Sanctioned Workflows Registry

Authoritative list · §4.4 governance

This is the authoritative registry of sanctioned agent workflows at Sunrise — automations that are approved to process Tier 4 data under AUP §4.4 controls. Every entry has a named accountable manager, an approved vendor stack, an audit log, and a next-review date.

Grandfathering note (per AUP §4.4.2): Workflows operating prior to the AUP effective date of 2026-05-16 are grandfathered for 60 days. The registry fully populates by 2026-07-15. During the grandfathering window, existing workflows retain operational status if they meet §4.4.1 controls in substance.

Active sanctioned workflows

Workflow	Accountable manager	Technical owner	Data class	Vendor stack	Status	Next review
Sunny AI (internal assistant) Internal-only AI assistant for Sunrise associates. Resident-facing deployment requires AUP §6.2 pre-launch requirements.	Carlos Terrazas Director of AI & Technology	Carlos Terrazas	Tier 4 internal pipeline · Humans do not paste Tier 4 named data into Sunny chat	Anthropic Claude Team/Enterprise (no-training) · Sunrise-internal infra	Approved	2026-08-01 (quarterly)
F1 — Monthly KPI Cycle Pulls RentManager financials, validates, generates property-level variance commentary, exports to Monthly KPI Google Sheet.	Mike Hart VP Finance	Carlos Terrazas	Tier 2 (internal portfolio financials, no resident PII in outputs)	Claude Teams · RentManager MCP · Google Workspace (Sheets)	Grandfathered · inventory 2026-07-15	2026-08-01 (quarterly)
F2 — Expense Audit Reviews Divvy + VentureX card transactions against receipts, flags missing receipts and outliers, produces audit memo.	Mike Hart VP Finance	Carlos Terrazas	Tier 2 (card transaction CSVs, vendor-level data; no resident or investor PII)	Claude Teams · Divvy/VentureX exports · Google Workspace	Grandfathered · inventory 2026-07-15	2026-08-01 (quarterly)
Scanned Mail Routing Categorizes Dropbox/Drive scanned mail, redacts PII, routes urgent items to Sam/Carlos via Google Tasks, files the rest, sends daily report.	Sam Simonian CEO (operator: Brenda Smith)	Carlos Terrazas	Tier 3 (resident/vendor mail content; redacted before AI processing)	Claude Teams · Dropbox/Drive · GLM-OCR local · Google Tasks/Drive	Grandfathered · inventory 2026-07-15	2026-08-01 (quarterly)
Investor Relations Intelligence Layer HubSpot Breeze-guarded enrichment + meeting prep for institutional investor pipeline. Breeze itself is pending vendor approval — current layer operates around it.	Ariana Klugiewicz VP Investor Experience	Carlos Terrazas	Tier 4 (named investor data; subject to §13 Reg D guardrails)	HubSpot (CRM) · Claude Teams · OSINT enrichment scripts	Grandfathered · inventory 2026-07-15 · Breeze pending §16 review	2026-08-01 (quarterly)
Delinquency Risk Model Monthly tenant risk-scoring run; flags at-risk residents for early intervention; informs collections strategy.	Mike Hart VP Finance	Carlos Terrazas	Tier 4 (resident-level financial/payment data; FDCPA + TCPA constraints apply downstream)	Claude Teams · RentManager MCP · Sunrise-internal model	Grandfathered · inventory 2026-07-15	2026-08-01 (quarterly)
IC Deal Tracker Extraction Service Extracts deal data from acquisition source PDFs / Excels into the IC Tracker JSON store powering the IC dashboard.	Sam Simonian CEO / Acquisitions	Carlos Terrazas	Tier 4 (acquisition target financials; pre-LOI confidential)	Mac Mini extraction service · Claude Teams · CF Tunnel	Grandfathered · inventory 2026-07-15	2026-08-01 (quarterly)

Workflows marked Grandfathered are operating under the §4.4.2 grandfathering window. Full registry inventory (audit-log spec, vendor T&C verification, two-signature signoff) must be completed by 2026-07-15. If you're running a workflow that should be on this list and isn't, contact Carlos directly.

New workflow approval path

New workflows launched after 2026-05-16 require full §4.4 approval before going live. The grandfather clause does not extend to new workflows.

To propose a new sanctioned workflow:

Draft the workflow specification (purpose, data inputs, data outputs, vendor stack, audit-log design).
Request §4.4 review in #ai-at-sunrise on Slack or directly to Carlos.
Two-signature approval: Carlos (technical/security) + the workflow's accountable manager (business need and operational fit).
Registry entry created · vendor stack verified against the approved vendor list · audit log instrumented.
Workflow goes live; quarterly review scheduled.

Revocation

A workflow's sanctioned status is automatically suspended (and the Tier 4 prohibition in §4.1–4.3 resumes) when:

A vendor in the stack experiences a security incident.
A vendor changes its data-training defaults or commercial terms materially.
The accountable manager leaves the role without a designated replacement.
The audit log shows access patterns inconsistent with the documented purpose.

Last updated: 2026-05-21 (6 grandfathered workflows inventoried) · Registry maintained by Carlos Terrazas · Next quarterly review: 2026-08-01 · Grandfather window closes 2026-07-15