Trust, Safety & Compliance Center
Effective Date: August 31, 2025
Last Updated: October 30th, 2025
Our Governance Commitment
At Black Harbor Capital Group (“BHCG”), we maintain rigorous internal controls and governance frameworks designed to uphold the highest standards of integrity, accountability, and data security across all operations.
Our compliance structure aligns with SOC 2, ISO 27001, GDPR, CCPA, and HUD/Section 8 Housing Program requirements, ensuring transparency and trust at every level of our investment and property management operations.
Governance Framework
Our internal controls are designed to ensure:
• Data integrity and confidentiality for all investor, partner, and tenant records;
• Transparency in our investment processes and communications;
• Regulatory alignment with fair housing, lending, and anti-discrimination standards;
• Independent oversight, including annual third-party security and compliance audits.
We adhere to leading industry frameworks such as:
• SOC 2 Type II – Trust Services Criteria for security, availability, and confidentiality;
• ISO 27001 – Information security management certification;
• NIST Cybersecurity Framework – Continuous risk assessment and mitigation;
• HUD & PHA Standards – Compliance in property selection, tenant placement, and voucher administration.
Core Security Commitments
We safeguard all investor, client, and tenant information through a layered security approach:
• Encryption of data at rest and in transit (AES-256 and TLS 1.3);
• 24/7 monitoring of infrastructure and data access logs;
• Quarterly vulnerability and penetration testing conducted by certified assessors;
• Annual third-party SOC 2 and GDPR alignment reviews;
• Vendor due diligence and data-sharing agreements with all technology partners;
• HUD and PHA compliance monitoring for tenant eligibility and program adherence.
All internal systems operate under the principle of least privilege, meaning only authorized personnel can access sensitive data for legitimate business purposes.
Fair Housing & Tenant Protection
BHCG maintains zero tolerance for discrimination in any form.
All leasing and master-lease activities comply with:
• Fair Housing Act (FHA);
• HUD Equal Opportunity Regulations (24 CFR Part 100);
• Section 504 of the Rehabilitation Act;
• Americans with Disabilities Act (ADA).
We actively monitor third-party property managers and affiliates to ensure fair, consistent, and compliant treatment of all tenants.
Data Privacy & Incident Response
If a data breach or compliance concern arises:
• Immediate triage begins within 24 hours;
• Containment and risk analysis are completed within 72 hours;
• Affected users and authorities are notified in accordance with GDPR/CCPA timelines;
• Post-incident audits and retraining ensure continuous improvement.
We maintain a Data Protection Impact Assessment (DPIA) framework to identify and mitigate potential risks proactively.
Reporting a Concern
We take compliance and ethics concerns seriously.
To report a potential issue — including a privacy incident, fraud, or fair housing concern — contact:
Compliance Office: compliance@blackharbor.us
Hotline (confidential): 206-339-8828
Reports may be made anonymously where permitted by law. All submissions are reviewed by our compliance committee within 72 hours.
Vendor & Partner Compliance
Every vendor and affiliate working with BHCG must:
• Sign a Data Processing and Confidentiality Agreement (DPCA);
• Undergo periodic security and compliance evaluations;
• Maintain SOC 2 or ISO 27001 certification or equivalent controls;
• Comply with HUD, FHA, and state housing authority standards when applicable.
Failure to comply results in immediate review and potential termination of partnership.
Annual Independent Reviews
BHCG engages independent third-party auditors annually to evaluate:
• Operational and IT control environments;
• Privacy and security posture;
• Tenant program compliance;
• Anti-money-laundering (AML) and OFAC screening protocols;
• Ethics and governance practices.
Findings and remediations are documented and reviewed by senior management and external advisors.
Ethical Standards & Whistleblower Protection
We encourage the reporting of any unethical behavior, discrimination, or compliance violations.
Employees and contractors are protected under whistleblower and non-retaliation policies to ensure safe disclosure of concerns.
Transparency & Continuous Improvement
Our leadership conducts quarterly compliance briefings and publishes anonymized audit summaries to maintain investor and partner trust.
We continuously refine our frameworks to exceed regulatory expectations and maintain an auditable, compliant, and transparent enterprise.
Contact the Trust & Safety Office
Black Harbor Capital Group
Email: compliance@blackharbor.us
Website: https://blackharbor.us
Last Updated: October 30th, 2025
Our Governance Commitment
At Black Harbor Capital Group (“BHCG”), we maintain rigorous internal controls and governance frameworks designed to uphold the highest standards of integrity, accountability, and data security across all operations.
Our compliance structure aligns with SOC 2, ISO 27001, GDPR, CCPA, and HUD/Section 8 Housing Program requirements, ensuring transparency and trust at every level of our investment and property management operations.
Governance Framework
Our internal controls are designed to ensure:
• Data integrity and confidentiality for all investor, partner, and tenant records;
• Transparency in our investment processes and communications;
• Regulatory alignment with fair housing, lending, and anti-discrimination standards;
• Independent oversight, including annual third-party security and compliance audits.
We adhere to leading industry frameworks such as:
• SOC 2 Type II – Trust Services Criteria for security, availability, and confidentiality;
• ISO 27001 – Information security management certification;
• NIST Cybersecurity Framework – Continuous risk assessment and mitigation;
• HUD & PHA Standards – Compliance in property selection, tenant placement, and voucher administration.
Core Security Commitments
We safeguard all investor, client, and tenant information through a layered security approach:
• Encryption of data at rest and in transit (AES-256 and TLS 1.3);
• 24/7 monitoring of infrastructure and data access logs;
• Quarterly vulnerability and penetration testing conducted by certified assessors;
• Annual third-party SOC 2 and GDPR alignment reviews;
• Vendor due diligence and data-sharing agreements with all technology partners;
• HUD and PHA compliance monitoring for tenant eligibility and program adherence.
All internal systems operate under the principle of least privilege, meaning only authorized personnel can access sensitive data for legitimate business purposes.
Fair Housing & Tenant Protection
BHCG maintains zero tolerance for discrimination in any form.
All leasing and master-lease activities comply with:
• Fair Housing Act (FHA);
• HUD Equal Opportunity Regulations (24 CFR Part 100);
• Section 504 of the Rehabilitation Act;
• Americans with Disabilities Act (ADA).
We actively monitor third-party property managers and affiliates to ensure fair, consistent, and compliant treatment of all tenants.
Data Privacy & Incident Response
If a data breach or compliance concern arises:
• Immediate triage begins within 24 hours;
• Containment and risk analysis are completed within 72 hours;
• Affected users and authorities are notified in accordance with GDPR/CCPA timelines;
• Post-incident audits and retraining ensure continuous improvement.
We maintain a Data Protection Impact Assessment (DPIA) framework to identify and mitigate potential risks proactively.
Reporting a Concern
We take compliance and ethics concerns seriously.
To report a potential issue — including a privacy incident, fraud, or fair housing concern — contact:
Compliance Office: compliance@blackharbor.us
Hotline (confidential): 206-339-8828
Reports may be made anonymously where permitted by law. All submissions are reviewed by our compliance committee within 72 hours.
Vendor & Partner Compliance
Every vendor and affiliate working with BHCG must:
• Sign a Data Processing and Confidentiality Agreement (DPCA);
• Undergo periodic security and compliance evaluations;
• Maintain SOC 2 or ISO 27001 certification or equivalent controls;
• Comply with HUD, FHA, and state housing authority standards when applicable.
Failure to comply results in immediate review and potential termination of partnership.
Annual Independent Reviews
BHCG engages independent third-party auditors annually to evaluate:
• Operational and IT control environments;
• Privacy and security posture;
• Tenant program compliance;
• Anti-money-laundering (AML) and OFAC screening protocols;
• Ethics and governance practices.
Findings and remediations are documented and reviewed by senior management and external advisors.
Ethical Standards & Whistleblower Protection
We encourage the reporting of any unethical behavior, discrimination, or compliance violations.
Employees and contractors are protected under whistleblower and non-retaliation policies to ensure safe disclosure of concerns.
Transparency & Continuous Improvement
Our leadership conducts quarterly compliance briefings and publishes anonymized audit summaries to maintain investor and partner trust.
We continuously refine our frameworks to exceed regulatory expectations and maintain an auditable, compliant, and transparent enterprise.
Contact the Trust & Safety Office
Black Harbor Capital Group
Email: compliance@blackharbor.us
Website: https://blackharbor.us