Purpose and Scope
Purpose
We are dedicated to advancing artificial intelligence (AI) responsibly, and we are committed to developing, deploying, and managing AI technologies in a manner that is ethical, transparent, and beneficial to our clients, our personnel, and other stakeholders.
This includes a commitment to continuous improvement, risk management, and adherence to all applicable regulations and contractual requirements.
This policy is designed to ensure the responsible use of AI, emphasizing accountability, security, privacy, and fairness across all our AI-powered features.
By integrating these principles into how we operate, we aim to use AI to improve our platform while mitigating potential risks and ensuring the trustworthiness of our AI systems.
Scope
This policy applies to all aspects of our AI/ML capabilities, including our people, processes, and technologies, covering the full lifecycle of AI systems on our platform, from design and development through deployment, operation, and decommissioning.
Our current AI/ML capabilities include:
Computer vision models used for natural-language search over client content (CLIP-like embeddings).
Facial recognition clustering used to identify individuals across client assets.
Integrations with third-party AI providers, including OpenAI and Gemini used for specific platform features.
By defining clear roles, responsibilities, and expectations, this policy establishes a framework for AI governance that supports our platform and the clients who rely on it.
It applies to all personnel, contractors, and consultants who develop, configure, administer, or rely on these capabilities, and to any new AI/ML capability we introduce going forward.
It does not extend authority over client-side use of our platform; clients remain responsible for their own legal obligations when using AI-assisted features.
AI Policy Commitments
This policy was developed in line with our strategic direction and information security program.
We actively leverage AI technologies to enhance how clients search, organize, and access their content, in alignment with our overarching mission.
We continuously promote ethical, transparent, and responsible AI use, fostering trust and integrity in everything we build.
This commitment is integrated into our daily operations and strategic planning, ensuring AI technologies serve our organizational purpose effectively.
We maintain strict adherence to all relevant legal, contractual, and regulatory requirements governing AI.
Our compliance efforts are managed through ongoing monitoring of regulatory requirements, regular internal review of our AI applications, and awareness activities for our personnel so they understand and implement these requirements.
Compliance is a shared responsibility across our organization, embedded in our operational practices and decision-making processes.
We are committed to the continuous enhancement of our AI governance, fostering a culture of innovation and learning.
This ongoing process is supported by our engineering, security, and leadership teams, and draws on established methodologies for continuous improvement to ensure we remain responsible stewards of the AI capabilities we build.
Guiding Principles and Processes
We are committed to responsible AI development and use through the following guiding principles:
Risk Identification and Mitigation: We identify, evaluate, and mitigate risks across the AI lifecycle. Our AI/ML processing runs inside isolated containers with defined resource boundaries and role-based access controls, and incoming files are hash-verified and malware-scanned before they reach our AI/ML pipeline.
Monitoring for Misuse: We monitor our AI systems in production to identify and address vulnerabilities, incidents, and misuse, using our existing security monitoring and incident response processes, including anonymous reporting channels open to all personnel.
Data Protection and Segregation: AI-derived data, such as embeddings and facial recognition clusters, is classified and protected under our Data Management Policy at our highest protection tier, encrypted at rest and in transit, and stored with strict tenant isolation.
Client Data Control: Client content is not used to train or fine-tune our models by default. Where a client opts in to contribute data toward improving our models, that data is sanitized to remove common sources of personal data before it is used.
Hosting and Processing Location: All AI/ML hosting, training, and processing of customer content takes place in the United States.
Vendor and Third-Party AI Governance: Relationships with external AI providers, such as our OpenAI integration, are governed under our Third-Party Management Policy, applying the same due diligence as any vendor with access to client-adjacent data.
Bias and Fairness: We apply dataset auditing, automated bias detection, and human review to our AI-powered search capabilities on an ongoing basis, not as a one-time exercise.
Client Consent and Biometric Data: Where our platform generates biometric data, such as through facial recognition, clients are responsible for providing notice and obtaining consent from the individuals concerned, and they control the retention of that data through their own workspace administration.
Continuous Improvement: We treat AI governance as an evolving practice, incorporating lessons from internal review, personnel feedback, and changes to our AI/ML capabilities.
Leadership and Commitment
In order to demonstrate our commitment to ensuring that our approach to AI governance is effectively implemented and continually improved, our leadership shall:
Ensure AI policy and objectives are aligned with our strategic direction.
Ensure the integration of AI governance into our business processes.
Ensure that AI governance is sufficiently resourced.
Ensure that the importance of conforming to this policy is communicated to stakeholders.
Ensure that our approach to AI governance achieves its intended results.
Ensure that personnel contribute to the effectiveness of our AI governance in accordance with their roles.
Ensure that our approach to AI governance is continually improved.
Our CTO holds overall accountability for this policy, with day-to-day stewardship, review, and updates carried out in coordination with the individuals responsible for our broader information security program.
Responsible Use of AI System
We ensure the responsible development, provisioning, and use of our AI systems, whether developed internally or acquired from third-party providers.
We recognize that responsible AI use varies across applications, and we aim to reflect a set of core commitments across our platform, including fairness, accountability, transparency, explainability, reliability, safety, robustness, privacy and security, and accessibility.
Trustworthiness
We design, develop, and validate our AI systems to meet high standards of quality and robustness, with ongoing monitoring of system performance to help identify and address deviations from expected outcomes.
Robustness
We aim for our AI systems to maintain performance under the conditions of their intended use, including within our isolated, tenant-segregated processing environment.
Accountability
We accept responsibility for the outcomes of our AI systems and maintain mechanisms, through our existing incident response and change management processes, for addressing any adverse impacts.
Safety
We consider potential safety and security risks throughout the AI lifecycle, from design through deployment, with the aim of preventing harm to our clients and the people whose content they manage.
Privacy and Security
We protect the data our AI systems process against unauthorized access, use, or disclosure, applying encryption, access control, and tenant isolation consistent with our Data Management Policy.
Individuals retain meaningful control over what information is collected and how long it is retained, particularly where biometric data is involved.
Accessibility
We aim to make our AI-powered features usable and beneficial to the diverse range of creative professionals and teams who rely on our platform.
Reliability
We are committed to the reliability of our AI systems, monitoring and validating their performance on an ongoing basis.
Controllability
We design and operate our AI systems to fulfill their intended purposes, with human oversight built into how AI-assisted outputs are used.
Explainability
We aim for decisions informed by our AI systems to be understandable to the personnel and clients who rely on them.
Transparency
We communicate the nature of the data our AI systems use and the function of our AI-powered features to our clients, including through our public documentation.
Bias and Fairness
We work to identify and mitigate sources of unwanted bias in our AI-powered search capabilities so that our AI applications treat client content fairly.
Verification and Validation
We verify and validate our AI systems to confirm they are built correctly and perform as intended, using a combination of automated testing and human review.
Intended Use of the AI System
We ensure that our AI systems are used in accordance with their designated purposes and the documentation associated with them.
Our approach includes:
Follow Deployment Practices: AI/ML capabilities are deployed and configured according to our standard change management process, with human oversight built into how outputs are used.
Continuous Monitoring: We actively monitor the operation of our AI systems to detect deviations from expected performance or issues affecting our clients.
Communicate Concerns: Where the operation of an AI system raises concerns about its impact, we promptly communicate these issues to relevant stakeholders for resolution.
Documentation and Event Logs: We maintain documentation and event logs relating to the deployment and operation of our AI systems.
Documentation Retention
Event logs and related documentation are retained in line with our data retention practices and applicable legal requirements.
AI Objectives Framework
To effectively set AI objectives, we apply the following framework:
Alignment with Organizational Goals
Stakeholder Engagement
Risk Assessment and Compliance
Resource Evaluation
SMART Objective Setting
Monitoring and Evaluation
Continuous Learning and Adaptation
Policy Review
This policy is reviewed periodically and at least annually.
Reviews may also be triggered by significant changes in:
AI/ML capabilities
Infrastructure
Legal requirements
Regulatory requirements
AI Policy Deviation
Any deviations from this policy follow a documented process including:
Identification and Documentation
Approval Process
Documentation and Reporting
Document History
Version | Date | Description | Written By | Approved By |
|---|---|---|---|---|
1.0 | July 2026 | Initial version of the AI Policy | Vivekanandan Saravanan | Brandon Fan |