amlr.io Back to amlr.io

Privacy Policy

Last updated: 14 July 2026

Short version: this policy covers personal data we handle in connection with this website and our client relationships. Everything runs in the European Union, we collect the minimum needed, we sell nothing, and GDPR rights apply in full. Data controller: Pattern Consulting Ltd (Bulgaria, reg. 206825026). Contact: ops@amlr.io.

1. Who we are

This website and the amlr.io platform are operated by Pattern Consulting Ltd, a company registered in Bulgaria under company registration number 206825026 ("Pattern Consulting", "we", "us"). We are the data controller for the personal data described in this policy. You can reach us at ops@amlr.io.

2. Two roles, two kinds of data

As a controller, we process the data of website visitors and client contacts: contact details you send us (for example when booking a demo), account details of platform users (name, work email, role), and basic technical logs needed to run and secure our services.

As a processor, we process the compliance data our clients put into the amlr.io platform: counterparty companies, their directors and beneficial owners, identity documents, screening results, and case records. For that data the client is the controller and we act only on their instructions, under a separate data processing agreement. This policy does not govern that processing; the relevant client's own privacy notice does.

3. What we process and why

The marketing website sets no analytics or advertising cookies.

4. Where data lives

All application data, databases, and document storage are hosted in the European Union on certified infrastructure (ISO 27001; providers audited under SOC 2). We do not transfer personal data outside the EU/EEA to operate our services.

5. Sharing

We share personal data only with the infrastructure and service providers needed to run our services (hosting, email delivery, identity), each bound by data processing terms, and where the law requires it. We never sell personal data.

6. Retention

Contact data is kept as long as the conversation is live and deleted on request. Platform data is kept for the duration of the client relationship and deleted or returned afterwards, subject to the retention periods that AML law imposes on our clients.

7. Your rights

Under the GDPR you can request access, rectification, erasure, restriction, portability, and object to processing. Write to ops@amlr.io. If your data is in a client's workspace (for example, you were onboarded as a counterparty by one of our clients), we will refer your request to that client, who is the controller.

You also have the right to lodge a complaint with a supervisory authority. Our lead authority is the Bulgarian Commission for Personal Data Protection (Комисия за защита на личните данни, cpdp.bg); you may also complain to the authority in your own country.

8. Security

Data is encrypted in transit and at rest, access is role-based and logged in a tamper-evident audit trail, workspaces are isolated per client, and identity documents are processed on the uploader's own device where technically possible.

9. Changes

We will update this policy as our services evolve and note the date above. Material changes are communicated to clients.

Contact

Pattern Consulting Ltd (reg. 206825026), Bulgaria. Privacy questions and requests: ops@amlr.io