At YuzeData, trust isn't just a value—it's the foundation of everything we build. As AI technologies reshape how businesses operate, we recognize that our customers need more than assurances; they need transparent policies, enforceable commitments, and meaningful control over their data.
This document outlines our approach to AI, explains how we protect customer data, and details the controls available to you.
How we use AI
The baseline commitment: We don't train on your data. Your customer data is never used to train, fine-tune, or improve AI models—neither ours nor those of our third-party providers.
When we deploy AI capabilities in our platform, they're designed to serve specific functions. These features process your data only to deliver the service you've requested, within the scope of our existing data processing obligations.
Third-party safeguards: For any external AI platforms we integrate with, we establish Data Processing Agreements (DPAs) before deployment. These agreements include explicit prohibitions on training models with customer data. We audit these commitments as part of our vendor risk management program.
Controls in place
Transparency before deployment: Before any AI feature processes your data, you'll clearly see the what the feature does and how it works. This isn't buried in release notes—it's presented directly in the product.
Granular decisions: For organizations with specific AI governance policies, we're building more granular controls that allow you to enable AI features selectively based on data classification, user roles, or processing context. Contact our team if you need customized AI governance configurations.
Our commitment
1. No silent policy changes If our approach to AI and customer data ever changes, we'll notify you with substantial advance notice—not after the fact. You'll have time to evaluate the change and decide whether to continue using AI features.
2. Contractual enforcement All third-party AI providers operate under DPAs that explicitly prohibit training on customer data. These aren't courtesy agreements—they're binding contracts with audit rights and breach remediation provisions.
3. Standards-based implementation We implement AI features following NIST AI Risk Management Framework guidelines and monitor emerging requirements including the EU AI Act (compliance deadline: 2026). Our internal AI governance mirrors the standards we help customers achieve through our platform.
4. Customer-defined boundaries Different organizations have different risk tolerances for AI. We build our products to respect those boundaries, not override them. Your AI strategy governs how our AI features operate in your environment.
Compliance and oversight
Our approach to AI isn't just policy—it's auditable practice. AI features are included in our ISO 27001 scope, covered by our SOC 2 controls, and subject to the same data protection requirements that apply to all YuzeData processing activities.
For organizations navigating regulatory requirements like GDPR Article 22 (automated decision-making) or EU AI Act obligations, we can provide detailed technical documentation on how specific AI features operate and what data they process.
