Privacy Policy
Last updated: 14 July 2026
1. Who we are
This website and the amlr.io platform are operated by Pattern Consulting Ltd, a company registered in Bulgaria under company registration number 206825026 ("Pattern Consulting", "we", "us"). We are the data controller for the personal data described in this policy. You can reach us at ops@amlr.io.
2. Two roles, two kinds of data
As a controller, we process the data of website visitors and client contacts: contact details you send us (for example when booking a demo), account details of platform users (name, work email, role), and basic technical logs needed to run and secure our services.
As a processor, we process the compliance data our clients put into the amlr.io platform: counterparty companies, their directors and beneficial owners, identity documents, screening results, and case records. For that data the client is the controller and we act only on their instructions, under a separate data processing agreement. This policy does not govern that processing; the relevant client's own privacy notice does.
3. What we process and why
- Contact and demo requests: name, email, and your message, to respond to you (legitimate interest).
- Platform accounts: name, work email, role, and authentication events, to provide the service and its audit trail (contract).
- Client compliance data: processed on the client's behalf to deliver the platform's functionality (processor role, client instructions).
- Technical logs: IP addresses and request metadata, kept briefly for security and troubleshooting (legitimate interest).
The marketing website sets no analytics or advertising cookies.
4. Where data lives
All application data, databases, and document storage are hosted in the European Union on certified infrastructure (ISO 27001; providers audited under SOC 2). We do not transfer personal data outside the EU/EEA to operate our services.
5. Sharing
We share personal data only with the infrastructure and service providers needed to run our services (hosting, email delivery, identity), each bound by data processing terms, and where the law requires it. We never sell personal data.
6. Retention
Contact data is kept as long as the conversation is live and deleted on request. Platform data is kept for the duration of the client relationship and deleted or returned afterwards, subject to the retention periods that AML law imposes on our clients.
7. Your rights
Under the GDPR you can request access, rectification, erasure, restriction, portability, and object to processing. Write to ops@amlr.io. If your data is in a client's workspace (for example, you were onboarded as a counterparty by one of our clients), we will refer your request to that client, who is the controller.
You also have the right to lodge a complaint with a supervisory authority. Our lead authority is the Bulgarian Commission for Personal Data Protection (Комисия за защита на личните данни, cpdp.bg); you may also complain to the authority in your own country.
8. Security
Data is encrypted in transit and at rest, access is role-based and logged in a tamper-evident audit trail, workspaces are isolated per client, and identity documents are processed on the uploader's own device where technically possible.
9. Changes
We will update this policy as our services evolve and note the date above. Material changes are communicated to clients.
Contact
Pattern Consulting Ltd (reg. 206825026), Bulgaria. Privacy questions and requests: ops@amlr.io