Compliance · Policy Engine
Your rules. Your teams. Your risk profile.
An M&A team, an employment team, and an IP team each face different disclosure risks. Ventrin's policy engine lets compliance officers define rules by team, vertical, or individual — without writing a line of code.
How policies work
Define once. Enforced everywhere.
Rules map to your org chart.
Define workspace-level defaults that apply to everyone, then override per team or per individual. Inheritance works the way your firm does: the employment team can have stricter PII rules than the technology team; a senior partner can be granted access a junior associate cannot. All without touching workspace-wide policy.
Conditions cover what, where, and who.
Combine conditions using AND / OR logic: block client names going to external AI tools but allow technical queries from developer accounts; flag health data regardless of destination; permit IP research questions from the IP team on approved platforms. The dashboard UI handles the logic without requiring code.
Templates for regulated verticals.
Pre-built policy templates for legal, healthcare, and financial services give compliance officers a starting point — validated against GDPR Article 35, SRA AI guidance, and HIPAA §164. Apply a template in one click and modify from there, or build from scratch. Every change is logged with the user, timestamp and previous state.
The compliance reality
One size fits none. In legal, context is everything.
The SRA's guidance on AI and the ICO's recommendations on generative AI use in legal practice both acknowledge that context determines risk. A litigation team summarising public judgments faces different exposure than a corporate team drafting deal documents. Ventrin's policy engine is built on this premise — not the premise that a single rule can govern an entire firm.
- SRA-aligned: policy conditions map directly to professional conduct obligations
- GDPR Article 25 compliant by default — data minimisation baked into policy structure
- Policy inheritance prevents accidental gaps when teams are restructured
- Full change history — every policy modification is auditable, not just current state
Pre-built policy templates — start in minutes
Legal & Law Firm
SRA-aligned
- Block all client PII (names, addresses, dates)
- Block matter / case reference numbers
- Redact financial figures above £10k
- Warn on opposing counsel names
- Log all AI activity per fee-earner
Healthcare
HIPAA-ready
- Block all PHI (names, DOB, NHS/SSN)
- Block diagnosis codes and medication names
- Redact insurance policy numbers
- Enforce per-department AI tools list
- 90-day audit retention for covered entities
Financial Services
FCA / MiFID II
- Block IBAN, account, and sort codes
- Block insider / MNPI keywords
- Redact client portfolio details
- Separate policy for front-office vs. ops
- Alert on trade-sensitive terms
Enterprise
General regulated
- Block credentials and API keys (20+ formats)
- Warn on contractor / vendor names
- Redact revenue and forecast figures
- Enforce approved AI tools only
- Manager exception workflow
Templates are starting points — every rule can be adjusted, combined, or scoped to specific teams. Custom templates can be saved and reused across workspaces.
Compliance that reflects how your firm works.
Early access open for legal and regulated teams. Set up takes under 30 minutes.
No IT deployment required · Propagates in <30s · Full audit trail of every policy change.