# Risk, Compliance, and Trust

## Purpose

This document is a user-facing trust summary for GateWise NG, a product of Globulus Technology Limited. It explains what data the platform may handle, how access is controlled at a high level, what Customers and Users are responsible for, and which policy documents should be published with the platform.

This document should not include internal infrastructure details, secret names, private endpoint paths, database design, sandbox behavior, or detailed security playbooks.

## Data GateWise May Handle

Depending on enabled features, GateWise may process:

- estate names, locations, and onboarding details
- account names, phone numbers, roles, and account status
- resident names, phone numbers, and unit or house references
- guard and supervisor names, phone numbers, duty roles, and device-related security information
- visitor names, phone numbers, optional photos, vehicle details, and visit purpose where provided
- visitor passes, QR codes, manual codes, validity periods, and usage status
- check-in, checkout, and incident records
- subscription, billing, and payment confirmation records
- support messages, feedback, and operational communications
- technical and usage records needed for security, reliability, and support

GateWise should collect only the data needed for estate access operations, customer support, billing, platform security, and legal compliance.

## Trust Commitments

GateWise is designed around these customer-facing commitments:

- each estate's operational data is separated by estate access rules
- users receive access based on role, estate relationship, account status, plan, and enabled features
- residents, guards, supervisors, estate administrators, sales partners, and platform administrators have different permissions
- visitor data is used to support estate access operations and should not be used for unrelated purposes
- payment information is handled through approved payment workflows
- personal data is retained only as long as reasonably needed
- approved deletion requests result in deletion, anonymization, or making records unidentifiable where lawful and practical
- security incidents are reviewed and handled through a structured response process
- public policy documents explain user rights, data use, retention, cookies, and support channels

## Customer Responsibilities

Customers using GateWise should:

- assign roles only to authorized users
- remove or suspend access when a user no longer needs it
- keep resident, guard, and estate data accurate
- train staff and guards on lawful and respectful data handling
- maintain physical gate procedures and emergency processes
- provide any required notices to residents, guards, visitors, and estate staff
- avoid entering unnecessary sensitive information
- report suspected misuse, incorrect data, or security concerns promptly

GateWise supports estate operations but does not replace human judgment, estate rules, physical security procedures, emergency response, or legal advice.

## User Rights

Depending on applicable law and the user's relationship with GateWise or an estate Customer, Users may request:

- access to their personal data
- correction of inaccurate data
- deletion or anonymization
- restriction of certain processing
- objection to certain processing
- information about how their data is used
- help routing a request to the responsible estate Customer

Requests should be sent through the published privacy or support contact.

## Public Policy Pack

The user-facing policy pack is maintained in [../legal](../legal/README.md):

- [Terms and Conditions](../legal/terms-and-conditions.md)
- [Privacy Policy](../legal/privacy-policy.md)
- [Data Protection Policy](../legal/data-protection-policy.md)
- [Data Retention and Deletion Policy](../legal/data-retention-and-deletion-policy.md)
- [Cookies and Cache Policy](../legal/cookies-and-cache-policy.md)
- [Data Processing Addendum](../legal/data-processing-addendum.md)
- [Security and Incident Response Policy](../legal/security-and-incident-response-policy.md)

Before publication, replace placeholders and obtain legal review.

## Public Trust Messaging

Suggested public language:

"GateWise NG, a product of Globulus Technology Limited, helps estates manage visitor access with role-based permissions, estate-level data separation, visitor pass controls, check-in records, and privacy-conscious retention practices. We collect only the information needed to provide the service, support users, maintain security, and meet legal or business obligations."

Avoid promising:

- guaranteed crime prevention
- guaranteed visitor identity verification
- perfect or uninterrupted service
- legal compliance without qualification
- security details that reveal internal controls

## Residual Risks To Explain Carefully

GateWise can reduce manual errors and improve access records, but some risks remain:

- estate staff may enter incorrect data
- users may share OTPs, phones, or access codes
- visitors may present incorrect information
- connectivity problems may affect real-time workflows
- payment or communication providers may experience delays
- Customers may assign permissions too broadly

These risks should be addressed through Customer training, careful role assignment, clear support channels, and practical fallback procedures.