Compliance is enforced. Not just documented.
Mownt enforces 506(b) and 506(c) gating server-side, tracks every Form D filing, and maintains an append-only audit log of every investor-facing action. SOC 2 Type II is in progress, expected Q3.
Server-side enforcement on every action.
Each of the four pillars below runs on the server and writes to the audit log. A misconfigured browser, a forwarded link, or a copy-paste of a private deal URL cannot bypass them.
Every prospective investor must clear a substantive-relationship gate before a private 506(b) deal page resolves. The clock is tracked per investor on the server. The page returns a sealed state until the gate clears — there is no client-side toggle that can bypass it.
506(c) deals require verified accreditation. Mownt supports the SEC 2024 bright-line ($200k+ investment) workflow alongside income/net-worth verification. The 35-investor non-accredited cap is tracked server-side per raise and enforced at admission time.
The 15-day Form D countdown starts when the first soft commit converts to a sale. The deadline is shown on the operator dashboard and on the deal page header until the filing is logged. Amendments and annual updates surface the same way.
Every admission, every gate clearance, every soft commit, every status change writes to an append-only audit log keyed to the investor and the deal. The log is exportable as CSV with a signed hash so a third party can verify nothing was rewritten.
In progress. Expected Q3.
Server-side compliance enforcement is our concrete differentiator today. SOC 2 Type II lets enterprise procurement check the box; the underlying control set — access management, change control, encryption at rest and in transit, vendor risk — is already operational and audit-ready.
We will publish the Type II report once issued. Until then, operators with procurement requirements can request the current control matrix and the Type I bridge letter when available.
Your data, your tenancy, your export.
Operators own their pipeline, their soft-commit history, their audit log, and the documents their investors upload. We treat data export as a first-class workflow — not a friction point on cancellation.
Operator and investor data live in a US-region Postgres database with row-level security. Every query that crosses the operator boundary is filtered by the authenticated user's operator_id on the server.
Deal access is granted explicitly per investor by the operator. Public deal pages return a 404-equivalent until the relationship gate clears. Investor portal sessions are scoped to the investor's own deals — no cross-tenant data leakage.
PDFs and KYC uploads sit behind Supabase storage with operator-scoped policies. Investor uploads (drivers license, accreditation letter) are isolated per investor and per operator. No public URL paths.
Operators can export investor pipeline, soft-commit history, document inventory, and the full audit log as CSV or PDF at any time. Cancellation does not lock data — the export remains available through the closure window.
No security claim hidden behind a higher tier.
The six items below are the same on every plan, from Launch Mode through Pro. Compliance enforcement is not an add-on; it is the product.
Built by an active CRE GP — not a tech outsider.
Urban Sun Capital — our founder’s own firm — is the alpha customer. Every release ships on a real raise first. Every roadmap item starts as a real GP problem. The compliance scaffolding on this page is the same scaffolding that runs Urban Sun Capital’s investor pipeline today.
Active multifamily and value-add CRE sponsor. Runs every raise on Mownt — compliance, pipeline, documents, soft commits, audit log.
Apply for early access — we’ll send the full controls breakdown.
Tell us a bit about your raise and your procurement requirements. We’ll send the tier that fits and the current control matrix together.