Ingestion legal posture

KURAL is observer-only by construction. There is no write path anywhere in the codebase into any operator system. This page is the procurement-team summary of that architectural commitment and the legal posture it produces.

What KURAL reads

• PAM read-only API keys (EveryMatrix, SoftSwiss, OpenBet, Playtech IMS, etc.)
• KYC vendor read APIs (Sumsub, Veriff, Jumio, GBG)
• AML monitor read APIs (ComplyAdvantage, Featurespace)
• Self-exclusion register check APIs (GAMSTOP, Spelpaus, Cruks)
• Helpdesk read APIs (Zendesk)
• Document store read APIs (SharePoint, Google Drive)
• HRIS read APIs (BambooHR) — for training attestation evidence only
• Cloud read APIs (AWS via OIDC, GitHub via App, Microsoft Entra ID)

What KURAL never reads

• Bank-account numbers, full PAN card-data, CVV (never in scope)
• Plaintext passwords or password-reset tokens
• Operator-internal HR records beyond what the operator explicitly grants
• End-player chat content unless the operator opts in for SR-3.4 evidence

Architectural commitments

• No write path: Cannot modify a self-exclusion, cannot change a limit, cannot trigger a payment. Verifiable by inspection — the connector interface has no write / update / create method.
• No inbound port: KURAL pulls; operator systems never need to whitelist an inbound connection from KURAL.
• Per-control consent for any regulator handoff: architecturally distinct from the read surface. See the Trust posture page.

Contact

Procurement-grade architecture review available on request. Email security@kural.tech.