AI Use and Responsible AI Policy
Last updated: June 29, 2026
Effective date: June 27, 2026 · Version 1.0
How ScaleIQ uses AI and the commitments we make to you. Aligned to the NIST AI Risk Management Framework.
This Policy describes how ScaleIQ uses AI and the commitments we make. It supplements our Terms and Privacy Notice, and is aligned to the NIST AI Risk Management Framework (Govern, Map, Measure, Manage).
What “AI” means here
We use machine-learning models — including large language models and classifiers — to extract evidence from tenant signals, score readiness across our assessment pillars, and draft remediation guidance.
Our commitments
1. Your data is not used to train models
We do not use Customer Data to train, fine-tune, or improve foundation models — ours or our providers’. Our AI inference runs through enterprise services configured for zero data retention (see Subprocessors).
2. Customer Data is processed under least privilege and kept isolated
AssessIQ reads the Microsoft 365 tenant metadata needed for readiness scoring under tenant-administrator consent and least-privilege Microsoft Graph permissions. That data is processed within ScaleIQ’s tenant-scoped Azure environment, scoped to the originating customer, and not pooled across customers. Data sent to a model provider (Microsoft Azure OpenAI, Microsoft Copilot, or Anthropic Claude) is used only for the duration of the request and under zero-retention terms.
3. Humans stay in the loop on consequential decisions
The Service surfaces AI-generated insights for human review. We do not design AI features to make consequential decisions about individuals automatically, and customers configuring such use cases must keep meaningful human review in the workflow, per our AUP.
4. Findings carry provenance
Every finding carries its source, timestamp, a confidence indicator, and the rule-pack version and effective date. Generated content is identified as AI-generated.
5. We disclose model providers
Current model providers are listed under Subprocessors; changes follow the 30-day advance-notice process described there.
6. We test for safety and bias
Before launching AI features, we evaluate accuracy, robustness, privacy leakage, and fairness, and re-evaluate when the model or use case materially changes. We flag where independent bias audits may be legally required and avoid profiling by protected characteristics.
7. We are honest about limits
AI output may be incomplete, outdated, or wrong. Findings are advisory; review them before relying on them for material decisions. Assessment quality depends on the signals available, and coverage gaps are disclosed in the report’s coverage statement.
What we will not do
- Train models on Customer Data without explicit, opt-in consent and a separate written agreement.
- Use Customer Data for cross-context behavioral advertising or to profile individuals for marketing.
- Build features whose primary purpose is biometric identification, social scoring, or emotion recognition in employment or education contexts.
- Generate output intended to mislead, defraud, or impersonate identifiable individuals.
Customer controls
- Disable AI features from workspace settings.
- Audit AI activity — AI requests are logged in the workspace audit log and exportable.
- Region & model options on enterprise plans where supported.
Reporting concerns
If an AI feature produces output that appears unsafe, biased, or harmful, report it to ai-safety@scale-iq.ai. We acknowledge reports within 5 business days and investigate.