How GSIG collects, uses, retains, and protects information in connection with the website, engagements, and related services.
This Privacy Policy describes how Global Sanctions Intelligence Group ("GSIG", "we", "us") — a subsidiary of VUNIX Inc. — collects, uses, and protects information in connection with the GSIG website, engagement processes, and related services (the "Service").
Engagement and contact information. When you contact GSIG to discuss an engagement, or when you become a client, we collect your name, professional email address, organisation, role, jurisdiction, and the substance of our correspondence. For active engagements we additionally maintain authorised personnel records and engagement-letter documentation.
Website usage. When you visit the GSIG website we collect minimal technical data including IP address, browser user agent, requested pages, and timestamps. This data is used for security, fraud prevention, and operational analytics. The site does not use third-party advertising or behavioural tracking.
Briefings and editorial. If you read, share, or reference GSIG briefings, no individual reading record is maintained. Aggregate access patterns are reviewed for editorial planning.
Engagement deliverables. During an active engagement, GSIG produces forensic intelligence outputs scoped to the client's mandate. The methodology, findings, and supporting evidence chain are subject to the engagement letter and any privilege protections agreed at the outset.
| Category | Purpose | Retention |
|---|---|---|
| Contact and engagement records | Engagement management, communication, conflict checks | Engagement period + 7 years |
| Engagement letters and signed agreements | Legal record, regulatory compliance | Engagement period + 10 years |
| Authorised personnel records | Access control, vetted-personnel verification | Engagement period |
| Website technical logs (IP, UA) | Security, fraud prevention | 90 days |
| Engagement deliverables | Engagement file, future reference | Engagement period + 7 years |
| Email correspondence | Engagement correspondence record | Engagement period + 7 years |
We use the information we collect to operate and deliver the Service, manage engagements, communicate with current and prospective clients, conduct conflict checks, comply with legal and regulatory obligations, and improve service quality. We do not use personal information for advertising, behavioural profiling, or external marketing programmes, and we do not sell personal information to third parties.
The intelligence data underlying GSIG engagements — sanctions designations, blockchain attribution, money-flow topology, entity resolution — is derived from public blockchain data, published regulatory designations, and proprietary forensic methodology. This intelligence data is operational, not personal data of our clients.
Engagement findings remain confidential. The findings produced during a GSIG engagement are subject to the confidentiality, privilege, and non-disclosure protections agreed in the engagement letter. We do not aggregate, share, or reuse findings produced for one client in service of another, beyond methodological learning that does not identify the client.
We share data with third parties only in narrow circumstances:
Authorised service providers. A small set of vetted infrastructure and software providers support GSIG operations (cloud hosting, secure communications, document management). Each operates under contractual confidentiality obligations.
Legal and regulatory requirements. We may disclose data to law enforcement or supervisory authorities where required by valid legal process, court order, or regulatory mandate. Where permitted, we will notify the affected client.
Mutual intelligence engagement. GSIG participates in mutual intelligence dialogue with sovereign authorities. This dialogue is conducted at the methodological and aggregate level, not at the level of individual client data, engagement findings, or proprietary attribution.
GSIG operates on owned infrastructure. The intelligence platform is not hosted on commercial cloud infrastructure and is not directly accessible from the public internet. Engagement data is stored on systems with controlled access, encrypted at rest, and transmitted over encrypted channels. Access is restricted to authorised personnel on a need-to-know basis, with all access logged.
For website operations, standard transport-layer encryption (TLS) is in force, security headers are applied to every response (see our Security policy), and the website is operated behind a hardened reverse-proxy edge.
Depending on your jurisdiction, you may have rights to access your personal data, request correction or deletion, object to processing, request data portability, and withdraw consent where processing is consent-based. To exercise any of these rights, contact us at privacy@gsig.uk.
Note that records subject to legal, regulatory, or engagement-letter retention obligations may be retained for the periods specified above even where deletion is requested.
GSIG is a UK-domiciled entity with infrastructure in the European Union. Data may be processed in jurisdictions outside the data subject's country of residence. We take appropriate steps to ensure adequate protection of personal data in accordance with applicable data protection laws including the UK GDPR and the EU GDPR.
The GSIG website uses minimal cookies, restricted to essential functions (session management for authorised portal access, where applicable). We do not use advertising cookies, tracking pixels, third-party analytics that track users across sites, or behavioural profiling technologies.
The Service is intended for institutional, governmental, regulatory, and professional use. The website is not directed to individuals under 18, and we do not knowingly collect personal data from minors.
We may update this Privacy Policy by posting the revised version on this page and updating the "Last updated" date above. Material changes affecting active clients will be communicated directly through engagement correspondence channels.
For privacy inquiries, contact privacy@gsig.uk. For general inquiries, enquiries@gsig.uk. For security concerns or vulnerability disclosure, contact security@gsig.uk. See also our Security policy.