Privacy Policy - Compliance AI Shield Limited

Effective Date: 19 April 2026

Entity: Compliance AI Shield Limited (Registered in England and Wales)

1. Introduction

This Privacy Policy outlines the institutional framework governing the collection, processing, and protection of personal and corporate data by Compliance AI Shield Limited ("$CAIS", "we", "our", or "us"). As a provider of decentralised AI regulatory engines designed for UK and EU Small and Medium Enterprises (SMEs) within highly regulated sectors (e.g., Law Firms, Independent Financial Advisers, Estate Agencies), we are committed to uncompromising data security, regulatory alignment, and algorithmic transparency.

This policy is designed to strictly adhere to the UK Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the data governance requirements outlined in the EU Artificial Intelligence Act (EU AI Act).

2. Data Collection and Categorisation

We operate on a principle of data minimisation, collecting only the high-intent professional data strictly necessary for our Institutional Waitlist capture and eventual platform provisioning.

  • Identity Data: First Name, Last Name, Professional Email Address. Primary Purpose: Waitlist communication, identity verification, and primary contact establishment.

  • Corporate Data: Company Name, Industry Sector, Regulatory Jurisdictions (e.g., FCA, SRA). Primary Purpose: Suitability assessment and jurisdiction-specific regulatory mapping.

  • Technical Data: Compliance Tier requirements for "The 7-Gate Arsenal". Primary Purpose: Infrastructure provisioning and pre-configuration of logic gates.

3. Legal Basis for Processing

In accordance with Article 6 of the UK/EU GDPR, we process your data under the following lawful bases:

  • Contractual Necessity (Art. 6(1)(b)): To fulfil your request to join the Institutional Waitlist and to initiate onboarding procedures.

  • Legitimate Interests (Art. 6(1)(f)): For the prevention of fraud, ensuring network and information security, and the ongoing development of the $CAIS decentralised architecture.

  • Legal Obligation (Art. 6(1)(c)): To comply with applicable laws, regulatory investigations, and auditing requirements.

4. Data Infrastructure, Routing, and The Ledger

4.1. Data Routing via Webhooks

Data inputted via our Framer interface is routed securely through a Zapier webhook directly into an access-controlled Google Workspace Spreadsheet. All data in transit is secured using AES-256 encryption.

4.2. The Immutable Audit Trail (The Ledger)

A core component of the $CAIS ecosystem is the blockchain-based immutable audit trail.

  • Zero PII on-chain: No Personally Identifiable Information (PII) is ever stored directly on the $CAIS blockchain.

  • Cryptographic Hashing: We utilise SHA-256 cryptographic hashing to verify compliance events without compromising underlying personal data.

5. The 7-Gate Arsenal: AI and Data Processing

As a decentralised AI wrapper, $CAIS processes data through seven deterministic sub-20ms logic gates. We do not utilise "black box" generative models for compliance enforcement. In compliance with the UK Data Protection Act, the $CAIS engine acts as a Decision Support System. Final accountability remains with the SME's nominated Compliance Officer.

6. Data Retention Policies

  • Waitlist Data: Purged automatically every 90 days unless an agreement is pursued.

  • Audit Logs: Cryptographic hashes on the decentralised ledger are immutable and retained indefinitely as proof of compliance.

7. Data Subject Rights

Under UK and EU GDPR, you have the right to access, rectification, erasure, restriction, and data portability. To exercise these, contact our DPO at compliance@complianceaishield.co.uk.