Information Governance Intelligence Platform
ComplyBar operates on a strict metadata-only model. No email content, message text, or file content is ever stored. This document explains exactly what is and is not collected.
β¬ Download PDF Summary View One-Page SummaryComplyBar records governance event metadata only - structured signals about when and where an information governance risk was detected, not the content that triggered it. The table below describes the categories of information recorded.
| Data Category | Description | Example |
|---|---|---|
| Timestamp | Date and time the event was detected (UTC) | 1 June 2025, 09:14 UTC |
| Channel / Platform | The communication or collaboration tool where detection occurred | Email, AI Tool, Document Platform, Chat |
| Event Type | The type of governance interaction recorded | Warning shown, Dismissed, Proceed, Approval requested |
| Risk Categories | The information governance categories that matched - not the triggering text itself | Personal Data, Financial Information, Legal Privilege |
| Severity Level | Computed risk level assigned to the event | Low, Medium, High |
| User Identifier | Optional work account identifier configured by the organisation - typically a work email address | Work email or employee reference |
| Organisation Identifier | Your organisation's tenant reference, assigned at setup | Organisation code |
| Assessment Context | Whether the event occurred during a baseline assessment or an active intervention deployment | Baseline, Active |
| Intervention Status | Whether a governance prompt was displayed to the user | Shown, Not shown |
| File Name | File name only for repository and file scanning events - no file content is recorded | Q4-report.xlsx |
Your organisation remains the owner and controller of its information.
ComplyBar is designed to provide visibility into governance, compliance and information handling risks while minimising the collection and retention of content data. The platform is intended to support organisations in maintaining control of their own information assets.
ComplyBar is designed to help organisations gain visibility into information governance risks without unnecessarily collecting, storing or exposing sensitive content.
The following data is explicitly excluded from all ComplyBar logging, storage, and transmission:
ComplyBar's Chrome extension scans text entirely inside the user's browser using locally cached compliance rules. No message content ever leaves the browser tab.
The document scanning and repository assessment capabilities process documents server-side. The following privacy model applies:
| File type | Extraction method | Content stored? |
|---|---|---|
| PDF (native text) | Server-side text extraction - processed in memory | No |
| PDF (scanned / image-based) | Server-side OCR processing - text extracted in memory | No |
| DOCX / XLSX / CSV / TXT | Server-side text extraction - processed in memory | No |
| PNG / JPG images | Server-side OCR processing - text extracted in memory | No |
Repository Assessments evaluate an entire document library (uploaded as a ZIP or via a connected cloud drive) and produce a governance score and remediation plan.
Policy Intelligence analyses uploaded policy documents and suggests improvements based on compliance patterns.
Repository connectors allow ComplyBar to periodically scan a cloud drive folder and run automated assessments. The following security controls apply:
| Control | Detail |
|---|---|
| Token storage | Stored in secure server-side storage - access restricted to authenticated platform administrators only |
| Token scope (Google Drive) | Read-only drive access - no write, delete, or share permissions requested |
| Token scope (Microsoft 365) | Read-only file and site access - no write, delete, or share permissions requested |
| Token transmission | HTTPS / TLS only - tokens are never logged or exposed in any UI response |
| Token refresh | Handled automatically; expired tokens prompt re-authorisation via the dashboard |
| File download scope | Limited strictly to the specific folder configured in the connector - not the full drive or tenant |
| Data Category | Where Stored | Retention |
|---|---|---|
| Audit events (metadata only) | Secure server-side storage | Customer-controlled - until manually purged by admin |
| Tenant and user records | Secure server-side storage | Until account deleted |
| Authentication credentials | Secure server-side storage (hashed - never plaintext) | Until account deleted |
| Compliance rules | Secure server-side storage | Until rule deleted by admin |
| Repository assessment records | Secure server-side storage | Until assessment deleted by admin |
| Policy intelligence records | Secure server-side storage (suggestions only - not source document) | Until policy deleted by admin |
| OAuth connector credentials | Secure server-side storage | Until connector deleted or access revoked |
| Session data | In-memory - not persisted to disk | Expires on browser close or session timeout |
| Uploaded files / ZIP archives | Temporary processing - never written to disk | Discarded immediately after scan completes |
| Role | Access scope |
|---|---|
| Platform Administrator | Full platform access - all tenants, all data, platform administration |
| Tenant Administrator | Dashboard scoped strictly to their own organisation - cannot access any other tenant's data |
| Sales / Demo | Restricted to designated demo environments only |
| Extension User | Browser extension access only - no dashboard access; audit submission and rule retrieval only |
All data queries are enforced server-side with a tenant-scoping filter applied to every read operation. A Tenant Administrator cannot retrieve data for any other organisation - even via a crafted or direct request.
| Framework | Relevance to ComplyBar |
|---|---|
| GDPR / UK GDPR | Metadata-only model minimises personal data processing. userId (typically a work email) is the only personal data field in audit records. Data controller is the deploying organisation. No sub-processor transfers of content data occur. |
| ISO 27001 | ComplyBar provides an audit trail of all compliance-relevant user actions - directly supporting Annex A controls A.8.15 (logging) and A.8.16 (monitoring). |
| SOC 2 Type II | Systematic, tamper-evident audit log supports the Availability and Security criteria. Assessment mode enables controlled measurement of control effectiveness. |
| Cyber Essentials (UK) | Extension uses browser-native APIs only - no elevated OS permissions. Network traffic is HTTPS-only. |
| HIPAA | No Protected Health Information (PHI) is stored - only category labels. However, deploying organisations in healthcare should obtain a BAA from their hosting provider. |
| PCI DSS | No cardholder data stored. Audit logs of financial-category detections support requirement 10 (audit trail). ComplyBar is not a payment processor. |
| POPIA (South Africa) | The deploying organisation is the Responsible Party; ComplyBar acts as Operator. Metadata-only model limits personal data to the optional user identifier (work email). Full alignment detail in the POPIA Alignment section below. |
The Protection of Personal Information Act (POPIA, Act 4 of 2013) governs the processing of personal information in South Africa. The table below maps ComplyBar's design and operation to key POPIA requirements for accounting firms, professional service organisations, and public sector bodies.
| POPIA Requirement | ComplyBar Approach |
|---|---|
| Responsible Party | The deploying organisation (your firm or authority) is the Responsible Party. ComplyBar acts as Operator - processing governance metadata strictly on the Responsible Party's behalf and subject to their instructions. |
| Lawful Processing Grounds | Processing of governance event metadata is based on the Responsible Party's legitimate interest in information governance and risk management. No personal content data (communications or documents) is processed. |
| Purpose Limitation | Governance event metadata is collected exclusively for compliance monitoring, risk reporting, and governance audit trail purposes - not for profiling, secondary processing, or commercial use. |
| Data Minimisation | Only governance event metadata is collected. The user identifier (typically a work email address) is the only personal information in audit records. No message content, document text, or personal communications are recorded. |
| Security Safeguards (Section 19) | HTTPS-only transmission; tenant-isolated storage; role-based access controls; session-based authentication with HTTP-only cookies. No data accessible to other tenants or unauthenticated parties. |
| Data Subject Rights | The user identifier (work email) can be removed from audit records on request. No personal content is stored, so content-based subject access requests are not applicable. Records can be purged by the Responsible Party's administrators at any time. |
| Cross-Border Transfers | Configurable - customer-controlled and self-hosted deployment options are available to keep all data within South Africa. Cloud-hosted deployments can be scoped to local infrastructure on request. |
| Retention & Destruction | Retention period and destruction schedule are set and managed entirely by the Responsible Party's administrators within the ComplyBar platform. Records can be purged at any time without vendor involvement. |
| Information Officer Obligations | ComplyBar's governance audit trail directly supports the Information Officer's statutory obligations under POPIA - providing a documented, searchable record of information handling incidents and risk detection events. |
ComplyBar offers multiple deployment configurations to accommodate data sovereignty, data residency, and regulatory requirements across jurisdictions including South Africa, the EU, and the UK.
| Deployment Model | Data Location | Suitable For |
|---|---|---|
| Cloud-Hosted (Default) | ComplyBar managed cloud infrastructure | Organisations comfortable with managed SaaS; fastest deployment path |
| Customer-Managed Cloud | Your chosen cloud provider (AWS, Azure, GCP) - region of your choice | Organisations with existing cloud frameworks or specific regional data requirements |
| Private / On-Premises | Entirely within your own infrastructure | Government bodies, regulated financial institutions, strict data sovereignty requirements |
| South Africa Hosted | South African data centre / local hosting | POPIA-sensitive deployments; South African public sector; municipalities; professional services firms |
Organisations are encouraged to verify ComplyBar's metadata-only operation during a pilot. The design is intentionally transparent and auditable.
| Verification method | What you can confirm |
|---|---|
| Browser network traffic inspection | Outbound requests from the extension contain only structured metadata - no email body, message text, or file content appears in any network request |
| Audit record review | Every stored audit event contains only labels, timestamps, and identifiers - reviewable directly in the dashboard Audit Log |
| Connector permission review | OAuth permissions granted to ComplyBar can be reviewed in Google Workspace Admin or Microsoft Azure AD - read-only access only is requested |
| Sample assessment output review | Repository assessment records contain file names, scores, and category labels - no document content. Reviewable directly in the dashboard |
| Silent mode baseline comparison | Run a silent assessment alongside normal operations - compare audit event volume and categories without any user-facing changes |
ComplyBar offers a structured range of pilot configurations to match your organisation's risk appetite, privacy requirements, and evaluation objectives.
| Pilot Option | Description | Suitable for |
|---|---|---|
| Demo Environment | Fully isolated demo instance using test files and synthetic data only. No real user data involved. | Initial evaluation, procurement review, board presentations |
| Limited Department Pilot | Restricted rollout to a selected group of users or a single department. Full functionality with controlled scope. | Proof of concept, early adopter teams, phased rollout |
| Silent Assessment | Extension deployed to users with no visible warnings or interventions. Risk events are measured without displaying warning banners or workflow interruptions, allowing organisations to establish a baseline before introducing interventions. | Baseline risk measurement, pre-intervention benchmarking, change impact analysis |
| Assisted Assessment | Extension deployed with full warning banners, Fix / Dismiss / Proceed / Approval Request interactions enabled. Users see all risk alerts. | Active compliance training, policy enforcement, awareness pilots |
| Comparison Assessment | Users split into a Silent group and an Assisted group. Enables side-by-side measurement of whether warning interventions reduce risk events. | Demonstrating compliance ROI, quantifying warning effectiveness, audit evidence |
| Sample Repository Review | Repository Assessment run against a non-sensitive or test document library. Generates governance scores and a remediation plan without involving live client data. | Demonstrating document governance capabilities, IT governance reviews |
| Metadata-Only Mode | Default operation mode. No raw content is retained at any point. All audit records contain structured metadata only. | Privacy-sensitive environments, regulated industries, GDPR-conscious deployments |
| Customer-Controlled Environment | ComplyBar deployed within the customer's own hosting environment or private cloud. All data remains entirely within the customer's infrastructure. | High-security environments, enterprise deployments, regulated sectors requiring data residency control |
The following structured approach enables organisations to evaluate ComplyBar in a controlled and auditable manner, with minimal risk and clear visibility at every stage.
This public document is intentionally high-level. It is designed to provide sufficient information for an initial privacy and security review without exposing proprietary implementation details.
Detailed security architecture, pilot configuration details, and technical review material are available to qualified organisations under NDA or controlled pilot terms.