​

Our Commitment

 

Bridge Comply is committed to the responsible, transparent, and accountable use of artificial intelligence across our operations, platform development, and internal workflows.

​

We recognise that trust, governance, human oversight, and operational accountability are foundational requirements for the safe adoption of AI technologies.

 

Our approach is aligned with internationally recognised AI governance principles, including ISO/IEC 42001 AI management system principles and the transparency, accountability, and human oversight objectives of the EU AI Act.  

​

Our Approach to Responsible AI

We believe AI should support human decision-making, not replace accountability.

​

Bridge Comply applies a risk-based and governance-led approach to the use of AI technologies, including:

​

• human oversight of AI-assisted activities

• operational accountability for AI-supported outputs

• transparency regarding AI usage

• ongoing governance and monitoring

• secure and responsible deployment practices

• supplier and subprocessor oversight

• privacy and data protection considerations

• continuous improvement of AI governance controls

• ​

We are committed to ensuring AI technologies are used in ways that are lawful, proportionate, secure, and aligned with enterprise trust principles.

​

Transparency & Disclosure

Where AI systems are used within our operations or services, we aim to provide appropriate transparency regarding:

​

• the role of AI in workflows and operations

• AI-assisted content or outputs where relevant

• third-party AI providers supporting our services

• governance and oversight measures applied to AI usage

​

Bridge Comply maintains responsibility and accountability for decisions, operational processes, and outputs supported by AI technologies.

​

Human Oversight & Accountability

Bridge Comply maintains meaningful human oversight over AI-supported operational activities.

​

AI-generated outputs are subject to appropriate review and validation before being relied upon for business-critical, governance, compliance, or operational purposes.

 

We do not permit autonomous AI systems to operate without appropriate oversight, governance controls, and accountability mechanisms.

 

Risk Management & Governance
 

Bridge Comply applies a risk-based approach to AI governance, operational trust, and information security.

We continuously assess and manage risks associated with:
 

• AI-assisted operational activities

• data protection and privacy

• supplier and subprocessor dependencies

• cybersecurity threats

• operational resilience

• regulatory compliance obligations

• third-party service providers

• enterprise AI governance controls
   

Where appropriate, risk assessments, governance reviews, security reviews, and operational controls are implemented to support secure and compliant AI operations.

 

Where appropriate, risk assessments, governance reviews, security reviews, operational controls, and AI Data Protection Impact Assessments (AI DPIAs) are implemented to support secure, transparent, and compliant AI operations.
 

AI DPIAs may be conducted to assess:

• privacy and data protection risks

• impacts to individuals and data subjects

• proportionality and necessity of AI processing

• operational and governance safeguards

• human oversight requirements

• security and compliance considerations

• potential ethical and regulatory implications of AI usage
   

We believe AI governance and privacy risk management should be embedded into operational processes from the outset rather than addressed retrospectively.

​

AI Governance Principles

Our approach to AI governance is guided by the following principles:

• accountability

• transparency

• security by design

• privacy and data protection

• operational resilience

• fairness and responsible use

• continuous monitoring and improvement

• human-centred oversight
  
   

We believe trust in AI must be operationalised continuously rather than treated as a point-in-time compliance exercise.

 

Data Protection & Privacy

Bridge Comply is committed to protecting personal data and privacy rights through secure operational practices and governance controls.
 

We apply data protection principles including:

• data minimisation

• least privilege access

• privacy-by-design

• operational accountability

• secure handling of personal information
   

Where applicable, we recognise the heightened sensitivity of:
 

• personally identifiable information (PII)

• confidential business information

• special category data
   

Bridge Comply does not intentionally transfer customer or operational data outside of the United Kingdom unless appropriate legal, regulatory, and security safeguards are in place.

​

AI Providers & Technologies

Bridge Comply currently uses the following AI-related providers and technologies in support of operational and business activities:
 

*Anthropic (Claude): 

AI-assisted operational, research, drafting, and workflow support
 

*Wix AI Tools: AI-assisted website development and content support
 

Subprocessors & Third-Party Providers

Bridge Comply maintains oversight of third-party providers and subprocessors supporting our operational environment.
 

Current subprocessors include:

*Amazon Web Services (AWS): Cloud hosting and infrastructure services

*Anthropic (Claude): AI processing and language model services

*Wix: Website hosting, CMS, and AI-assisted tooling
 

Subprocessors are reviewed periodically as part of our operational governance and supplier oversight processes.


 

Third-Party Processors & Supplier Oversight
 

Bridge Comply maintains governance and oversight processes for third-party providers, suppliers, and subprocessors that support our operations and services.

We aim to ensure third-party providers meet the same operational, security, privacy, and compliance expectations that we are accountable for to our customers.
 

Depending on the nature of the services provided, our supplier governance processes may include (and not limited to):

• non-disclosure agreements (NDAs)

• data processing agreements (DPAs)

• master service agreements (MSAs)

• supplier due diligence reviews

• security and information security assessments

• operational risk assessments

• compliance and governance reviews

• ongoing supplier oversight

• review of applicable regulatory obligations

• assessment of anti-modern slavery compliance obligations where relevant
   

We believe operational trust extends across the full supplier and subprocessor ecosystem.
 

Security & Data Protection

Bridge Comply is committed to implementing appropriate technical and organisational measures to protect data, systems, and operational integrity.

Our approach incorporates:

• role-based access controls

• least privilege principles

• governance oversight

• supplier due diligence

• operational monitoring

• privacy-by-design considerations

• secure operational practices
   

Continuous Improvement

AI technologies, standards, and regulatory expectations continue to evolve rapidly.
 

Bridge Comply is committed to continuously strengthening its governance, operational controls, transparency practices, and AI management processes as our platform and services mature.
 

Contact

For questions regarding this AI Transparency Policy, AI governance practices, or operational trust controls, please contact:

​

DPO@bridgecomply.io