How we handle your data.

For your compliance team, your CTO, or anyone at the firm who needs to understand how OpenShut protects data, gets the numbers right, and meets regulatory requirements.

Security

How your data is protected at every step.

AES-256 encryption at rest

Every file is encrypted before it hits disk. Decryption keys are managed separately from the files themselves.

HTTPS/TLS in transit

Every API call, file upload, and document download goes over HTTPS/TLS.

Links that expire

Download links stop working after 1 hour. Upload links expire in 10 minutes. There are no permanent URLs to your documents.

Org-level data isolation

Every database query is scoped to your organization. One firm cannot see another firm's deals, documents, or financials.

Append-only audit trail

Every action is logged with user identity, IP address, and timestamp. Logs are append-only and cannot be edited after the fact.

We don't train on your data

Documents are processed for your organization only. Your files, deal data, and uploads are never used for model training.

How accuracy works

Every number is verified. Every clause is checked. Nothing is left to chance.

01

Every number is calculated, not generated

Financial figures in your documents are never AI-generated. Loan amounts, rates, fees, allocations, and tax withholding are computed directly from your inputs and uploads. AI handles legal language. Math is handled separately.

02

Legal language is checked against real statutes

Every clause is validated against the specific federal and state regulations for your deal type, program, and jurisdiction. Nothing ships without passing.

03

Uploaded financials are verified automatically

When you upload financials, every figure is independently verified before it enters your documents. Discrepancies are flagged for your review. You always have your original documents to check against.

Hallucination-free, guaranteed

Financial figures are calculated, not generated. Uploaded numbers are verified and flagged if anything is off. AI handles legal language. Math is handled separately. You always have your original uploads to verify against.

Regulatory coverage

Every document is checked against the statutes and regulations that apply to that specific deal type and jurisdiction.

Federal Lending

13
TILA / Regulation Z (12 CFR 1026)RESPA / Regulation X (12 CFR 1024)ECOA / Regulation B (12 CFR 1002)Dodd-Frank ATR/QM Rule (12 CFR 1026.43)TRID Integrated DisclosuresHMDA / Regulation C (12 CFR 1003)HPML (12 CFR 1026.35)FIRREA Appraisal RequirementsCRA (Community Reinvestment Act)Flood Disaster Protection Act (42 USC 4012a)UCC Article 9State Usury Laws (50 states + DC)State Commercial Financing Disclosure Laws

SBA Programs

10
13 CFR 120 (SBA Loan Programs)SBA SOP 50 10 813 CFR 121 (Size Standards)SBA Guaranty Fee TiersCDC/504 Debenture RequirementsSBA Use of Proceeds RulesSBA Affiliation RulesSBA Credit Elsewhere TestSBA 504 Eligibility RequirementsSBA Job Creation Requirements

Securities & Fund Formation

15
Reg D 506(b) / 506(c) (17 CFR 230.506)Securities Act of 1933Investment Company Act 3(c)(1) / 3(c)(7)Form ADV Part 2A (17 CFR 275.203-1)NSMIA / Blue Sky Filings17 CFR 230.501(a) (Accredited Investor)ILPA Reporting Template v2.0Rule 10b-5 Anti-Fraud (17 CFR 240.10b-5)Section 17(a) Securities Fraud (15 USC 77q)Form D / Rule 503 (17 CFR 239.500)ERISA (29 CFR 2510.3-101)Volcker Rule (12 CFR 248)SEC Marketing Rule 206(4)-1Form PF (17 CFR 279.9)ASC 820 / IPEV Valuation Guidelines

M&A

12
DGCL Section 251 / 262 / 271HSR Act (15 USC 18a)IRC 338(h)(10) / 368 (Tax Elections)CFIUS Filing Requirements (31 CFR Part 800)IRC 280G (Golden Parachutes)IRC 382 (Net Operating Losses)WARN Act (29 USC 2101)State Mini-WARN Acts (CA, NY, NJ, IL)CCPA/CPRA (Data Privacy)EU AI Act ComplianceSupply Chain Transparency LawsD&O Tail Coverage Requirements

Tax

13
IRC 704(b) (Partnership Allocations)IRC 754 (Basis Adjustments)IRC 1031 (Like-Kind Exchange)IRC 1400Z-2 (Opportunity Zones)IRC 469 (Passive Activity Rules)IRC 1446 / 1445 / 3406 (Withholding)IRC 199A (QBI Deduction)IRC 1061 (Carried Interest)IRC 511-514 (UBTI)IRC 1250 (Depreciation Recapture)IRC 6698 (Late Filing Penalties)FIRPTA (IRC 897/1445)OBBBA Bonus Depreciation (2025)

AML & Sanctions

10
BSA (31 USC 5311-5332)FinCEN CDD Rule (31 CFR 1010.230)OFAC Consolidated Sanctions ListUSA PATRIOT ActGENIUS Act (P.L. 119-27)FinCEN Guidance FIN-2019-G001FinCEN BOI Rule (31 CFR 1010.380)FATF Recommendation 10Source of Funds RequirementsState Money Transmitter Laws

Enterprise integrations

OpenShut plugs into the tools you already use. Your CRM, fund admin, and DMS stay where they are.

CRM

New deals in Salesforce or DealCloud can trigger document generation automatically. Contact and entity data flows in without re-entry.

SalesforceDealCloudHubSpotDynamics 365

Fund Administration

Sync investor records, capital account balances, and distribution schedules. Quarterly reports and capital call notices pull live data.

Juniper SquareAllvueeFrontInvestran

Document Management

Generated documents are filed directly into your DMS with the correct folder structure and metadata.

NetDocumentsiManageSharePointGoogle Drive

Automation

Trigger document generation from any event in your stack, or push completed documents into downstream systems for review and signature.

ZapierMakeWorkato

Data handling

Where your data lives

Files are stored with AES-256 encryption. The database is encrypted at rest. All infrastructure runs in US-based data centers.

Your data stays yours

We do not train on your data. Your documents, deal terms, and uploaded financials are never used to improve models or shared with third parties. Everything is processed for your organization only.

Who can access your data

Only authenticated members of your org. Support staff cannot view your documents unless you explicitly grant temporary access.

What happens when you delete

Delete means delete. Files are removed from storage and database records are hard-deleted. Audit logs are retained for compliance, but they contain no document content.

See it yourself.

Pick any module and see the full document output on a sample deal.

See Pricing