What Restricted mode does
When enabled, two restrictions take effect immediately:- AI processing is restricted to Google (Vertex AI) only. Bower uses multiple AI providers for different tasks. In Restricted mode, only routes covered by a signed Business Associate Agreement — Google Vertex AI — are permitted. Every other provider (the Gemini API, OpenAI) is blocked at the API level.
- External sharing is disabled. Share links cannot be created for any artifact in the workspace. Existing share links are not retroactively removed, but no new ones can be generated.
What still works in Restricted mode
The following features run entirely on Google (Vertex AI, BAA-covered) and remain available:- Voice transcription (Google Cloud Speech-to-Text, covered by GCP BAA). The OpenAI transcription fallback available to other workspaces is disabled here — your audio stays on Google only.
- Photo OCR and text extraction (Gemini Vision)
- AI-generated descriptions for attachments (Gemini)
What is blocked in Restricted mode
Any AI route not in the Google Vertex AI (BAA-covered) allowlist is blocked. This includes features that may route through non-BAA-covered providers. If you attempt to use a blocked feature, you will see an error explaining that the feature is restricted in this workspace.Enabling Restricted mode
Only workspace admins and owners can toggle Restricted mode.
A confirmation dialog will explain exactly what changes. Once confirmed, restrictions take effect immediately.
Disabling Restricted mode
You can disable Restricted mode from the same toggle. A warning dialog will explain that the protections will be removed. Disabling is also immediate — AI provider restrictions are lifted and sharing is re-enabled.Important notes
- Restricted mode is forward-only. Enabling it does not retroactively re-process content that was previously handled by non-Gemini providers.
- Restricted mode is a workspace-level setting. If you have multiple workspaces, each one can be configured independently. Consider creating a dedicated workspace for PHI data.
- Bower’s Restricted mode restricts AI processing and sharing. It does not replace a full HIPAA compliance programme. You are responsible for ensuring your organisation meets all applicable requirements, including staff training, risk assessments, and BAA coverage for other tools in your workflow.
Further reading
- Data privacy — encryption, workspace isolation, and access controls
- Sub-processor list — all third-party services that process your data
- Audit logs — track every action in your workspace

