Trust center
Maps to ISO 42001 and parts of the AI Act
- Documented risk classification of the AI system
- Intended purpose and excluded use per Annex III category
- Model inventory with versions, providers and intended uses
- Mode A as the default for external AI models: no personal data shared until the customer activates Mode B
- Sensitive-data detection runs before any transfer to an external model — under Mode B the request is blocked when unconsented personal data is found
- Layered sensitive-data detection: deterministic regex and checksum, parallel specialist detectors, and a contextual-judge verifier
- Per-prompt consent flow for external AI models, implemented in the product
- Per-provider consent state — granting consent for one external provider does not grant it for any other
- Customer attestation at signing: no article 5 prohibited practices, with operational enforcement
- Configurable reasoning effort: customers choose how much thinking-time models spend per question, balancing cost and depth
- URL-context guardrail: pasted URLs only reach the model that has the URL-context tool enabled, never silently to other providers
- No silent fallback: if the primary model fails, fallback chains stay within the same provider family or its declared substitutes — never out of region
- Model evaluation for quality, bias and robustness (aligned with ISO 42001 clause 6.1.4)
- Use-case guardrails with blocklist for prohibited practices (AI Act art. 5)
- Transparency to end users (AI Act art. 50)
- Human oversight capability (AI Act art. 14)
- Fundamental Rights Impact Assessment (AI Act art. 27) building blocks published for deployer use
- Post-market monitoring with feedback mechanism
- Incident response specific to AI incidents (AI Act art. 73)
- Documented model training policy (no training on customer data)
- Suppression or labelling of AI-generated output where relevant