Privacy Policy

Last Updated: 1 April 2026

Data Controller

CompliOS is operated by Drawbridges Business Services Ltd, a company registered in England and Wales (Company No. 15260510). We are the data controller for the personal data processed through this website and the CompliOS platform.

Contact: contact@complios.co.uk

Information We Collect

We may collect and process the following categories of personal data:

  • Identity data: name, job title, professional qualifications
  • Contact data: email address, telephone number, business address
  • Technical data: IP address, browser type, device information, pages visited
  • Usage data: how you interact with the CompliOS platform and website
  • Compliance data: client due diligence records, risk assessments, screening results (processed on behalf of your firm)

How We Use Your Information

We use your personal data to:

  • Provide and maintain the CompliOS platform and services
  • Process your account registration and manage your subscription
  • Send service-related communications (compliance alerts, system notifications)
  • Improve our website and platform through aggregated analytics
  • Comply with legal and regulatory obligations
  • Respond to your enquiries and provide customer support

Lawful Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Contract: processing necessary to perform our contract with you (providing the CompliOS platform)
  • Legal obligation: processing necessary to comply with our legal obligations, including under the Money Laundering Regulations 2017
  • Legitimate interests: improving our services, ensuring platform security, and preventing fraud
  • Consent: where you have given explicit consent, such as for marketing communications or non-essential cookies

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods include:

  • Compliance data (CDD records, risk assessments): minimum 5 years after the end of the business relationship, per MLR 2017 Regulation 40
  • Account data: for the duration of your subscription plus 12 months
  • Technical and usage data: 26 months from collection
  • Marketing consent records: retained for as long as consent is active, plus 12 months after withdrawal

Third-Party Sharing

We share personal data with the following categories of sub-processors, all of whom are bound by data processing agreements:

  • Google Cloud: infrastructure and data hosting (europe-west2, London)
  • Stripe: payment processing
  • SendGrid: transactional email delivery
  • Dilisense: PEP, sanctions, and adverse media screening

We do not sell your personal data to third parties. We may disclose data to law enforcement or regulatory authorities where required by law.

International Transfers

All primary data storage is within the UK, on Google Cloud's europe-west2 (London) region. Where data is transferred outside the UK (for example, to sub-processors with infrastructure in other jurisdictions), we ensure appropriate safeguards are in place, including UK International Data Transfer Agreements or adequacy decisions.

Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your data (subject to legal retention requirements)
  • Right to restrict processing: request that we limit how we use your data
  • Right to data portability: receive your data in a machine-readable format
  • Right to object: object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at contact@complios.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Cookies

We use cookies and similar technologies on this website. For full details on the cookies we use, their purpose, and how to manage your preferences, please see our Cookie Policy.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page with a revised "Last Updated" date.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: