Skip to main content
HawkHOA

FishHawk Ranch Document Assistant

Trust posture

What we ship, what we disclose.

Conservative claims, citation-grounded. Where a control is in a validation window or a mitigation is shipping in the coming weeks, we say so.

Grounded

Every answer is a cited quote or an explicit refusal

  1. Substantive answers include inline citations to the specific page, paragraph, and quoted text from your declaration, bylaws, or Florida Statutes Chapters 720, 617, and 712.
  2. The system rejects any draft that tries to assert a legal fact without a quoted source.
  3. Email draft path (not live chat): every outbound reply passes through an operator approve / edit / reject queue before sending.

Every response requires at least one quoted source or an explicit refusal before it can be surfaced. Refusals carry no citations by design.

Legal-advice guardrails

Layered automated defense, with each layer's status disclosed

  1. Multiple automated checks block legal-advice framing, imperative directives telling a reader what to do, and assertions of compliance or violation.
  2. A disclaimer-presence check rewrites or rejects substantive answers that lack the required disclaimer.
  3. A semantic classifier runs in shadow mode and flags advice-like paraphrases the pattern-matching layers miss; it flips to enforcing after the validation window closes.
  4. Draft-path-only: a narrower fines-specific check applies to fines replies, including dollar-amount grounding against retrieved passages. Does not gate general chat answers.

Every answer is audit-logged with the outcome of each automated check. Historical audit rows can reconstruct which check fired on any specific answer. Deeper audit fields (disclaimer text version + statute version) are being added to all rows on a rolling basis.

Tested

We actively test against adversarial prompts before every release

  1. We run adversarial prompts designed to elicit legal-advice responses.
  2. We run prompts that try to bypass our instructions.
  3. We run prompts about documents that do not exist.
  4. We audit weekly whether we missed relevant statute sections.
  5. We verify every cited statute quote matches the source text.
  6. Before each release, we run a cross-tenant isolation test that fails the build if any tenant's data appears in another tenant's response.

Our release-time testing is in a validation window today; results are recorded but do not yet block a release. The gate flips to blocking after the validation window closes. All test outcomes are logged for audit.

Fast

Designed for cache-hit answers under a half-second

  1. A canonical answer cache is seeded with the most-asked questions per community so repeat questions skip the full retrieval and model call. Targeting cache-hit p50 under 200ms.
  2. Cold-path retrieval, for uncommon or community-specific questions, runs the full pipeline and targets 1 to 3 seconds.
  3. Compare to: a 15-minute attorney callback, or days of back-and-forth with the board.

Latency targets are internal engineering design goals. This section describes the shape we aim for, not observed p50/p95. A measurement harness is on the followup queue; this page will update when shipped measurements land.

Declaration-vintage-aware

Frozen-statute communities get a frozen-statute answer

  1. HOAStream scans every community's recorded governing documents and classifies them as current, as-of-recorded-date, or unknown before activating any feature that depends on statute timing.
  2. Unknown classifications require operator review before that feature goes live.
  3. Communities with older governing documents surface an as-of date alongside answers so the reader can see which version of Florida law is being quoted. Silence about currency is the legal risk we refuse to take.

We treat declaration vintage as a first-class gate, not an implicit assumption. Adversarial tests exercise cases where the classification is non-obvious: negated incorporation, documents that reference state law in non-operative sections, OCR-corrupted text, and documents near the cutoff date.

Auditable

Every answer is logged with a defense-of-record shape

  1. Every chat request is stored with the question, the retrieved passages, the answer, the citations, and the disclaimer text that was shown.
  2. Every answer records which version of Florida law was in retrieval scope, so historical answers can be audited against the statute that was in effect at the time.
  3. User role is captured on every request (resident, CAM, board, attorney, operator). We record what we observe; we do not trust a user's stated role.
  4. Every automated check's outcome is recorded per request.
  5. The event log is append-only. Integrity protection that detects tampering is staged and turns on in the coming weeks; the audit shape is in place today, the cryptographic verification layer activates on a forthcoming release.
  6. Cost per answer is audit-logged. No surprise bills.

Our audit logging is shipped at the storage layer. Some per-row fields are populated on new activity and backfilled on historical rows on a rolling basis.

Built for one community at a time

Tenant isolation is enforced on every query

  1. Tenant isolation is enforced on every request. Automated tests verify that no community's data can appear in another community's response.
  2. A release-time test seeds each tenant with unique tokens and fails the build on any cross-tenant leak.
  3. Database-level access controls block any path that does not go through the authenticated backend, and a nightly audit verifies the controls remain in place.
  4. Each community's question-answers live in that community's records and are keyed by community identifier.

Our tenant-isolation discipline is layered: application-level enforcement, database-level access controls, and a nightly drift audit. A further layer (row-level security policies) is in active development and ships in the coming weeks.

Questions about how any specific layer works?

support@hoastream.com

Try the demo

This page describes engineering posture and is not legal advice. HOAStream is software; it is not a law firm, does not create an attorney-client relationship, and does not substitute for a licensed Florida attorney. CAMs and boards evaluating HOAStream should verify community-specific obligations with counsel before relying on any answer for a compliance decision.

Trust posture | HOAStream