Grace Hill — AI-Governance Baseline (Readout)
Illustrative baseline from public signals · 2026-06-07 · CONFIDENTIAL. This is what a govrn baseline produces, scoped to Grace Hill's actual public AI footprint. Every claim is from a named public source or marked as a control-gap to confirm — never an unsubstantiated bias verdict. A paid baseline replaces public signals with their real evidence.
The matching three-lens mirror is live in the demo:
…/internal/dashboard/?tenant=gracehill.
Why Grace Hill, why now
Grace Hill sits at the single hottest intersection in AI regulation: it (1) embeds generative AI — Gracie — directly into fair-housing and compliance workflows, (2) operates across all 50 states' housing law, (3) is PE-owned (Aurora Capital) with a brand-new CEO (Matt Cotter, June 2026) installed to accelerate AI, and (4) currently shows no public AI-governance documentation. That's a clean, defensible reason to baseline now — for regulatory exposure and PE exit-readiness.
Overall posture (baseline): the gap is the AI lens
| Lens | Posture | Read |
|---|---|---|
| IT-Rationalization | ~48 | Products are clear; missing a consolidated AI-feature inventory + a shadow-AI sweep. |
| Cybersecurity | ~58 | Platform-strong (MFA, encryption); vendor/model-provider risk and a video-leasing advisory are open. |
| AI-Governance | ~10 | The risk. Fair-housing oversight, model disclosure, resident-data use, shadow GenAI — readiness declined. |
The hero finding — fair-housing (CRITICAL)
Gracie answers fair-housing and leasing-compliance questions from company policy content and, by its own product description, reasons "even when the answer is not explicitly stated" — with no public model disclosure, accuracy metric, or documented human-in-the-loop. A wrong AI answer on a fair-housing question, surfaced to a leasing agent, can translate directly into a discriminatory action by the customer.
- Why it's in scope: HUD's May 2024 guidance states the Fair Housing Act applies to AI used in screening and housing-related functions, and that liability reaches the technology provider — not only the operator. (HUD PR24-098)
- The honest framing: this is a control gap (no documented oversight/accuracy basis), not a finding that Gracie is biased. The remedy is documentation + human-in-the-loop + a disparate-impact review.
- Caveat we'll state plainly: HUD's disparate-impact posture is politically fluid in 2026 — we govern to the durable obligation, not the headline.
The rest of the AI-governance gaps
| Finding | Sev | Basis |
|---|---|---|
| No public model disclosure / accuracy metric / data-handling for Gracie | High | Gracie public page shows none |
| Resident survey data (35 yrs) used by Intelligence+ with no documented consent/secondary-use governance | High | Product uses survey data for prescriptive analytics |
| AI-influenced policy/training content lacks documented 50-state legal validation + versioning | High | Compliance content across all states |
| Shadow GenAI in use with no acceptable-use policy | High | Common at this stage; confirm in discovery |
| Undisclosed foundation model behind Gracie; data-flow to provider undocumented | Med | No public model disclosure |
Independent attestation: DECLINED
The AI-governance posture is not attested while these are open — issued by an independent signer (the firewall: whoever certifies isn't whoever remediates). This is the on-ramp to ISO/IEC 42001 readiness, not a passing grade.
What we are NOT claiming
- Not that Gracie is biased — that there's no documented control proving it isn't.
- Not that Grace Hill does tenant screening — public evidence says training/compliance/surveys, not a screening bureau. We'll confirm.
- Nothing about monitoring being "live" — the demo says MONITORING: NOT CONNECTED, because it isn't until we integrate. Honesty is the moat.
Recommended first step — a paid baseline
A fixed-fee AI Inventory & Risk Baseline (human-led): inventory every AI feature + data access, score the three lenses against their real evidence, deliver the fair-housing control review + a prioritized remediation path + the independent attestation. ~$15–30K, 3–4 weeks (final scope set after we confirm AI-system count on the working session). The living platform + monitoring is the follow-on retainer, not step one.
Sources: HUD FHA AI guidance (May 2024); Grace Hill public product pages (PerformanceHQ, Gracie, Intelligence+, KingsleySurveys); Aurora Capital portfolio; PRNewswire (Cotter CEO). Full source set in the engagement file.