Privacy Policy

PropComply - Last updated: 1 September 2025

This Privacy Policy explains how AI Risk Intelligence AS processes personal data in connection with the PropComply platform and website.

1. Who We Are

AI Risk Intelligence AS

Organization Number: 833854992

Registered address: Munkerudveien 59A, 1165 Oslo, Norway

Website: https://propcomply.com

Contact: admin@propcomply.com

2. Scope

This Policy applies to:

  • visitors of the PropComply website
  • professional users of PropComply
  • personal data processed through PropComply in AML and KYC workflows

3. Controller and Processor Roles

Depending on context, AI Risk Intelligence AS may act as either controller or processor:

  • Customer Data (KYC and AML data uploaded by platform users): the platform user is typically the controller, and AI Risk Intelligence AS acts as processor.
  • Account, billing, support, security, and website data: AI Risk Intelligence AS acts as controller.

4. Categories of Personal Data

We may process the following categories of data:

  • Identity data (full name, date of birth, nationality, ID details)
  • Contact data (email, phone, address)
  • Document data (passport, national ID, proof of address, supporting files)
  • Compliance data (screening results, risk indicators, adverse media signals)
  • Transaction-related compliance data (role in transaction, source of funds and wealth)
  • Technical and security data (logs, IP, device and browser data)

5. Purposes and Legal Bases

We process personal data for purposes such as:

  • providing and securing the platform
  • supporting AML and KYC workflows
  • account administration and customer support
  • legal and regulatory compliance
  • service improvement and reliability

Legal bases under GDPR may include:

  • performance of a contract
  • compliance with legal obligations
  • legitimate interests
  • consent, where required

6. Automated Features

PropComply may provide automated analysis, alerts, and risk indicators to support user workflows. These outputs are informational tools only and do not replace users' independent legal or regulatory responsibilities.

7. Third-Party Providers

We use service providers for infrastructure, communications, and compliance tooling. Where providers process personal data on our behalf, they are contractually bound to appropriate data protection obligations.

8. International Transfers

Where personal data is transferred outside the EEA, we implement appropriate safeguards under GDPR, such as adequacy decisions or Standard Contractual Clauses, as applicable.

9. Data Retention

Personal data is retained only as long as necessary for the purposes described in this Policy, including legal and compliance retention obligations. Platform users remain responsible for their own mandatory retention requirements where they act as controller.

10. Security Measures

We implement appropriate technical and organizational measures, including:

  • encryption in transit
  • authentication and role-based access controls
  • access logging and monitoring
  • secure infrastructure and operational safeguards

No system can guarantee absolute security.

11. Data Subject Rights

Subject to applicable law, individuals may have rights to:

  • access
  • rectification
  • erasure
  • restriction
  • portability
  • object

For KYC and AML data submitted by a platform user, requests should typically be directed to that platform user first, as they are usually the controller.

12. Changes to This Policy

We may update this Policy from time to time for legal, technical, or operational reasons. Material changes will be reflected by an updated "Last updated" date.