Skip to main content
Shipped 2026-04-02 · Trust & compliance Researchers handling clinical data, EU residents, or anything that crosses an IRB review have compliance obligations that consumer software ignores. A new wave of controls lets workspaces operate inside those obligations without leaving Bower.

What’s new

Restricted mode (HIPAA-ready)
  • A workspace-level Restricted mode toggle in Security settings applies stricter handling to all artifacts — AI processing is limited to BAA-covered providers (Google Vertex AI) and external sharing is disabled.
  • Enforced server-side, with audit trails for any access. Built for PHI, and useful for any highly sensitive data.
GDPR
  • Consent management for EU users, with granular controls for analytics, error monitoring, and marketing communications.
  • Data export — download every artifact and metadata field associated with your account, on demand.
  • Account deletion — from your account settings, with retention rules applied so audit trails remain compliant.
Vendor management
  • A public sub-processors list in the Trust Centre, with a vendor registry behind the scenes that triggers a compliance review whenever we add a new sub-processor.

Why this matters

If your workspace handles patient data, EU resident data, or you’re working under an institutional IRB, these controls are now in place — not on a roadmap. Pair them with Bower’s existing audit log and you have the trail you need for an audit conversation.