> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bowerlabs.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Restricted mode (HIPAA-ready) and GDPR controls

> Restricted mode (HIPAA-ready) with a workspace toggle, GDPR consent and data export, account deletion, retention controls, and a public sub-processors list.

**Shipped 2026-04-02 · Trust & compliance**

Researchers handling clinical data, EU residents, or anything that crosses
an IRB review have compliance obligations that consumer software ignores.
A new wave of controls lets workspaces operate inside those obligations
without leaving Bower.

## What's new

**Restricted mode (HIPAA-ready)**

* A workspace-level **Restricted mode** toggle in Security settings applies
  stricter handling to all artifacts — AI processing is limited to
  BAA-covered providers (Google Vertex AI) and external sharing is disabled.
* Enforced server-side, with audit trails for any access. Built for PHI, and
  useful for any highly sensitive data.

**GDPR**

* **Consent management** for EU users, with granular controls for
  analytics, error monitoring, and marketing communications.
* **Data export** — download every artifact and metadata field associated
  with your account, on demand.
* **Account deletion** — from your account settings, with retention rules
  applied so audit trails remain compliant.

**Vendor management**

* A public **sub-processors list** in the Trust Centre, with a vendor
  registry behind the scenes that triggers a compliance review whenever
  we add a new sub-processor.

## Why this matters

If your workspace handles patient data, EU resident data, or you're working
under an institutional IRB, these controls are now in place — not on a
roadmap. Pair them with Bower's existing audit log and you have the trail
you need for an audit conversation.

## Related docs

* [Trust Centre](/trust-centre)
* [Restricted mode (HIPAA-ready)](/trust-centre/hipaa-compliance)
* [Data privacy](/trust-centre/data-privacy)
* [Sub-processors](/trust-centre/sub-processors)
