Compliance

Built for a regulated industry.

Regulatory

FCA alignment
from the first line.

Every Gild report follows the structure and language your compliance team expects. The output is aligned with FCA suitability requirements under COBS 9.4, including Consumer Duty obligations.

This means appropriate disclosures, risk warnings, charges summaries, and suitability rationale are present in every document by default - not added as an afterthought.

Consumer Duty

Language and structure aligned with the FCA's Consumer Duty expectations for client communications.

COBS 9.4

Reports structured to meet the FCA's suitability report requirements for personal recommendations.

Risk Disclosures

Appropriate risk warnings, capital-at-risk statements, and product-specific disclosures included automatically.

Charges Transparency

Clear, compliant presentation of advice charges, platform costs, and ongoing management fees.

Infrastructure & Security

Enterprise-grade.
Not side-of-desk.

Gild is built to enterprise standards on UK-based cloud infrastructure. Client data is encrypted in transit (TLS 1.3) and at rest (AES-256). AI processing runs within our UK AWS environment, ringfenced per generation session. Client data is not used for model training, and not accessible to the underlying model provider.

This is the difference between a regulated-business AI service and a consumer tool. Pasting client data into ChatGPT or a consumer AI tool typically offers no data governance, no audit trail, and no control over where that data ends up. Gild is purpose-built for firms that hold themselves to a higher standard.

UK cloud hosting

Hosted within UK regions on enterprise-grade managed cloud infrastructure - the same standard used across financial services and healthcare.

Ringfenced AI processing

AI runs inside our UK AWS environment, ringfenced per generation session. Client data is not used for model training and not accessible to model providers.

Encryption

TLS 1.3 in transit. AES-256 at rest. Client data is never transmitted or stored in plaintext.

Document Vault retention

Documents your firm chooses to publish to the client portal are stored against your firm's tenancy. Generation context is not retained beyond the session.

Audit Trail

Every edit.
Every version.
Every timestamp.

Every report carries a full version history. Every edit is timestamped and attributed to the user who made it. Your compliance team can export the audit trail for any document at any time.

This means your file reviews are straightforward. The original generated version, every subsequent change, and the final approved version are all recorded and retrievable.

No ambiguity about what was sent, when it was sent, or what changed between drafts.

Data Protection

GDPR compliant.
DPA available.

Gild operates as a data processor on your behalf. Your firm remains the data controller at all times. We provide a standard Data Processing Agreement during onboarding.

We support your obligations under UK GDPR, including subject access requests and data deletion. Client data is never used to train models, improve our systems, or for any purpose beyond generating your requested documents.

Compliance FAQ

Questions your compliance
team will ask.

Who is the data controller?

Your firm. Gild operates as a data processor under your instruction. We process client data solely to generate the documents you request.

Where is data stored?

Data processing and storage occurs within UK regions across our cloud providers. AI processing runs in our UK AWS environment.

Can we get a Data Processing Agreement?

Yes. A standard DPA is provided during onboarding and can be reviewed by your legal team before signing.

How is the AI processing handled?

All AI processing runs inside our UK AWS environment, ringfenced per generation session. Client data never leaves the secure boundary and is not accessible to the underlying model provider. This is fundamentally different from pasting data into a consumer AI tool.

Is client data used to train AI models?

No. Our AI service contractually excludes inference data from training or model improvement. Your client data is used exclusively to generate the documents you request - nothing else.

Has a DPIA been completed?

A Data Protection Impact Assessment is completed before live client data is processed, in line with UK GDPR Article 35. Available to your compliance team on request.

Is the platform penetration tested?

Independent penetration testing is carried out pre-go-live, with remediation completed before live client data flows.

What happens to data if we cancel?

Client data and stored documents are deleted on cancellation, in line with our DPA. Written confirmation of deletion is available on request.

How is this different from using ChatGPT or similar tools?

Consumer AI tools offer no data governance, no encryption guarantees, and no control over where client data is processed or stored. With Gild, the application runs on UK-based enterprise cloud infrastructure and AI runs in a ringfenced UK AWS environment - purpose-built for regulated environments. There is a full audit trail, encryption at every layer, and a contractual DPA.

Do reports meet FCA suitability requirements?

Reports are structured to align with COBS 9.4 requirements for suitability reports and personal recommendations. This includes Consumer Duty aligned language, appropriate disclosures, and compliant charges presentation.

Can we customise the compliance language?

Yes. During onboarding we configure the regulatory language, disclosure wording, and risk warnings to match your firm's approved compliance templates.

How is the audit trail exported?

Version history and edit logs can be exported. Each entry includes the timestamp, user, and nature of the change.

Need to discuss compliance requirements?

We're happy to walk your compliance team through our approach in detail. Book a call and we'll answer everything.

Discovery Call