How Maya works under the hood.

Maya is not a licensed mortgage agent — and the system is built so that no amount of clever phrasing, prompt-injection, or user pressure can produce a reply that crosses into binding advice. Every reply passes through a structural compliance guard before it leaves the building.

The guard runs a pattern matcher over the draft (“your rate is”, “you’re approved for”, “you qualify”, “you should choose”) and either rewrites the reply to soften the framing or escalates to a human advisor when the situation requires it. Every rewrite is captured in the conversation log alongside the original — your advisor can audit exactly what the guard caught.

The rule is enforced as code, not as a paragraph in the system prompt. A jailbroken prompt can’t bypass it because the rewriter sits between Maya’s output and the user.

• Pattern matcher tuned to FSRA, FICOM, RECA, and MFAA advice language
• Rewrites preserved alongside originals for advisor + auditor review
• Escalation hooks: "book a human" actions wired into the response stream
• Continually expanded as new phrasings show up in the eval harness

Maya remembers your file across conversations — but memory isn’t a single blob. Every captured fact is typed: LONG_TERM, PREFERENCE, GOAL, LIFE_EVENT, RELATIONSHIP, EPISODIC, and SENSITIVE.

The type drives behavior. Sensitive memories (mental-health context, immigration status, marital trouble) are redacted in API responses, exports, and admin search — your advisor sees a placeholder, not the raw value. Preferences and goals surface freely. Life events trigger empathy framing in subsequent turns.

Each memory has a confidence score, a timestamp, and a provenance link back to the conversation turn that produced it. Stale or contradicted memories decay over time rather than accumulating noise.

• Seven memory layers — type drives visibility, redaction, and decay
• Confidence-scored and provenance-linked back to the originating turn
• Sensitive memories redacted across every read surface — not opt-in
• Per-tenant retention windows, fully exportable, fully deletable

Every night the Maya eval harness runs 100+ Canadian mortgage scenarios against the current model + prompt + tool config. Each scenario combines deterministic checks (did Maya extract the right intent? did the compliance guard fire when it should? did the right tool get called?) with LLM-judged quality (was the empathy framing appropriate? was the math correct? was the language matched?).

Regressions block deploys. A model upgrade or prompt change that drops the pass rate doesn’t ship. The scenarios are versioned in source control so we can replay any past failure and prove the fix.

The shared scenario library covers the majority of brokerage flows. Tenant-authored custom scenarios — for a specific lender program or policy nuance — are on the Enterprise roadmap; today, Enterprise customers can request additions through their account manager and we land them in the next release.

• 100+ scenarios covering renewals, first-time buyers, stress test edge cases, multilingual flows, life-event empathy, refinance math, B-lender qualification, and more
• Deterministic + LLM-judged dimensions per scenario
• Failing eval blocks deploy via GitHub Actions
• Account-manager-mediated additions for Enterprise (self-serve authoring on the roadmap)

Every voice call is recorded (with consent collected at the start of the call), stored encrypted, and tagged with a strict retentionUntil timestamp. A nightly sweeper hard-deletes anything past retention.

Every playback writes an audit row — who listened, when, from where (IP + user-agent). Every transcript share link writes the same audit row using a synthetic share:<prefix> identifier so client downloads live in the same trail as staff listens. Nothing happens to a recording that isn’t logged.

Auto-transcription is opt-in per tenant and runs against a Canadian transcription provider. Transcripts inherit the same retention and audit policy as the audio they came from.

• Per-tenant retention windows (default 90 days, configurable up to 24 months)
• Hard delete via nightly sweeper — not soft-delete
• Audit log surfaces every listen + every share-link access in one feed
• Auto-transcription with the same retention as the source audio

All Maya data — conversations, transcripts, memory, recordings, audit logs, eval results — lives in Canadian regions. Compute runs in Canadian regions. Backups stay in Canadian regions. There is no cross-border data flow for customer content.

Encryption is end-to-end: TLS 1.2+ in transit, AES-256 at rest. Keys are managed via a cloud KMS with workspace-scoped envelope encryption for the most sensitive memory categories.

No customer conversation is ever sent to a third-party model vendor for training. The models we use are accessed via inference-only endpoints with vendor data-retention disabled.

• Canadian regions only — compute, storage, backups
• TLS 1.2+ in transit · AES-256 at rest
• Workspace-scoped envelope encryption for sensitive memory
• Inference-only model access — vendor training disabled

PIPEDA gives you the right to access the personal information an organization holds about you. For voice calls, Maya turns that into a one-click feature: your brokerage admin can mint a revocable, time-limited share link that downloads your transcript as text or JSON without you needing a portal account.

Each link is high-entropy, scoped to one recording, and capped at 14 days by default (60 days hard maximum). Every access bumps a counter and writes to the audit log. Admins can revoke at any time.

Full conversation + memory exports are available from your account settings — no support ticket required. Deletion runs within 30 days with conversation audit anonymization.

• Per-recording revocable share links, txt + JSON formats
• 14-day default, 60-day maximum, instant admin revoke
• Every share access logged alongside staff playback
• Self-serve export + deletion from account settings

Maya is multi-tenant by design. Every conversation, memory, recording, eval result, outreach attempt, and lead intent is workspace-scoped — admins from brokerage A cannot see anything from brokerage B, including across the search and export surfaces.

Within a workspace, role gates control what each staff member can see. The default is least-privilege: an agent sees their assigned conversations and leads, a manager sees their team, a principal broker sees everything. Roles are configurable per workspace.

Single sign-on (Microsoft, Google) is available on Enterprise tier with SCIM provisioning. API keys are workspace-scoped, rotatable, and individually revocable. Every API call is rate-limited and audited.

• Workspace-scoped data — enforced at the database query layer
• Per-role access matrix configurable per workspace
• SSO (Microsoft / Google) + SCIM on Enterprise
• Rate-limited, audited, individually revocable API keys

If we discover a security or privacy incident affecting your data, we commit to: notifying your workspace admin within 72 hours, providing a preliminary scope assessment, and posting a public post-mortem (with no customer-identifying information) within 14 days of resolution.

We run a documented incident-response playbook (versioned in source control as INCIDENT_RESPONSE.md) covering severity classification, containment, forensics, customer communication, regulator notification under PIPEDA, and remediation. Security questions — including responsible disclosure of vulnerabilities — route to info@mortgagesquad.ca.

• 72-hour workspace-admin notification commitment
• Public post-mortem (anonymized) within 14 days of resolution
• Documented IR playbook · responsible-disclosure inbox
• Regulator-notification commitments under PIPEDA