Relational analytics for the CRE broker or CMBS buyer
APIP — Autonomous Property Intelligence
Open Dashboard →
Trust & Compliance

Compliance is not a feature. It is the foundation.

HI → AI = PI · Human Intelligence into AI equals Property Intelligence

This page documents APIP's data handling practices, DNC/TCPA compliance process, retention policy, and subprocessor list. If you have questions not answered here, contact us directly.

Contact compliance →Methodology
Screen pipeline · live
7 of 7 complete
  • 01
    Number acquired · source + date stamped
    PASS
  • 02
    TCPA cell classification (carrier lookup)
    PASS
  • 03
    National DNC Registry (FTC)
    PASS
  • 04
    State DNC (FL, TX, CA, NY)
    SUPPRESS
  • 05
    Litigator-flag database
    PASS
  • 06
    14-day re-screen scheduled
    PASS
  • 07
    Audit log written
    PASS
Outcome
1 of 5 numbers suppressed · 4 dialable
Next re-screen
8 days
Real production screen · 5220 Summerlin Commons
TCPA compliant
Cell classification + consent flagging
14-day DNC re-screen
Automatic, no operator action
AES-256 at rest
TLS 1.3 in transit
Full audit log
Available on request
Data handling

How APIP handles personal and property data.

Encryption at rest

All data is encrypted at rest using AES-256. Encryption keys are managed by AWS KMS with automatic rotation.

Encryption in transit

All data in transit is encrypted using TLS 1.3. No plaintext transmission of personal data is permitted.

Access controls

Role-based access control (RBAC) limits data access to authorized personnel. All access events are logged.

Data minimization

APIP collects only the data necessary to fulfill the stated purpose. Unnecessary personal data is not retained.

Retention limits

Personal data is retained for no longer than 24 months from last active use. Deletion is automated and logged.

No sale of personal data

APIP does not sell personal data to third parties. Data is used only for the purposes described in the Privacy Policy.

DNC / TCPA process

Seven steps from number to compliant call sheet.

APIP's DNC/TCPA compliance process is documented, auditable, and automated. No number reaches a call sheet without completing all seven steps.

  • National DNC Registry (FTC)
  • State DNC lists, all active states
  • Litigator flag database
  • TCPA cell classification
  • 14-day automated re-screen
  • Full audit log on request
DNC / TCPA compliance process7 steps
  1. 01

    Number acquisition

    Phone numbers are sourced from entity filings, registered agent records, and Tier 1 enrichment providers. Source and acquisition date are stamped on every number.

  2. 02

    TCPA cell classification

    Every number is classified as landline or mobile using carrier lookup. Mobile numbers are flagged for TCPA consent requirements before delivery.

  3. 03

    National DNC screen

    All numbers are screened against the FTC National DNC Registry. Registered numbers are suppressed from the call sheet and flagged in the record.

  4. 04

    State DNC screen

    Numbers are screened against state DNC lists for FL, TX, CA, NY, and all other states with active registries. State suppression is applied independently.

  5. 05

    Litigator flag screen

    Numbers are screened against known TCPA litigator databases. Flagged numbers are suppressed and logged with the litigator database source and match date.

  6. 06

    14-day re-screen

    All active numbers are re-screened on a 14-day cycle. New DNC registrations, litigator additions, and classification changes are applied automatically.

  7. 07

    Audit log

    Every screen event is logged with timestamp, registry version, result, and suppression action. Full audit logs are available to operators on request.

Retention policy

Data retained only as long as legally required.

Retention periods are set by data category, legal basis, and operational necessity. Automated deletion runs on schedule. Manual review is required only for billing records subject to statutory retention.

Data categoryRetentionLegal basisDeletion
Property records (non-personal)IndefiniteLegitimate interestOn account closure
Owner entity data24 monthsLegitimate interestAutomated at 24m
Contact data (phone, email)24 monthsLegitimate interestAutomated at 24m
DNC screen logs36 monthsLegal obligationAutomated at 36m
CRM outcome feedback36 monthsLegitimate interestAutomated at 36m
Access logs12 monthsSecurityAutomated at 12m
Billing records7 yearsLegal obligationManual review
Subprocessors

Every third party that touches APIP data, documented.

APIP maintains data processing agreements (DPAs) with all subprocessors that handle personal data. This list is updated when subprocessors are added or removed.

SubprocessorPurposeLocationDPA
Amazon Web ServicesInfrastructure, storage, computeUS-East-1SIGNED
FTC DNC RegistryNational DNC compliance screenUnited StatesN/A
Enrichment Provider T1Phone, email, contact enrichmentUnited StatesSIGNED
Enrichment Provider T2Extended contact enrichmentUnited StatesSIGNED
GoHighLevelCRM delivery integrationUnited StatesSIGNED
Stripe, Inc.Payment processingUnited StatesSIGNED
Last updated: May 2026 · Enrichment provider names withheld for competitive reasons; available under NDA on request.
Compliance contact

Questions, corrections, and data requests.

For data subject requests, compliance questions, DPA inquiries, or subprocessor updates, contact our compliance team directly. We respond within 2 business days.

support@nuro.is →
Data subject request
support@nuro.is
2 business days
DPA inquiry
support@nuro.is
2 business days
DNC/TCPA question
support@nuro.is
1 business day
Data correction
support@nuro.is
1 business day
Security incident
support@nuro.is
4 hours