Access to the Compliance Platform does not make every private transaction
visible. Users can review only the evidence allowed by their organization,
application, permissions, case assignment, and access window.
Disclosure flow
Arcane indexes transaction evidence
The platform reads registered transaction sources and stores the records
required for interpretation and authorized review.
A user requests disclosure
The request records the purpose of access and the proposed scope, including
the relevant application, contract boundary, historical review period,
access duration, disclosure fields, and assigned reviewers.
An authorized administrator reviews the request
The administrator approves or rejects the request according to the client’s
access model. Approval creates the basis for a controlled review case.
The platform establishes the review boundary
The case defines assigned reviewers, permitted evidence, approved fields,
and the duration of access.
An assigned reviewer examines the approved evidence
The reviewer can access only the transaction data available within the
active case scope. Unrelated private activity remains outside the review.
Control model
| Control | What it limits |
|---|---|
| Organization | Which client organization owns the data. |
| Application | Which client product or application the evidence belongs to. |
| Purpose and case | Why access is requested and which review workflow authorizes it. |
| Role and permissions | Which actions the authenticated user can perform. |
| Assignment | Which reviewers are authorized for the approved case. |
| Time and duration | Which transaction period can be reviewed and when access expires. |
| Contract and fields | Which transaction source is in scope and which sensitive fields can be disclosed. |
Platform responsibilities
The Compliance Platform provides:- organization and application boundaries;
- identity, roles, and permission enforcement;
- disclosure request and approval workflows;
- review cases, assignments, and access windows;
- scoped transaction review;
- report generation and downloads;
- activity records for governed workflow and administrative actions.
The client should route sensitive access through an approved case and retain
stable product references and public transaction identifiers in its own
system of record.
Create a case
Continue to the case creation workflow.
Manage user access
Configure organization membership and application-scoped permissions.