SourceDeckRequest founding access

Built around your license, not despite it

A broker’s business runs on trust, reputation, and a license. SourceDeck’s security model starts from that: isolate the data, gate the sends, and keep the human in charge of anything that touches the outside world.

01

Tenant isolation at the database layer

Every brokerage runs in its own tenant, enforced with Postgres row-level security. Isolation is a property of the database, not a filter in application code: a query from one tenant cannot return another tenant’s rows, even if the application misbehaves.

Tenancy rules are covered by automated tests that run on every change to the platform. New tables are classified and tested before they ship.

02

A human approves everything outbound

Nothing sends itself. Campaigns, follow-ups, and every other outbound action stage in an approval queue, marked in Decision Amber, until a person clears them. There is no configuration that removes this gate.

The autonomy ladder governs what CASH may do without asking, and it applies to internal work only: sourcing, scoring, drafting, monitoring. Outbound always stops at the human.

03

Verified-only outbound, compliant by construction

Email campaigns send only to addresses that pass verification, which keeps bounce rates, and therefore sender reputations, healthy. CAN-SPAM requirements (sender identification, working unsubscribe) are built into the templates, unsubscribes feed a suppression list that is honored permanently across all campaigns, and sends are throttled rather than dumped.

Voice and SMS are reserved for warm, consented contacts, in line with the TCPA and state telemarketing statutes such as the Florida Telephone Solicitation Act. Suppression and do-not-contact status are respected across every channel. Cold outreach runs on channels where compliance can be enforced in software.

04

Your data stays yours

Your contacts, pipeline, and documents belong to you. They are not shared with other tenants, not sold, and not repurposed as anyone else’s dataset. Your CRM data is not used to train foundation models.

Leave, and your data leaves with you in standard formats. Retention after departure is governed by the privacy policy, not by lock-in.

05

Operational posture

Traffic is encrypted in transit. Credentials and API keys are stored outside the codebase. AI spend is bounded by design: dry-run cost previews and daily caps on paid lookups mean a malfunction costs a capped day, not an open-ended bill.

SourceDeck is an early-stage product and says so plainly: there is no SOC 2 report yet. What exists instead is a small, auditable surface and a founder who will answer specific security questions directly.

Questions

Security questions get direct answers from the person who wrote the code: [email protected].

Put your market on her watch

SourceDeck onboards a small founding class, one market at a time. Founding rates lock for as long as you stay.