Trust & Compliance Center
Institutional Data Integrity. Engineered for the Secondary Market.
At OfferGuide, property valuation is treated as a high-stakes data integrity problem. Founded and led by a professional Certified Information Systems Auditor (CISA), our platform is built on the principle that every financial offer must be auditable, standardized, and defensible. We provide the “Truth Layer” that bridges the gap between market momentum and bankability.
Section 1
Mortgage Industry Standards (MISMO & UAD)
OfferGuide is engineered for seamless integration into the modern mortgage technology stack.
MISMO 3.6 Mapping
Our data architecture is fully mapped to the MISMO 3.6.2 Reference Model. We provide standardized XML exports designed for direct ingestion into leading Loan Origination Systems (LOS) and secondary market delivery channels.
UAD 3.6 Readiness
In alignment with the November 2, 2026, Appraisal Modernization mandate, OfferGuide utilizes structured enumerations and data validation protocols that mirror the dynamic reporting requirements of Fannie Mae and Freddie Mac.
Auditable Data Provenance
Every generated valuation includes a unique OfferGuide Audit ID (UUID-V4), providing a permanent digital trail for Quality Control (QC) and post-closing audits.
Section 2
Information Security Framework (NIST & SOC 2)
Our security posture is modeled after federal financial standards to minimize third-party risk.
NIST CSF Alignment
Our internal control environment is mapped to the NIST Cybersecurity Framework (CSF) and NIST 800-53 controls.
SOC 2 Readiness
OfferGuide operates in a “SOC 2 Readiness” state, maintaining strict internal controls over the Security, Availability, and Confidentiality of all valuation data.
Fannie Mae Tech Supplement Compliance
We self-attest to the security domains required by the Fannie Mae Information Security and Business Resiliency Supplement, including:
36-Hour Incident Notification: Guaranteed reporting of any confirmed cybersecurity event within 36 hours of identification, exceeding standard regulatory windows.
Encryption Standards: All data is encrypted using AES-256 at rest and TLS 1.2+ in transit.
MFA-Only Admin Access: Zero-trust administrative access model requiring hardware-based Multi-Factor Authentication.
Section 3
Regulatory Compliance & Data Privacy
We uphold the legal requirements of the financial services sector.
GLBA (Gramm-Leach-Bliley Act)
OfferGuide maintains a formal Information Security Program in compliance with the FTC Safeguards Rule. We strictly protect all Non-Public Personal Information (NPI).
Anti-Bias & Fair Lending
Our “Four Pillars” methodology is purely quantitative, eliminating the subjective narratives that can lead to appraisal bias. We help lenders meet obligations under the Fair Housing Act and ECOA.
PCI-DSS Proxy
Financial transactions are handled exclusively by Stripe. OfferGuide never stores or processes raw cardholder data.
Section 4
Resilient Infrastructure
Tier-1 Stack
Built on Vercel (Compute), Supabase (PostgreSQL/Auth), and Stripe (Payments), inheriting the SOC 2 Type II and ISO 27001 certifications of these providers.
High Availability
Geodistributed architecture with daily encrypted backups to ensure business continuity.
Uptime SLA
Real-time monitoring with a 99.9% uptime target for all API and reporting services.
Questions about our compliance posture?
We welcome inquiries from compliance officers, information security teams, and vendor management departments.