Bulwark
Sign inRequest access

Privacy Policy

Last updated:

What this page covers

This policy describes how Bulwark Compliance (“Bulwark”, “we”) handles customer data across the four modules of our platform: Bulwark (reference + change intelligence), Recon (research agent), Gauntlet (payment screening), and AEGIS (regulatory reporting).

Information we collect

  • Account information — your work email, organisation, and role, supplied at sign-up.
  • Authentication metadata — session tokens, IP address, user agent. Used to secure your account.
  • Module-specific content — pins, notes, saved views, notification rules. Stored in your account; visible only to people you’ve invited.
  • Audit metadata — a timestamped log of actions taken in your account, retained to support compliance examinations.

What we do not retain

Recon (the sanctions research agent) operates stateless by default: customer queries and the briefs Recon produces are not persisted on our infrastructure unless an account explicitly opts in. The underlying language model provider (Anthropic) is contracted under Zero Data Retention (ZDR), so traffic is not retained or used for training.

Sub-processors

We use a small set of sub-processors to operate the service. The current list is maintained in our sub-processor register and updated before any new sub-processor handles customer data. See Contact to request the current register.

Your rights

Depending on your jurisdiction, you may request access to, correction of, or deletion of your personal data. Direct requests to privacy@bulwarkcompliance.ai.

Contact

Questions about this policy: privacy@bulwarkcompliance.ai. General contact: /contact.