compli.ai Back to site

Nexus Compliance · compli.ai

Trust & AI Governance

How we handle your data, where AI is used in compli.ai — and where it never decides — and how the product and the practice align with the SFC’s expectations and Hong Kong data-protection law.

This page is a work-in-progress stub — every section below is draft placeholder text, not a statement of current policy.

Data handling & storage

Draft · placeholder

[DRAFT — to be written] Where firm data lives, how it is scoped per firm at the schema level, retention periods, backups, and what happens to your data when an engagement ends.

Where AI is used — and where it never decides

Draft · placeholder

[DRAFT — to be written] The design principle: regulated judgements (risk ratings, CDD levels, approval triggers, scores) are deterministic, auditable rules. AI drafts and summarises on top; a named practitioner signs off. A map of every AI touchpoint in the product.

Alignment with the SFC's expectations on GenAI use

Draft · placeholder

[DRAFT — to be written] How compli.ai's design maps to the SFC's published expectations for the use of generative AI by licensed corporations — model risk management, human-in-the-loop review, data protection, and record-keeping.

PDPO & confidentiality

Draft · placeholder

[DRAFT — to be written] Compliance with the Personal Data (Privacy) Ordinance: purpose limitation, data-subject rights, cross-border transfer positions, and the confidentiality terms every engagement carries.

Insurance & engagement terms

Draft · placeholder

[DRAFT — to be written] Professional indemnity cover, standard engagement terms, and the scope-of-service boundary: compliance support and advisory — regulatory responsibility, including Manager-In-Charge accountability, remains with the licensed firm at all times.