Hoist AIAssets Sign in
HomeTrustOrg-only boundary

Org-only boundary.

What we will and won't search, and exactly where the line is drawn in code. This page exists so that procurement, compliance, and curious AI agents all read the same thing.

Last updated 2026-05-15

The short version

Hoist Assets searches organisations and serial-numbered property. It does not search individuals. This is enforced at the API boundary, not in marketing copy.

Why the line exists

Hoist Assets operates on an org-only scope: organisation-grantor and serial-number searches only, no PII. AFSA's B2G Account framework is the channel for direct PPSR access. Whether B2G Account Customers may run searches as a relay on behalf of identifiable end users (the customer-trigger model) is the question Hoist Assets has put to AFSA under PPSR General Conditions §1.8 written-approval pathway. Hoist Assets does NOT currently operate this model in production and does NOT claim any existing carve-out. To stay inside this scope, our API rejects requests whose target is an individual grantor before any AFSA call is made.

What the rejection looks like

POST /v1/ppsr/search
{ "grantor_name": "Jane Smith", "grantor_dob": "1980-01-01" }

→ 400 Bad Request
{
  "error": "individual_grantor_not_supported",
  "message": "Hoist Assets is org-only: individual-grantor searches are not supported. Use AFSA direct or a reseller with a different scope.",
  "documentation_url": "https://assets.hoistai.com/trust/npii-boundary"
}

You can reproduce this in sandbox. The grantor_name and grantor_dob fields are absent from the OpenAPI schema; pass them anyway and the validator rejects the request.

What you can still do

The boundary stops us searching by individual identity. It does not stop you cross-referencing data you already have. If you know a counterparty's vehicle VIN, the serial-number search returns what the PPSR says about that VIN — including the secured party. If you know their ABN, the organisation search returns registrations against that organisation. Combine those with other systems you operate and you can build a richer counterparty picture; we just don't initiate the personal-identity step.

If you need individual searches

Use AFSA direct (afsa.gov.au) or a reseller with a different scope (e.g., InfoTrack, Equifax PPSR Online). We're not the right tool. We chose this constraint deliberately so we could ship a product that did one thing well rather than negotiate a wider AFSA agreement.

Verification

Read the OpenAPI spec at /.well-known/openapi.json. Grep it for grantor; the only matches are secured_party and registered_grantor_organisation. No grantor_individual. No person_search. No licence_lookup.