Policies
Responsible AI Policy
Effective date: TODO — set on legal approval
AI draft— pending legal & owner review; not legally binding.
1. Purpose and Scope
This Responsible AI Policy ("Policy") describes how Persoon.ai Inc. ("ShipReady Metrics", "we", or "us") uses artificial intelligence in the ShipReady Metrics service ("Service"), the governance framework that constrains that use, and the commitments we make about accuracy, human oversight, and data handling. It applies to every AI-assisted capability in the Service.
This Policy supplements the AI Features Terms (which govern the customer's rights and responsibilities when using AI features), the Subprocessors document (which lists our AI model provider), and the Privacy Policy. If there is a conflict, a signed customer agreement controls, then the Terms of Service and AI Features Terms, then this Policy.
Our starting position is deliberate minimalism: AI is used where it adds clear value on top of measured data, never as a substitute for measurement, and never silently.
2. Where AI Is — and Is Not — Used
The table below is the authoritative inventory of AI use in the Service. Anything not listed here does not use a large language model.
| Capability | Uses an LLM? | How it works |
|---|---|---|
| AI Security Audit | Yes | On explicit user request, normalized security-finding metadata is sent to Anthropic Claude to produce a prioritized, board-ready audit narrative and posture assessment. This is the one feature that sends data to an LLM. |
| ShipReady composite and the nine domain scores | No | Deterministic computations over metrics ingested from connected sources. The same inputs always produce the same scores; no model output is involved. |
| Compliance evidence collectors | No | Deterministic probes of the platform's own database posture, access-control records, connector data, policy documents, and website posture. No LLM is involved in evidence collection. |
| Connectors and data ingestion | No | API synchronization from the sources a customer connects. Ingestion never sends customer data to an AI provider. |
| AI Spend connector | No | Reads AI-related cost data (e.g., OpenAI and Anthropic billing figures) as an input to the AI ROI score. It ingests spend numbers; it does not send data to a model. |
Every score and report in the Service explains in plain language what it means, how it is calculated, and which real data source it came from, so customers can always distinguish measured results from generated narrative.
3. Explicit User Action and Tenant Control
The AI Security Audit runs only when an authorized member of the customer's organization explicitly clicks "Run audit". There is no scheduled, background, or automatic submission of tenant data to the model provider. If no one in an organization ever runs the audit, none of that organization's data is ever sent to an LLM.
- Role-gated: only members with the admin or engineer role can trigger an audit run; denied attempts are recorded in the tenant audit log.
- Rate-limited: audit runs are throttled per user to prevent abuse of the expensive model call.
- Cross-site request forgery protection: the trigger endpoint rejects cross-origin submissions outright.
- Auditable: every run is recorded in the organization's audit trail with the model identifier and the number of findings analyzed.
4. Data Sent to the Model Provider — and Data That Is Not
When an AI Security Audit is run, the request contains only: the organization's name, and up to the 200 most recent open normalized security findings — each consisting of the finding's source, kind, severity, title, detail text, affected resource identifier, and associated CVE identifiers — enriched with public vulnerability intelligence (CISA Known Exploited Vulnerabilities status, EPSS probability, and CVSS severity).
The following are never sent to the model provider: user credentials, authentication tokens or session data, connector secrets or API keys, source code contents, billing or payment data, member lists or personal profiles, and database contents beyond the normalized finding fields listed above.
The audit's output (the generated summary, prioritized risks, and posture assessment) is stored in the customer's tenant, scoped by the same row-level security as all other tenant data.
5. Model Provider and Training
Our AI model provider is Anthropic (the Claude API), listed in the Subprocessors document. ShipReady Metrics does not train its own foundation models, and does not use customer inputs or AI outputs to train any model. As described in the AI Features Terms, we rely on the model provider's commercial terms, under which customer inputs and outputs are not, by default, used to train the provider's foundation models; customers should review the provider's current terms, which may change.
The specific model version in use may change over time as the provider's models evolve; the model identifier used for each audit run is recorded with the stored result and in the audit trail.
6. Human-in-the-Loop Rules
Automated detections in the Service — whether produced by a deterministic collector or an AI feature — never silently become accepted facts. A human decision is always the step that confirms them.
- Compliance evidence: a signal detected by an evidence collector always lands in a needs-review state — it is never auto-accepted as proof that a control is met. A human reviewer must explicitly accept it (confirming it) or reject it (which flips the effective verdict to a gap, even against a previously recorded pass).
- Vendor-attestation captures: screenshots of vendor trust pages are stored as artifact-only evidence with no verdict attached, because a page capture by itself proves nothing; a human reviews each artifact.
- AI Security Audit output: the generated audit is decision support, not a decision-maker. It is presented for human review, and customers are responsible for validating it before acting on it or sharing it, as set out in the AI Features Terms.
7. No-Fabrication Principle
The Service is built around an explicit honesty contract: it must never present invented data as measured data.
- Evidence collectors never fabricate: if a signal is unreachable (no connection, missing permission, tool absent), the collector omits it rather than guessing, defaulting, or emitting a stale cache as fresh.
- Scores are coverage-aware: dimensions without a connected source are left out of the composite rather than given a placeholder grade.
- The AI Security Audit's instructions require it to map posture honestly to frameworks — marking gaps as gaps — and, when findings are sparse, to say coverage is limited rather than assuming the organization is secure.
- Vendor pages that fail to load during attestation capture are skipped and logged, never substituted with fabricated artifacts.
8. Safeguards Against Prompt Injection and Misuse
The security findings analyzed by the AI Security Audit include text that originates from third parties (for example, dependency advisories) and could contain content crafted to manipulate a model. The audit's system instructions therefore treat every finding strictly as untrusted evidence to assess — never as instructions — and direct the model to ignore any embedded directive, such as an instruction to raise the score or omit risks.
AI outputs are additionally constrained to a structured schema (typed fields with a bounded posture score), which limits the blast radius of a manipulated response, and every run is attributable to a specific user through the audit trail.
9. Governance, Accountability, and Review
ShipReady Metrics is an early-stage company; AI governance responsibilities are held by the company's leadership rather than a dedicated AI committee. [Owner to confirm: the named accountable role for AI governance decisions.] We do not claim any external AI-specific certification or audit.
- Any new AI-assisted capability must be added to the inventory in Section 2 of this Policy before launch, with its data flows documented.
- Material changes to the model provider or to what data is sent will be reflected in the Subprocessors document and noticed through the Trust Center.
- This Policy is reviewed at least [Owner to confirm: review cadence, e.g., annually] and whenever an AI feature materially changes.
Questions about this Policy: security@persooninc.com or info@persooninc.com. Postal contact: Persoon.ai Inc., 525 Randall Ave Ste 100 PMB 228, Cheyenne, WY 82001. This document is an AI-generated draft pending legal and owner review and is not legally binding.