forward commitment PlannedScheduled — forward commitment
Ready to run a vendor review?
We'll provide the full documentation package and answer your questionnaire in writing.
Request documentation
Security posture and current certification status are confirmed in writing during vendor security review and governed by the executed agreement.
In development · included for every Enterprise customer
The Logbook

Every voyage, recorded in your harbor.

A ship's logbook is the immutable, timestamped, legally significant record of a voyage — owned by the vessel, not the port. The GainSail Logbook brings that principle to your AI operations: every interaction, captured on your hardware, beyond our reach.

  • 01

    Sovereign & owned by you

    The Logbook runs on your infrastructure, writes to your storage, and never exfiltrates a byte back to us. We ship and maintain the software — you hold the record. Permanently.

  • 02

    Immutable & tamper-evident

    An append-only, HMAC hash-chained store means any alteration or gap in the record is mathematically detectable. The log cannot be quietly edited — by us, by attackers, or by anyone else.

  • 03

    Timestamped forever

    Every entry carries a precise timestamp — with a path to RFC 3161 trusted timestamps for legal-grade proof. When an examiner or counsel asks what your AI said on a given date, the answer is provable.

  • 04

    Zero vendor access to the record

    GainSail processes your (pseudonymized) interactions to do its work — that's the service. But the Logbook is different: it is your sovereign local record. We have no read path, no delete path, no path of any kind to it.

Precisely framed

"Zero access" means GainSail cannot read, alter, or delete the Logbook — it lives on your hardware, written by software we provide, with no exfiltration path back to us. It does not mean the platform never processes your interactions; GainSail does the work on pseudonymized data, as the architecture describes. The Logbook's value is a sovereign, client-owned, immutable record of that activity — distinct from the activity itself.

Append-only interaction record
Built for boards, risk committees, regulatory examination, and legal defensibility.
When an auditor asks for the complete record of your AI activity, you hand them a file — not a vendor request.
The Logbook ships with every Enterprise plan — included, not an add-on.
In development. Ask about the roadmap at your demo.
Request a demo
Value & cost comparison

What a purpose-built platform actually costs you.

General AI tools look cheap until you count what they don't control. Here's the honest accounting — build cost, token spend, compliance exposure, and the hours your people aren't spending on the job you're paying them for.

The hero argument
General AI seats are open-ended. Your people will use them for anything.
GainSail is structurally locked to lending-ops work — it cannot be pointed elsewhere.

A general AI assistant is a blank terminal with a company credit card attached. An employee curious about weekend recipes, debugging a personal Python project, or drafting a side-hustle email burns the same token budget as one doing loan-pipeline work. You pay the tab either way — and you have zero structural enforcement that the spend went to lending. GainSail removes this problem at the architecture level. The tools it exposes, the queries it can run, and the workflows it can execute are scoped entirely to mortgage operations. There is no off-ramp.

Problem 1 · spend control

General AI bills by usage. Off-task work runs up the same meter as on-task work. GainSail is fixed per-seat — token economics are pooled and capped at the platform level, never passed to you per call.

Problem 2 · governance

Ungoverned AI use means shadow-IT and a policy enforcement burden. GainSail requires no AI-acceptable-use policing — the platform is structurally incapable of being used for anything outside lending ops.

Problem 3 · on-task productivity

Every hour an employee spends on off-task AI activity is an hour not spent on your pipeline. GainSail keeps every session on the work — SQL, pipeline, monitors. Full stop.

Problem 4 · compliance exposure

Borrower NPI pasted into a general tool is a GLBA exposure — those tools were never built to protect it. GainSail masks sensitive fields structurally, before data leaves your network.

Capability General-purpose
AI assistants
e.g. ChatGPT Enterprise,
Microsoft Copilot		 Build it
in-house
raw AI API + your
engineering team		 Horizontal
enterprise AI
broad-platform vendors,
not mortgage-specific		 GainSailPurpose-built for
mortgage lending
Purpose-built for mortgage lending Nogeneric across all industries Only if you build ityou own the entire scope and maintenance burden Nohorizontal — lending is one of dozens of verticals Yesschema-aware, pipeline-aware, lending-vocabulary native
Knows your database, schema & pipeline Nono connector to your SQL environment You build & maintain itconnector + masking + scoping is a real engineering program Variesintegration depth depends on platform and configuration effort Yesreads schema, execution plans, query store history, live pipeline
Borrower data (NPI) stays compliant & masked Exposure riskNPI sent to a general tool is a GLBA concern — not built for it You solve itmasking must be designed, built, and maintained by your team Varies by vendorreview each vendor's data flow and processor agreement carefully Yes — structuralmasked inside your network before egress; the model never sees an SSN
Scoped — cannot be used for off-task work Noopen-ended; employees can use it for anything on the company plan If you enforce itscope enforcement is your engineering and policy responsibility Policy-dependentconfigurable in most platforms, but not structurally enforced Yes — structurallythe platform exposes only lending-ops tools; there is no off-ramp
Predictable spend — no token surprises Nometered per usage; off-task work runs up the same bill Noraw API billing passes token costs directly to you Variesmany platforms pass through usage charges or have overage tiers Yesfixed per-seat; pooled caps; never token-metered to you per call
Build & maintenance cost to you $0 to deploy
but generic — won't know
your schema or pipeline		 High$300K–$1M+ to build; ongoing maintenance burden on your engineering team Implementation fees
typically 3–6 months to full deployment; ongoing config burden		 $0 build costwe maintain the platform — you deploy a connector and configure your seat
Time to value Days to sign up
weeks to integrate + still generic — no schema or lending context		 6–12 monthsto a working system; assumes experienced engineers and defined scope Monthsenterprise procurement + implementation timelines Daysconnector deployment, schema walk, and first briefing in a pilot engagement
Audit trail & access control tied to your data Shadow-IT riskno row-level scoping; audit controls are platform-level, not data-level You build itRBAC, audit, and row-level scoping are engineering tasks you own Platform-levelaudit exists, but may not include data-layer scoping native to your LOS SSO / RBAC / row-levelappend-only audit log, every query and tool call; exportable for compliance
Comparison reflects general product categories, not any specific vendor's full capability. Evaluate each option against your own requirements and obtain representations in writing from any vendor under consideration.
How GainSail stacks up — relative cost, risk & time

Multipliers and ratios scale to any operation size. Every relative shown here traces to a labeled assumption in the footnote below it — pressure-test them against your own numbers.

Cost to field a comparable capability
Build in-house
GainSail
Basis: 2–4 engineers × 6–12 months (illustrative). Actual figure depends on your team's loaded rates and scope. GainSail build cost = $0 — no engineering program required.
50–100×
More to build it yourself than to deploy GainSail.

And 6–12 months before it does anything useful versus days to first briefing — during which your pipeline keeps moving without the insight.
Multiplier is illustrative — based on typical in-house AI platform build costs vs. per-seat SaaS. Label it "order of magnitude" in any internal discussion.
Productivity · time to ROI
2–3 hrs/wk
A single technical seat saves this much time through faster SQL rewrites, automated monitoring, and ranked pipeline briefings — enough for the seat to pay for itself.
Illustrative basis: loaded DBA / analyst seat at typical industry rates. Actual savings depend on your workflow and query volume.
Time to value · GainSail vs. build
Days
not months
Connector deployment, schema walk, and first morning briefing complete in a pilot engagement. Compare to 6–12 months for an in-house build to reach production.
Illustrative. Actual deployment timeline depends on your environment and IT bandwidth.
Compliance risk magnitude
Years
A single mishandling of borrower data can erase years of any efficiency gain. Financial-sector breaches run into the millions — making the structural protection in GainSail's architecture a cost argument, not just a compliance one.
Basis: IBM Cost of a Data Breach Report (financial sector). Cited for magnitude only — not a GainSail-specific claim or projection.
General-purpose AI seat · off-task usage (illustrative)
~20%+ of budget
An open-ended AI seat is a blank terminal attached to a budget. No structural mechanism prevents personal projects, off-topic research, or side-hustle drafts from running on the company plan.
Illustrative — actual off-task fraction varies by organization and enforcement posture. Any non-zero fraction burning at scale is unrecoverable spend.
GainSail · off-task usage
0%structurally
The platform exposes only lending-ops tools. There is no general assistant surface employees can redirect. The constraint is architectural — not a policy someone has to enforce.
The 0% is structural, not aspirational. The platform cannot be pointed at off-task work by design.
Spend predictability — metered vs. fixed per-seat
Metered general AI tool — usage-driven, unpredictable
GainSail — fixed per-seat, no per-call metering passed to you
Illustrative only — no axis values are real. The point: a metered general tool produces a jagged bill that tracks usage patterns you don't control. A fixed per-seat line is a line item the CFO can plan around.

The honest takeaway: GainSail costs less than building it yourself, is safer than a general tool from a compliance standpoint, and — critically — the spend cannot run away. A general AI seat that your team can point at anything is a governance problem waiting to become a line item. GainSail is neither.

All ratios, multipliers, and percentages above are illustrative and intended as order-of-magnitude guidance, not formal projections. Build-cost multiplier basis: 2–4 engineers × 6–12 months at industry-average loaded rates (illustrative). Time-to-value comparison based on typical in-house AI platform delivery timelines. Compliance risk magnitude: IBM Cost of a Data Breach Report (financial sector) cited for industry context only. Off-task usage percentage: illustrative — actual varies by organization. GainSail sticker price is not claimed to be lower than any specific competitor's per-seat rate. Model your own numbers against your actual headcount and workflow patterns.
See the ROI on your actual numbers.
Bring your headcount, a slow stored procedure, and your current AI tool spend — the demo runs on your operation, not canned data.
Request a demo
Pricing

Priced per seat. Never per token.

Predictable line items your CFO can plan around — no usage meters, no surprise overages. Plans scale from a single desk to the whole operation.

For desks & mid-size lenders

Desk

  • All three pillars + assistant
  • Browser workspace & CLI
  • Standard connector deployment
  • Email & chat alert routing
  • Monthly or annual billing
Talk to us
Most lenders land here
For enterprise lending operations

Enterprise

  • Everything in Desk
  • SSO, RBAC & audit export
  • Dedicated connector & private tenancy
  • API access & webhook delivery
  • Compliance review support & SLA
  • Volume seat pricing + platform agreement
Talk to us
Request a demo

See your own operation through GainSail.

Bring a slow stored procedure and a question about your pipeline. The demo runs on your schema's shape — not canned data — so you'll see exactly what your team would.

Pilot programs for qualified lenders · deployment measured in days, not quarters