AI Transparency Statement

This AI Transparency Statement is issued by glomotec, Inc., a corporation incorporated in the State of Delaware, United States of America, with registered office at 131 Continental Drive, Suite 305, Newark, DE 19713, United States, together with its affiliates (collectively, “glomotec”).

The affiliates of glomotec, Inc., which operate as regional licensees of the platform, are:

Global Mobility Technologies LLC, a limited liability company organised under the laws of the State of Wyoming, United States of America, with registered office at 1309 Coffeen Avenue, STE 15705, Sheridan, WY 82801, and principal place of business at 809 Cuesta Drive, Suite B PMB 1177, Mountain View, CA 94040.

GLOMOTEC LTD, a private limited company registered in England and Wales under Companies House registration number 13211798, with registered office at Suite 116, Lovell House, Birchwood Park, Warrington, Cheshire WA3 6FW, United Kingdom.

RM Project Management Services Co. LLC, a limited liability company licensed in the Emirate of Dubai, United Arab Emirates under Department of Economy and Tourism licence number 1158581, with offices at 114 Al Fajer Complex, Umm Hurair Road, Dubai, United Arab Emirates.

References in this Statement to “glomotec,” “we,” “us,” or “our” mean glomotec, Inc. and its affiliates, except where the context requires otherwise.

This Statement covers the use of artificial intelligence systems across the platform and applies to every glomotec affiliate operating any module of the platform. Grievance and human-review rights are set out in Section 14.

Notices and correspondence concerning this Statement must be addressed to glomotec, Inc. at its registered office in Newark, Delaware, or care of Global Mobility Technologies LLC at its Mountain View principal place of business, or by email to ai@glomotec.com.

This statement explains how artificial intelligence is used inside glomotec, how we govern it, what data flows through it, who is accountable when it errs, and what we commit to over the years ahead. It covers the products and services we operate today, the modules we will bring online, and the standards we hold ourselves to.

Our approach rests on a single conviction. Cross-border mobility decisions affect people’s livelihoods, families, careers, and futures. Where AI participates in those decisions, the obligation is not merely to disclose its use, but to design the system so that human judgement remains authoritative, equity is testable, error is recoverable, and the people affected can challenge any outcome they did not expect.

This document is the durable artefact of that conviction.

This statement applies to all AI-enabled systems, services, and infrastructure operated by glomotec and its corporate group. It speaks to several audiences simultaneously and is written so each can find what it needs.

• Individuals who interact with glomotec systems, particularly users of SIGNAL, can find here what AI is doing, what it is not doing, how their information is handled, and how they can request human review of any outcome.
• Enterprise advisory firms and boutique operators evaluating glomotec ENGINE for licensing can find here the controls, principles, and obligations that will govern their use of glomotec infrastructure and that they will inherit by contract.
• Institutional and government counterparties considering glomotec ATLAS deployments can find here the framework that will apply when AI is embedded in public-administration contexts and the additional controls activated at deployment.
• Partners in the glomotec ORBIT network can find here the transparency standards expected of them and of us in collaborative case execution.
• Regulators, auditors, and assurance providers can find here a structured account of our practices, our standards alignment, and our published commitments, mapped to the major AI governance frameworks worldwide.
• Researchers and journalists working on AI governance, automated decision-making, or migration technology can find here system cards, methodology disclosures, and a structured factual basis. Researcher inquiries are welcome at .

The statement is written to remain useful as new modules, new jurisdictions, and new AI capabilities come online. Its annexes are extensible, its principles are durable, and its commitments are dated.

A precise scope statement requires a precise exclusion statement. The following are outside the scope of this AI Transparency Statement and are governed by separate instruments.

• Personal data processing in detail. Categories of personal data collected, lawful bases, retention windows, and data subject rights are set out in the glomotec Privacy Policy. This statement coordinates with the Privacy Policy where AI processing intersects personal data but does not replace it.
• Cookie and tracking technology disclosures. Set out in the glomotec Cookie Policy.
• General terms of service for glomotec surfaces. Set out in the glomotec Terms of Use.
• Commercial contract terms with enterprise clients, ENGINE licensees, and ATLAS counterparties. Bilateral commercial agreements govern those relationships. The transparency obligations propagated to those counterparties are summarised in Section 21 of this statement.
• Security vulnerability disclosure. Coordinated through the glomotec Responsible Disclosure Policy.
• Individual case-level decisions. This statement describes the systems and controls that govern AI-influenced outcomes generally; it does not adjudicate individual cases. The grievance pathway in Section 14 is the route for case-specific concerns.
• Information that is commercially sensitive or that would, if disclosed, materially reduce the security of the systems. This includes specific prompt engineering details, internal red-team prompts and their scoring rubrics, and certain security control configurations. We commit here to general disclosure of methodology and outcomes; we reserve the specifics where disclosure would harm users or the integrity of the system.

This boundary is not an evasion. It is the reason this document is credible: every claim made here is one we can stand behind, audit, and update.

We adopt EU AI Act definitions where they are clearest and add glomotec-specific terms where precision matters.

Artificial intelligence (AI)

A system that operates with a certain degree of autonomy and, using machine learning or logic- and knowledge-based approaches, produces outputs such as content, predictions, recommendations, or decisions. This covers generative AI and traditional machine learning.

Foundation model

A large, general-purpose model trained on broad data and adaptable to many downstream tasks. The foundation model used by glomotec is accessed through a third-party provider’s enterprise application programming interface.

Generative AI (GenAI)

A subset of AI that produces new content (text, images, code) by learning patterns from existing content. Most user-facing AI at glomotec uses generative models in this sense.

Traditional machine learning (ML)

Statistical and algorithmic methods that learn from data to classify, rank, score, or predict, without generating new content. glomotec Intelligence uses traditional ML for tasks such as relevance ranking, change detection, and entity matching.

glomotec Labs

The research, development, and prototyping layer of glomotec, where new modules, prototype tools, and experimental capabilities are built and tested before they graduate into production.

The six modules

The productised surfaces of glomotec: SIGNAL, COMPASS, VECTOR, ORBIT, ENGINE, ATLAS.

glomotec Intelligence

The data and analysis layer of glomotec, covering data collection, content extraction, change detection, due diligence screening, market insights, and the intelligence feeds that power the modules.

SIGNAL

The AI-powered intelligence and qualification layer. Live at signal.glomotec.com.

COMPASS

The process and execution layer. Case management for the global mobility lifecycle.

VECTOR

Talent mobility infrastructure, covering employment-led mobility, sponsorship, and relocation.

ORBIT

The two-way business-to-business partner and referral network, comprising RELAY (pass-through referrals with fee on handoff) and COPILOT (collaborative case partners with shared execution and economics).

ENGINE

Licensable infrastructure and intelligence. The glomotec stack and mobility data, packaged for advisory firms and boutique operators to license, embed, and run on.

ATLAS

Institutional mobility infrastructure for governments and economic zones.

Qualification decision

An AI-informed routing outcome produced by SIGNAL that determines whether a user is offered an advisory engagement, a due diligence request, a partner referral, or alternative routing. A qualification decision is not a legal determination of eligibility under any jurisdiction’s immigration law.

DDR pathway

The due diligence request route. The point at which a SIGNAL-qualified user transitions from AI-mediated conversation to human-mediated case handling. The DDR pathway is glomotec’s primary human checkpoint for SIGNAL.

Human-in-the-loop checkpoint

A defined moment in a workflow at which an accountable human reviews, validates, or overrides AI output before downstream action.

Production Readiness Review

The internal governance review that a Labs prototype undergoes before any AI component is exposed to production data or end users.

Risk tier

Our classification of any AI surface against EU AI Act risk categories: minimal, limited, high, or prohibited. Classification is per surface and per deployment context, not per module.

Downstream propagation

The contractual mechanism by which ENGINE licensees, ORBIT COPILOT partners, and ATLAS counterparties inherit glomotec’s transparency, fairness, and human-review obligations toward end users.

Seven principles govern every AI surface at glomotec. They are durable, they precede any individual system, and they outlast any individual deployment. Where any specific system, control, or commitment in this document is open to interpretation, these principles are the interpretive frame.

1. Architecture, not assembly.

   We license foundation models from named providers (Section 09). The system around them, including the prompt logic, the retrieval corpus, the routing, the validation, the data flow, and the human checkpoints, is architected by us, instrumented by us, and governed by us. We do not assemble AI services purchased intact from third parties. Where we depend on a model someone else trained, we say so, on terms we publish, with controls we operate.

2. Specificity over assurance.

   Trust does not come from comforting language. It comes from named systems, named models, named data flows, named jurisdictions, and named failure modes. We disclose specifically. Where we cannot disclose specifically, we say so and explain why.

3. Human authority over AI assistance.

   No AI system at glomotec issues a binding decision affecting a person’s mobility outcome. AI qualifies, structures, ranks, and informs. Humans authorise and bear professional accountability. Where the boundary is not obvious to a user, we make it obvious.

4. Equity at the architecture layer.

   Bias in mobility decisions reproduces structural inequality at scale. We test for fairness across origin country, primary language, jurisdiction of intent, and economic context. We publish our findings. We remediate when we find disparity, and we report what we found.

5. Right to be reviewed by a person.

   Any user whose case is filtered, deferred, deprioritised, or routed by an AI system at glomotec has the right to request human review. The right is named, the path is published, the service level is committed. The review is free.

6. No surprises downstream.

   When other organisations build on glomotec infrastructure, the people they serve receive the same disclosures and protections as the people we serve directly. ENGINE licensees, ORBIT COPILOT partners, and ATLAS counterparties inherit our transparency obligations by contract.

7. Continuous accountability.

   Transparency is not a document published once. It is metrics published every year, audits commissioned independently, incidents disclosed honestly, and a version history that shows our work. The discipline is recurring.

glomotec Labs is the build layer of glomotec. It is where new modules, prototype tools, and experimental capabilities are designed, tested, and refined before they graduate into production through a Production Readiness Review.

AI in Labs falls into three categories.

First, internal productivity AI assists glomotec personnel in the work of building. This includes AI-assisted coding, drafting, evaluation design, and content generation. The tools used today include Anthropic’s Claude (via Claude Code) for engineering work and Claude via the Anthropic API for content and evaluation tasks.

Second, prototype AI systems are constructed and tested inside Labs in advance of becoming production features. These prototypes may exercise the same foundation models that production uses, but they are deliberately isolated from live client and user data.

Third, evaluation AI runs internal red-teaming, adversarial testing, and quality assessment against systems before they ship.

Controls applicable to Labs. Labs prototypes do not touch live client or user data without Production Readiness Review approval. Labs outputs are not professional advice and are not delivered to clients. Labs work that incorporates AI is governed by the same principles as production, with one additional safeguard: nothing built in Labs is exposed to end users without a documented PRR sign-off recording the controls active at exposure.

We acknowledge that AI used inside research and development is itself a category of AI worth disclosing. Many operators discuss their production AI use and leave their development-time AI use undisclosed. We treat that as an omission worth correcting.

This section maps each module to its current and intended AI footprint. The disclosure is honest about what is live, what is in development, and what is forward-looking.

SIGNAL

Live. Hosted at signal.glomotec.com.

AI role. AI-native qualification engine. SIGNAL conducts structured conversational intake, extracts user intent, retrieves relevant jurisdictional information from the glomotec Intelligence corpus, and produces a qualification outcome with routing.

Foundation model. Anthropic Claude Sonnet 4, accessed via the Anthropic enterprise API.

Risk tier. Limited-risk under EU AI Act Article 50 transparency obligations (Regulation (EU) 2024/1689). Reasoning: SIGNAL informs user routing and produces case summaries, but does not issue a binding legal determination. The user is informed they are conversing with an AI system. Qualification outcomes are reviewable through the grievance pathway. A full system disclosure is published as Annex A.

COMPASS

Process and execution layer. Live in operational deployment; AI-assistive functions in active development.

Planned AI role. Document classification and tagging, deadline detection from regulatory text, case milestone prediction, workflow automation, and case status summarisation for client communications.

Risk tier (anticipated). Limited-risk. AI assists case operations; case-level decisions and client communications remain authored, reviewed, and authorised by human case managers.

VECTOR

Talent mobility infrastructure. In development.

Planned AI role. Matching candidate profiles to sponsoring entities and visa routes; assessing route eligibility against employer requirements; assisting in relocation routing.

Risk tier (anticipated). Limited-risk. VECTOR AI surfaces eligibility considerations; final route selection rests with the candidate, the employer, and authorised advisors. Where VECTOR is deployed in jurisdictions with sector-specific automated employment decision rules (notably New York City Local Law 144), additional disclosure and bias-audit obligations are assessed and disclosed at deployment.

ORBIT

Partner network. In development.

Planned AI role. Referral routing between RELAY (pass-through) and COPILOT (collaborative) flows; partner-case matching for COPILOT tier; reciprocal referral validation.

Risk tier (anticipated). Limited-risk. ORBIT AI proposes referral routings; partner acceptance and case execution remain manual.

ENGINE

Licensable infrastructure and intelligence. In development.

AI role. ENGINE makes glomotec’s AI stack and mobility data available to licensed advisory firms and boutique operators. The AI runs inside the licensee’s deployment, governed by the controls that apply to glomotec’s own surfaces.

Risk tier (anticipated). Limited-risk per surface, with downstream propagation. Licensees inherit transparency obligations by contract (see Section 21). End users of ENGINE-licensed deployments receive the same protections as direct glomotec users.

ATLAS

Institutional mobility infrastructure for governments and economic zones. In development.

Anticipated AI role. Large-scale processing of mobility data for institutional clients; intelligence and analytic surfaces for policymakers; potentially decision-support tools embedded in public administration workflows.

Risk tier (anticipated). Classified per deployment. Where ATLAS is embedded in public administration or affects access to public services, the deployment may fall under EU AI Act Annex III as high-risk. We commit, in advance of any such deployment, to: a formal AI impact assessment per deployment, conformity assessment alignment, registration where required, enhanced human oversight, expanded fairness testing, and additional regulator notification per jurisdiction.

glomotec Intelligence is the data and analysis layer. It supplies the modules with structured jurisdictional knowledge, change detection on regulatory developments, due diligence screening capabilities, and market insights. Parts of Intelligence are live today; other components are in development.

Live components

The INDEX framework is partially live and feeds SIGNAL with structured jurisdictional information, beginning with the United Kingdom and expanding. INDEX comprises:

• A crawler component that collects content from authoritative regulatory sources.
• An extractor component that transforms unstructured content into structured records using natural-language processing.
• A changefeed component that detects material changes to regulatory text over time.
• A scorer component that ranks records by relevance to specific queries.
• An evaluator component that assesses output quality against held-out reference data.

INDEX uses both traditional machine learning (ranking, change detection, classification) and generative AI (extraction, summarisation). Data sources are public and authoritative. The corpus is curated, versioned, and source-attributed.

Components in development

Due diligence screening will provide entity verification, sanctions and watchlist matching, adverse-media review, and source-of-funds analysis to support institutional and high-assurance mobility cases. Due diligence is, by its nature, an AI surface with elevated risk: false positives can deny legitimate users access to services; false negatives can let bad actors through. Due diligence at glomotec Intelligence operates under heightened controls.

Market intelligence and trend analysis will support ENGINE licensees and ATLAS clients with aggregated, anonymised insights into mobility flows, regulatory environments, and route performance.

Risk tier

Intelligence components for jurisdictional knowledge and market insights are limited-risk. Due diligence screening operates at the upper end of limited-risk and may, depending on deployment context (notably where it informs institutional or sovereign decisions on access to services), fall under high-risk classification under EU AI Act Annex III.

Heightened controls applying to due diligence specifically

• No due diligence output is acted on without human authorisation by a trained reviewer.
• Every due diligence check produces an immutable audit trail covering inputs, sources consulted, matches surfaced, reviewer identity, and decision rationale.
• False-positive and false-negative review is conducted on a documented cadence.
• Fairness testing is performed separately for due diligence and at higher frequency than for other AI surfaces.
• Users who are flagged or denied through a due diligence process have an accelerated grievance and human review pathway.

A full disclosure of glomotec Intelligence is published as Annex B.

We name the third-party AI and infrastructure providers we depend on. Concealing them would be both impossible and contrary to our principle of specificity.

• Foundation model provider. Anthropic, accessed through the Anthropic enterprise API. The model in use for SIGNAL today is Claude Sonnet 4. Other Anthropic models may be used for internal R&D tasks in Labs.
• Data infrastructure. Supabase, primary region eu-west-2 (London, United Kingdom). Data residency for SIGNAL operational data is in the eu-west-2 region.
• Communications. Twilio for verification and messaging services, including phone-number verification and one-time passcode delivery.
• Hosting and deployment. Vercel for SIGNAL application hosting. Hostinger for the glomotec.com public website.
• Other approved providers. Maintained on a documented approved-vendor list. Material changes are recorded in the version history of this statement.

Vendor data terms. No third-party provider in our stack uses glomotec API data to train its own models under standard commercial terms, as published in their respective service agreements. We verify this on engagement and on each material vendor-policy update. Where a vendor changes its position on this matter, the change is reflected in this statement’s version history and may trigger a vendor review.

Anthropic Acceptable Use Policy. glomotec is bound by the Anthropic Acceptable Use Policy as a condition of API access. We propagate equivalent end-user obligations through the glomotec Terms of Use.

Open source components. glomotec does not currently incorporate open-source AI models into production AI surfaces. Where open-source components are used in supporting infrastructure (data tooling, observability, web frameworks), they are tracked in our software bill of materials, audited for licence compliance, and reviewed for known-vulnerability exposure on a documented cadence.

This section sets out, in plain terms, what happens to data flowing through glomotec’s AI-enabled surfaces.

Collection. Data is collected primarily at three points: SIGNAL onboarding and conversation; COMPASS case intake; and direct enterprise data exchange for ENGINE and ATLAS engagements. The categories of data collected vary by surface and are described in the glomotec Privacy Policy.

Processing locations. SIGNAL operational data, including user inputs, conversation history, and case-related records, is stored in Supabase eu-west-2 (London). API calls to Anthropic for model inference may be processed in regions defined by Anthropic’s infrastructure; data sent to Anthropic is governed by our enterprise agreement with them and is not retained for training purposes under those terms.

Retention. Operational data is retained per documented schedules. Conversation history in SIGNAL is retained to support user continuity, auditability, and grievance review. Specific retention windows are published in the glomotec Privacy Policy and are subject to legal and regulatory obligations.

Anonymisation for internal intelligence. Where glomotec Intelligence develops aggregated insights, source data is anonymised prior to ingestion into intelligence development workflows. Our anonymisation standard is documented internally and will be published in summary form alongside the first independent audit in 2028. It applies to all internal use of operational data for non-case purposes.

Data subject rights. Users retain all rights conferred by the EU General Data Protection Regulation, the UK General Data Protection Regulation, and equivalent regimes, including rights of access, rectification, erasure, restriction, portability, and objection. AI-processing-specific rights, including the right under GDPR Article 22 not to be subject to solely automated decisions producing legal or similarly significant effects, are coordinated through the routes set out in the glomotec Privacy Policy and the human-oversight controls set out in Section 12 of this statement.

No sale of data. glomotec does not sell user or client data. We do not share data with advertising networks. We do not run advertising on our surfaces.

Cross-border transfers. Where data is transferred outside its primary residency region, transfers are governed by appropriate safeguards including Standard Contractual Clauses where applicable, and are disclosed in the glomotec Privacy Policy.

This section addresses what we do and do not do with respect to training, fine-tuning, and model development.

glomotec does not train foundation models. We do not build large language models. We do not pre-train models on the open web. The foundation models we use are developed and trained by Anthropic.

glomotec does not fine-tune third-party foundation models on client data. No client data, user data, or case data is used to fine-tune or otherwise adapt the underlying language model used in SIGNAL or any other production surface.

Third-party providers do not train on our data. Anthropic’s enterprise commercial terms commit them not to use glomotec’s API data to train their models. Equivalent commitments apply with other vendors in our stack and are validated on engagement.

glomotec may use aggregated, anonymised operational data for internal intelligence development. Specifically, the glomotec Intelligence corpus (the INDEX framework and successors) may incorporate aggregated insights derived from operational interactions, only after anonymisation per the standard referenced in Section 10, only where lawful, and only for the purpose of improving the intelligence layer that serves the modules. Such use never involves identifiable user data and never involves training of third-party foundation models.

Retrieval, not training. The way SIGNAL becomes more useful over time is principally through expansion and refinement of the retrieval corpus that the model consults, not through training the model itself. This distinction matters: retrieval is observable, auditable, and reversible in a way that training is not.

Every AI surface at glomotec has a defined human checkpoint. The checkpoint is documented, the accountable role is named, the authority to override AI output is reserved to the human, and training is required.

SIGNAL. The human checkpoint is the DDR pathway. Any case proceeding from AI-mediated conversation to active advisory engagement passes through human review at the DDR stage. A human reviewer validates the case summary, confirms or revises the routing, and assumes professional responsibility for any advice subsequently issued. A SIGNAL output never reaches a regulator, court, employer, or sponsor without human authorship and authorisation.

COMPASS. Case managers are the accountable role for any case action. AI-assistive features (document classification, deadline detection, workflow automation) produce drafts and recommendations; the case manager confirms before client-facing action.

VECTOR. Match outputs and route assessments are advisory. Sponsoring entities, candidates, and authorised advisors retain decision authority.

ORBIT. Referral routings proposed by AI are confirmed by the originating glomotec or partner staff before handoff is initiated. COPILOT-tier collaborative cases are jointly authored, with named accountability.

ENGINE. Licensees are contractually required to maintain equivalent human-oversight checkpoints for their own end users. Audit rights apply (see Section 21).

ATLAS. Where ATLAS supports public-administration workflows, human officials retain decision authority on any matter affecting individual rights or access to public services. The supporting AI is decision-support, not decision-making.

glomotec Intelligence due diligence. Mandatory human authorisation before any output is acted on (see Section 08).

Coordination with the right against solely automated decisions. GDPR Article 22 and UK GDPR Article 22 confer on data subjects the right not to be subject to decisions based solely on automated processing where those decisions produce legal or similarly significant effects. We have designed every AI surface at glomotec so that no consequential outcome is produced solely by automated processing. The human checkpoints described above are the designed mitigations. Users may exercise their Article 22 rights, and all other data subject rights, through the routes set out in the glomotec Privacy Policy.

Training requirements. Personnel exercising human oversight over AI surfaces receive role-specific training covering: capabilities and limitations of the systems they oversee, common failure modes, escalation paths, equity considerations, and applicable legal duties. Training is documented and refreshed at least annually.

Bias in mobility decisions is a serious matter. Where AI participates in qualification, routing, or screening that affects access to mobility advisory services, disparities along origin, language, jurisdiction, or economic lines reproduce inequality at scale. We treat fairness as an architectural concern, not a public-relations one.

Dimensions tested. We test for disparities across at least: country and region of origin; primary language; jurisdiction of intent; broad age band where ascertainable; and contextual proxies for economic background where ethically appropriate.

Methodology. We use a combination of statistical disparity analysis on outcome distributions, adversarial probing of model outputs across demographic-equivalent inputs, and qualitative review of edge cases by trained reviewers. The methodology is documented in a separate Fairness Testing Protocol, which will be published in summary form before the first independent audit in 2028.

Cadence. Fairness audits are conducted at least annually for each live AI surface. Due diligence screening, by virtue of elevated risk, is audited semi-annually at minimum.

Remediation. When disparities exceed documented thresholds, the affected surface enters a remediation cycle. Remediation may involve retrieval-corpus revision, prompt-level controls, additional human-review checkpoints, or temporary withdrawal of the surface from production. Remediation completion is verified by re-audit.

Publication. Aggregate findings of fairness audits are published in the annual performance disclosure (see Section 20). We publish findings even when they are unfavourable to us. Underlying methodology is published; identifiable user data is never published.

Any user whose case is filtered, deferred, deprioritised, or routed by an AI system at glomotec has the right to request human review of that outcome. The right is named, the pathway is published, and the service level is committed.

Who can invoke it. Any user of a glomotec AI surface, any client of a glomotec engagement, and any end user of an ENGINE-licensee deployment (under their licensee’s parallel pathway).

How. A grievance is submitted by email to or through the in-product grievance route at the surface in question. Required information is minimal: identifier of the case or interaction, summary of the outcome, and the substance of the concern.

Service-level commitment. Human review of a grievance is completed within 5 to 14 business days from receipt, tiered by urgency.

• Urgent matters affecting vulnerable users (see Section 15) or time-sensitive applications are reviewed within 5 business days.
• Standard grievances are reviewed within 10 business days.
• Complex matters requiring escalation, jurisdictional research, or third-party input are reviewed within 14 business days.

The applicable tier is communicated to the grievance submitter on receipt.

No charge. Grievance review is free of charge. It does not require legal representation. It does not waive any other rights.

Outcomes. The reviewer can: confirm the original outcome with reasoning; revise the outcome; escalate to senior review; or refer the case for further human handling outside the AI surface.

Appeal. A grievance review outcome may be escalated for senior review within glomotec. Senior review is conducted by a designated reviewer not involved in the original grievance, within a further 10 business days.

Aggregation and publication. Grievance volumes, resolution times, and aggregate outcome distributions are reported in the annual performance disclosure (Section 20).

Some users approach mobility services in circumstances of elevated vulnerability. They include, without limitation: minors (under 18); unaccompanied minors at any stage; persons in refugee or asylum contexts; persons with credible trafficking concerns; persons in acute financial distress; and persons whose mobility need arises from threats to their personal safety.

Detection. Vulnerability indicators may be present at intake, may emerge in conversation, or may be flagged by a partner or referrer. SIGNAL is designed to recognise common signals and route accordingly.

Acknowledgement of detection limits. Automated detection of vulnerability is imperfect. False negatives, where a vulnerable user is not flagged by the system, are a known risk. We mitigate by prompting users to self-identify where relevant, by reviewing routing decisions for vulnerability-handling errors during fairness audits, and by reporting vulnerability-related false-negative incidents through the incident severity framework in Section 18. Users may self-identify as vulnerable at any time during a SIGNAL interaction, regardless of automated detection.

Protocol. Where a vulnerable-user indicator is detected at any stage, AI qualification is bypassed and the case is routed immediately to a human reviewer trained in vulnerable-user handling. The standard SIGNAL conversational flow does not continue beyond the point of detection.

Children’s data. glomotec does not knowingly collect data from children. SIGNAL and other surfaces are not designed for use by unaccompanied minors. Where data from a minor is provided incidentally (for example, in the context of family-route mobility), it is handled per the protections set out in the glomotec Privacy Policy and retained only as required for legal compliance. In US contexts, glomotec aligns with the obligations of the Children’s Online Privacy Protection Act (COPPA) for any surface intended for users under 13.

Refugee, asylum, and safety contexts. Mobility cases arising from credible threats to safety are routed immediately to human handling. AI is not the appropriate surface for time-critical protection cases.

Training requirement. All personnel handling vulnerable-user cases receive specialised training covering safeguarding, trauma-informed practice, and applicable legal obligations. Training is documented and refreshed at least annually.

AI-generated and AI-assisted content carries specific transparency obligations, sharpened by EU AI Act Article 50 and parallel provisions in other jurisdictions.

Labelling. Outputs produced by SIGNAL in conversational interaction are clearly labelled as generated by an AI system. The labelling is present at the surface and does not depend on user investigation.

No synthetic media. glomotec does not generate synthetic media, deepfakes, voice impersonations, or photorealistic synthetic images of real persons. Where AI-generated illustrations or graphics are used for explanatory purposes, they are identifiable as such and do not depict identifiable individuals.

Source attribution. Where AI summarises regulatory text, official guidance, or third-party content, the underlying source is cited or made available on request. Where AI surfaces a claim about a specific jurisdiction, the user can request the source.

Client communications. Where AI assists in drafting client-facing communications (for example, status summaries, document checklists, or eligibility outlines), the human author of the communication confirms accuracy and assumes responsibility before sending. AI-drafted text is not sent unreviewed.

Watermarking and provenance. As technical standards for AI-content watermarking and provenance metadata mature under the EU AI Act, the Coalition for Content Provenance and Authenticity (C2PA), and equivalent frameworks, glomotec will adopt them at production AI surfaces. The adoption pathway is tracked in the version history of this statement.

AI inference is a non-trivial draw on energy and water. Where glomotec operates AI surfaces, we accept the obligation to use efficient designs, prefer efficient providers, and disclose our practices honestly.

Efficient design. SIGNAL uses retrieval-augmented generation rather than fine-tuning, which reduces compute requirements substantially. Conversation context is managed to avoid unnecessary token expenditure. Caching is used where consistent with privacy and accuracy obligations.

Provider selection. Anthropic publishes sustainability data and pursues efficiency in model training and inference. Supabase, our data infrastructure provider, operates on Amazon Web Services, which publishes regional energy and emissions data. As renewable energy and efficient compute become differentiators among providers, sustainability is a documented factor in our vendor selection.

Disclosure. Beginning with the first annual AI Performance Disclosure in Q2 2028, we will publish an estimate of compute and inference volumes attributable to glomotec AI surfaces, alongside the methodology used to estimate associated environmental impact. Where vendor-provided data becomes available at sufficient granularity, it will be incorporated.

No greenwashing. We do not claim that AI usage at glomotec is carbon-neutral, net-zero, or environmentally beneficial. We disclose efficiency choices and impact estimates honestly. Where we cannot measure something, we say so.

When an AI system at glomotec causes or contributes to a material adverse outcome, we disclose. We define what counts and what we will do.

Severity classification

• P0, material harm. An AI surface contributes to a material adverse outcome affecting an identifiable user or group, or a systemic bias is detected that has affected outcomes already issued.
• P1, significant degradation or near-miss. A defect, drift, or systemic limitation is identified that materially impacted user experience or outcome quality, or could have done so absent timely intervention.
• P2, contained operational issue. An issue arose, was contained without material user-facing impact, and is recorded for trend analysis.
• P3, internal observation. An anomaly or limitation observed in normal operations or testing, logged for monitoring.

Disclosure cadence

• P0 incidents: publicly disclosed within 30 calendar days of confirmation, or sooner where applicable law requires (notably UK and EU GDPR 72-hour personal-data-breach windows under Article 33, and EU AI Act Article 73 serious-incident windows for high-risk providers). Affected users notified directly where lawful and practicable. Regulator notification per applicable jurisdictional obligations.
• P1 incidents: summarised in the annual performance disclosure (Section 20). Where individual users are affected, those users are notified directly.
• P2 and P3 incidents: logged internally, included in aggregate metrics, available on request to enterprise clients, auditors, and regulators under appropriate confidentiality.

Standing notification commitments. glomotec maintains and discloses contact channels for incident-related communications:

• for security and vulnerability matters
• for AI-system concerns
• for operational concerns
• for user grievances

Public commitment. glomotec will commission an independent third-party AI audit of its production AI systems with completion by 30 June 2028 (end of Q2 2028).

Scope of first audit. Compliance with this AI Transparency Statement; alignment with the glomotec AI Principles; effectiveness of human-oversight controls; fairness across documented dimensions; data-handling and processing controls; alignment with the EU AI Act, the OECD AI Principles, and the NIST AI Risk Management Framework.

Auditor selection. Auditor selection will follow a documented procurement process favouring established AI assurance providers with published methodologies. The selected auditor will be named publicly at engagement.

Findings. A summary of audit findings will be published. The full audit report will be made available to enterprise clients, ENGINE licensees, ATLAS counterparties, and regulators under appropriate access controls.

Recurring cadence. Following the 2028 baseline audit, an independent audit will be commissioned every two years as a minimum, with annual audits triggered if material changes occur to the AI surfaces, the risk profile, or the regulatory environment.

ISO/IEC 42001 readiness. glomotec will scope a readiness assessment for ISO/IEC 42001 (AI Management System) certification in the same cycle, with a target certification window of 2028 to 2029. The pathway is forward-stated; we make no current claim of certification.

Public commitment. glomotec will publish an annual AI Performance Disclosure beginning Q2 2028, covering calendar year 2027 as the first reporting period. The disclosure aligns with the audit cycle and is published as a companion to the audit summary.

Metrics published, by surface

• SIGNAL: qualification throughput; conversion rates from qualification to advisory engagement; estimated false-positive and false-negative rates against held-out evaluation data; demographic distribution of outcomes across the dimensions tested in fairness audits.
• glomotec Intelligence due diligence: screening volume; estimated accuracy of matches; dispute and reversal rates.
• Grievance pathway: total grievances received; resolution time distribution against the 5/10/14-day tiers; outcome distribution (confirmed, revised, escalated).
• Incidents: P0 and P1 counts; time-to-resolution distributions; remediation status.
• Audit: status of audit recommendations; remediation completion.
• Environmental impact: estimated compute and inference volumes; methodology applied.

Format. A structured public report and a machine-readable summary in a recognised open format. Methodology and definitions are published alongside.

No identifiable user data is ever published. All metrics are aggregated and anonymised.

The transparency obligations set out in this statement apply not only to glomotec’s own surfaces but to every deployment of glomotec infrastructure under an ENGINE licence.

Contractual obligations on licensees. Every ENGINE commercial agreement, from the first such agreement onward, will require the licensee to:

1. Disclose to end users that the deployment is powered by glomotec infrastructure, in a manner reasonably proportionate to the user-facing surface.
2. Adopt and maintain transparency notices for end users that are substantively equivalent to this statement in respect of the AI surfaces actually deployed.
3. Maintain a grievance and human-review pathway for end users that is substantively equivalent to Section 14 of this statement.
4. Refrain from training models on end-user data without explicit, separate consent and contractual amendment.
5. Maintain documented human-oversight checkpoints equivalent to Section 12.
6. Report any P0 or P1 AI incidents to glomotec within stated windows for inclusion in our incident records.
7. Cooperate with glomotec audit rights, exercised reasonably and with appropriate notice.

Audit rights. glomotec retains contractual rights to audit licensee compliance with these obligations. Audits may be self-attested for low-risk deployments, conducted by glomotec or its agents for medium-risk deployments, or independent for ATLAS-grade or otherwise high-risk deployments. Audit cadence and method are specified per licensing tier.

Termination. Material breach of the transparency obligations is grounds for termination of the ENGINE licence.

Public disclosure of licensees. Where consented to by the licensee, ENGINE-licensed deployments are disclosed on glomotec’s website with a description of the AI surfaces in scope. Where not consented to, the licensee remains responsible for end-user transparency at their own surface.

This statement aligns with the leading AI governance frameworks worldwide. Section-by-section mapping is provided in Annex D. The frameworks we reference:

• OECD AI Principles (the five principles: inclusive growth and sustainable development; human-centred values and fairness; transparency and explainability; robustness, security and safety; accountability).
• NIST AI Risk Management Framework, including the four core functions (Govern, Map, Measure, Manage) and the AI RMF profile guidance.
• EU Artificial Intelligence Act, formally Regulation (EU) 2024/1689, with particular reference to Articles 5, 6, 9, 13, 14, 26, 50, 73, and 86. The Act entered into force on 1 August 2024 with staged effective dates; the transparency obligations under Article 50 enter into force on 2 August 2026.
• EU and UK General Data Protection Regulations, with particular reference to Article 22 (rights related to solely automated decision-making) and the broader data subject rights framework.
• UK pro-innovation AI regulatory principles, as set out by the UK Department for Science, Innovation and Technology.
• UAE National Strategy for Artificial Intelligence 2031 and the UAE Charter for the Development and Use of AI.
• Singapore Model AI Governance Framework, second edition and its Generative AI extensions (2024).
• United States frameworks, including the NIST AI RMF (above), the Colorado AI Act (effective 1 February 2026), and sector-specific automated-decision rules including New York City Local Law 144 where applicable to VECTOR or ENGINE deployments.
• ISO/IEC 42001 (AI Management System) as a forward-stated certification pathway, target window 2028 to 2029.

Where this statement and any of these frameworks diverge, the divergence is intentional and documented.

Review cadence. This statement is reviewed by the issuing entities at least annually and republished in full at the same cadence. Material changes between annual revisions are issued as numbered minor revisions (v1.1, v1.2). Every revision is dated and the changelog is maintained in this section.

Version history

• v1.1, 21 May 2026. Corporate structure update: section 00 expanded to identify glomotec, Inc.'s regional licensees in the United States, United Kingdom, and United Arab Emirates with full registered details.
• v1.0, 12 May 2026. Initial publication.

Contact channels

• General inquiries about this statement and AI at glomotec:
• Grievance submissions and human-review requests:
• Security and AI vulnerability disclosure:
• Operational concerns and corporate inquiries:
• Researcher and academic inquiries: , marked “researcher inquiry”

We respond to legitimate inquiries within reasonable timeframes. Grievance submissions are governed by the service levels in Section 14.

A structured disclosure of SIGNAL, the AI-powered intelligence and qualification layer of glomotec, in a format aligned with the AI-industry standard for model and system cards.

1. System identification

• System name: SIGNAL
• Operator: glomotec and affiliates, operating as glomotec
• Surface: signal.glomotec.com
• Status: Live, in production
• System version as of this disclosure: System prompt version 2.7

2. Intended use

SIGNAL conducts structured conversational intake with users seeking mobility advisory services. It extracts user intent, surfaces relevant jurisdictional information, and produces a qualification outcome. Qualification outcomes route to: an advisory engagement offer; a due diligence request; a partner referral; or an alternative routing including disqualification with rationale.

3. Out-of-scope use

SIGNAL is not intended for, and is not authorised for, the following uses:

• Issuing legal advice or final eligibility determinations under any jurisdiction’s immigration law.
• Substituting for licensed immigration counsel, regulated migration advisers, or equivalent professionals.
• Use by unaccompanied minors.
• Handling time-critical asylum, protection, refugee, or safety cases. These cases are routed immediately to human handling on detection.
• Adjudication of sanctions, source-of-funds, or due diligence matters. These are routed to glomotec Intelligence under heightened controls.

4. Foundation model

Anthropic Claude Sonnet 4, accessed via the Anthropic enterprise API. glomotec does not host the model. glomotec does not train or fine-tune the model. Use is governed by the glomotec-Anthropic enterprise commercial agreement, including Anthropic’s commitment not to use customer API data to train its models.

5. System architecture

• Conversational front-end with persistent session state.
• Retrieval-augmented generation against the glomotec Intelligence corpus (currently the INDEX framework, expanding).
• Structured intent extraction at defined conversational milestones.
• Outputs validated against a rules engine before routing decisions are finalised.
• All conversational data persisted in Supabase eu-west-2 for audit, continuity, and grievance review.

6. Training data

glomotec does not train the underlying foundation model. The retrieval corpus is curated content from authoritative regulatory and policy sources, structured by the INDEX framework. The corpus is versioned, source-attributed, and updated on a documented cadence.

7. Evaluation methodology

• Internal evaluation against historical case outcomes and held-out reference scenarios.
• Adversarial probing for unsafe, biased, or hallucinated outputs.
• Quarterly review of qualification accuracy against documented benchmarks.
• Annual fairness audit across the dimensions defined in Section 13.

8. Known limitations

• Coverage is strongest for the United Kingdom and the United Arab Emirates as of the date of this statement, with active expansion.
• SIGNAL cannot adjudicate edge cases requiring deep jurisdictional expertise; these route to human review.
• SIGNAL cannot detect deception in user-provided information.
• SIGNAL may reflect biases present in the underlying foundation model; we test for and report on these in the fairness audit.
• SIGNAL may produce hallucinated content, particularly outside the strongest-coverage jurisdictions; retrieval grounding and human review at DDR mitigate but do not eliminate this risk.
• SIGNAL is currently English-language with selected additional language support; users requiring other languages are routed to human handling.

9. Performance metrics

First public performance disclosure: Q2 2028, covering calendar year 2027. Interim performance data is available to enterprise clients, ENGINE licensees, and regulators on request under appropriate access conditions.

10. Ethical considerations and risks

• Demographic bias in qualification: mitigated by fairness testing (Section 13) and the grievance pathway (Section 14).
• Hallucination of jurisdictional facts: mitigated by retrieval grounding and mandatory human review at DDR.
• Over-reliance by users: mitigated by clear AI labelling, explicit out-of-scope statements, and the published grievance pathway.
• Misuse by bad actors: mitigated by intake validation, identity verification at DDR, and Intelligence due diligence screening for relevant case types.
• Vulnerable-user risk: mitigated by detection protocols and immediate routing to human handling (Section 15).

11. Data flow

User input is collected at the signal.glomotec.com surface; persisted in Supabase eu-west-2; sent to the Anthropic API for model inference subject to Anthropic infrastructure routing; the response is returned, validated, persisted, and surfaced to the user. Optional outputs to the user include a routing decision, a case summary, and a DDR offer.

12. Human oversight

The DDR pathway is the named human checkpoint. No case proceeds to active advisory engagement without human review. The grievance pathway is available to any user qualified out, deferred, or otherwise routed by SIGNAL.

13. Risk classification

Limited-risk under EU AI Act Article 50 (Regulation (EU) 2024/1689). Transparency obligations apply: users are informed they are interacting with an AI system; AI-generated content is labelled; grievance and human-review pathways are available. SIGNAL is not classified as high-risk under EU AI Act Annex III because it does not issue binding determinations on access to essential services. Should the classification basis change with regulatory evolution or use-case expansion, this card and the parent statement are updated.

14. Update history

Versioning of SIGNAL’s system prompt and supporting infrastructure is logged internally. Material changes are summarised in the parent statement’s version history (Section 23).

A structured disclosure of glomotec Intelligence, the data and analysis layer.

1. System identification

• System name: glomotec Intelligence
• Operator: glomotec and affiliates, operating as glomotec
• Status: Partially live (INDEX framework feeding SIGNAL for UK jurisdiction). Other components in development.

2. Intended use

• Structured collection, extraction, and indexing of authoritative jurisdictional information.
• Change detection on regulatory and policy developments.
• Relevance ranking and retrieval to support module-level AI surfaces.
• Due diligence screening (in development) for institutional and high-assurance cases.
• Market intelligence and trend analysis (in development) for ENGINE licensees and ATLAS counterparties.

3. Out-of-scope use

• Legal advice or final regulatory interpretation.
• Surveillance of individuals outside the documented due diligence workflow.
• Decision-making affecting individual access to public services without the human-oversight controls specified for ATLAS deployments.

4. Models and methods

• Traditional machine learning for ranking, classification, and change detection.
• Generative AI (via the Anthropic Claude model family) for content extraction, summarisation, and structured-output generation.
• Rules-based components for entity matching, sanctions matching, and source attribution.

5. Data sources

• Public regulatory and policy sources (government websites, official gazettes, published guidance).
• Authoritative third-party data feeds for sanctions, watchlists, and adverse-media screening (where applicable in the due diligence workflow).
• glomotec operational data, anonymised and aggregated, where lawful and consistent with the anonymisation standard referenced in Section 10.

6. Architecture (INDEX components, live)

• Crawler: collects content from authoritative sources on a documented cadence.
• Extractor: applies natural-language processing and generative-AI techniques to transform unstructured content into structured records.
• Changefeed: detects material changes in regulatory text over time.
• Scorer: ranks records by relevance to specific queries.
• Evaluator: assesses output quality against held-out reference data.

7. Due diligence (forward-looking, in development)

When activated:

• Entity verification, sanctions and watchlist matching, adverse-media review, source-of-funds analysis.
• Mandatory human authorisation before any output is acted on.
• Immutable audit trail per check.
• Semi-annual fairness audit at minimum.
• False-positive and false-negative review on a documented cadence.
• Accelerated grievance pathway for users flagged or denied.

8. Known limitations

• Source coverage is expanding; jurisdictional comprehensiveness varies.
• Change detection latency depends on source-publication cadence and crawl frequency.
• Due diligence accuracy is bounded by third-party feed quality and is supplemented by human review.
• Extraction errors are possible; outputs feeding production systems are checkpointed.

9. Risk classification

Limited-risk for intelligence and market-insights components. Upper end of limited-risk, potentially high-risk under EU AI Act Annex III depending on deployment context, for due diligence components. Heightened controls per Section 08 apply to due diligence regardless of formal classification.

10. Human oversight, data flow, ethical considerations

Section-by-section parity with the SIGNAL System Card (Annex A), with the additional heightened controls described for due diligence (Section 08).

For each module not yet fully live, the AI footprint anticipated, the controls that will apply, and the gating criteria for production deployment. As modules graduate, their disclosures move from this annex into the body of the statement.

glomotec Labs. Disclosed in Section 06. AI footprint is internal research and development. Disclosed because development-time AI use is itself a category of AI use worth surfacing.

COMPASS. AI-assistive features in active development (document classification, deadline detection, workflow automation, case status summarisation). At production deployment, COMPASS will be added to the body of Part 2 with: a SIGNAL-equivalent system card if any AI surface qualifies; documented human-oversight checkpoints per Section 12; fairness testing under Section 13; grievance pathway access per Section 14.

VECTOR. Talent mobility infrastructure with anticipated AI-assistive features for matching, eligibility assessment, and routing. Production gating: full controls per Sections 12 to 16; risk classification published at deployment; metrics included in the next annual performance disclosure following live deployment; specific assessment against jurisdictional automated-employment-decision rules (notably NYC Local Law 144) where deployed in relevant jurisdictions.

ORBIT. Two-way partner and referral network with anticipated AI-assistive routing for RELAY and COPILOT tiers. Production gating: partner-facing transparency requirements documented; end-user transparency at any consumer-facing surface within the network mirrors this statement; downstream propagation by contract.

ENGINE. Licensable infrastructure and intelligence. Production gating: ENGINE licensee contract template includes all transparency obligations per Section 21 before first licensee signature; audit rights provisioned; transparency parity verified at onboarding for each licensee.

ATLAS. Institutional mobility infrastructure for governments and economic zones. Production gating: per-deployment AI impact assessment; conformity assessment alignment where high-risk under EU AI Act Annex III or equivalent in other jurisdictions; enhanced human oversight including official decision authority; deployment-specific transparency notice published in cooperation with the institutional counterparty; expanded fairness testing.

Full citation of frameworks referenced: see Section 22. EU AI Act references throughout are to Regulation (EU) 2024/1689.

ISO/IEC 42001 specific clause-by-clause mapping will be appended in a future revision concurrent with the readiness assessment described in Section 19.