Legal & Compliance Disclosure

1. Introduction

At The Entity Studios we are committed to maintaining the highest standards of legal, regulatory, and ethical compliance across all jurisdictions in which we operate in the United Kingdom, Estonia, and India.

Our approach is rooted in transparency, robust governance, and proactive risk management. This page outlines our legal standing, regulatory adherence, and internal control commitments, helping partners, clients, and financial institutions evaluate our legitimacy, compliance posture, and operational integrity.

2. Corporate Identity and Governance

Governance & Structure

The Entity Studios is governed by a formally registered board and executive leadership team across all operating entities. Board decisions, shareholder agreements, and organizational structure documents are securely maintained and made available to verified stakeholders via our Trust Portal subject to a Non-Disclosure Agreement (NDA).

Information about our leadership team, including director profiles and strategic roles, is available upon request under NDA via our Trust Portal

3. Regulatory Compliance and Risk Management

Compliance with Jurisdictional Regulations

• EU GDPR (General Data Protection Regulation)
• India’s DPDP Act (Digital Personal Data Protection)
• UK & Estonia corporate governance requirements
• AML/CTF regulations under global financial compliance standards

Certifications and Security Standards

• ISO/IEC 27001:2022 Certified ISMS
• Trusted Partner Network (TPN) – Blue Compliant
• Fully aligned with GDPR and India's DPDP Act for privacy and data security

Internal Control Systems

• ISO/IEC 27002:2022 security controls
• TPN MPA Content Security Guidelines
• COSO-style oversight principles ensuring integrity, accountability, and policy-driven enforcement

AML/CTF and Sanctions Compliance

• Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures for financial onboarding
• Automated sanctions screening against global watchlists
• Systems for suspicious transaction monitoring and reporting, aligned with international regulatory expectations

Risk Management Framework

A formal Risk Management Framework governs how we identify, assess, and mitigate operational, legal, and financial risks:

• Annual compliance reviews and threat assessments
• Corrective action tracking and periodic remediation reporting
• Continuous improvement through internal policy updates and threat modeling

Internal Audits & Reports

Internal audits are conducted at regular intervals to validate compliance effectiveness and security control health.

4. Privacy, Security, and Data Handling

Privacy Governance

• Comprehensive, publicly available Privacy Policy and Cookie Policy
• Full compliance with EU GDPR, India’s DPDP Act, and cross-border data transfer regulations

Data Protection Controls

• Data minimization: Only the data necessary for operational or legal purposes is collected and processed
• Defined data retention timelines are implemented for all personal and project data
• Secure disposal and erasure procedures in place at the end of retention periods
• Data breach response protocol in line with GDPR and DPDP notification requirements
• Robust Data Processing Agreements (DPAs) signed with all third-party service providers

Cybersecurity & Access Controls

• Multi-Factor Authentication (MFA) enforced across key systems
• Endpoint encryption and anti-malware controls for all work devices
• Role-based access control (RBAC) ensuring least privilege
• Alignment with PCI DSS security standards (for relevant payment systems)
• Scheduled penetration testing and vulnerability assessments

User Rights and Grievance Redressal

Mechanisms are available for data subjects to:

• Request access, correction, or deletion of their data
• Escalate data protection issues to the Data Protection Officer or legal team
• View data handling practices transparently via the Privacy Policy

Additional Documentation

Available upon request via the Trust Portal

• Data Protection Policy
• Data Protection Impact Assessments (DPIAs)
• Records of Processing Activities (RoPA)

5. Intellectual Property

Ownership & Assignment

• IP rights are retained or transferred as per agreement scope
• All deliverables are covered under confidentiality, assignment, and non-compete clauses
• Custom IP assignment clauses are included in contracts and available upon request via the Trust Portal

Open-Source Software (OSS) Management

• Only license-compliant OSS is used in our workflows
• OSS components are reviewed for security and legal risk prior to inclusion
• A formal approval workflow governs the integration of any OSS in production or commercial builds

Licensing

• Licensing terms are customized for each engagement based on IP ownership and delivery structure
• Documentation related to IP licensing, transfer, and NDAs is accessible under NDA via the Trust Portal

6. Financial Due Diligence

As a newly established but rapidly growing company, The Entity Studios is in the early phases of its financial maturity cycle. While certain financial disclosures such as audited financial statements or debt agreements are not currently applicable, we maintain the following commitments to future partners and investors:

Currently Available (under NDA):

• Company Incorporation Documents for all registered entities (UK, Estonia, India)
• Basic Tax Registration Certificates (PAN, GST for India; VAT where applicable)
• Proof of Active Business Operations, including client engagement records and operational infrastructure
• ISO/IEC 27001:2022 Certification and TPN Compliance documents validating maturity of our security and governance systems

To Be Made Available (in upcoming phases):

• Audited Financial Statements (Expected FY 2025–26)
• Detailed Financial Disclosures and Contractual Agreements (as projects scale)
• License & Permit Filings (as needed per jurisdiction)

Additional documentation is available upon request via the Trust Portal under a Non-Disclosure Agreement (NDA).

7. Contact

For all legal, regulatory, or compliance-related inquiries, please contact our team at: legal@entity.ltd Or request specific documentation through our secure Trust Portal