1. Scope
Applies to all Vortex IQ products and modules (Nerve Centre, Vortex Mind, Ask Viq, Actions, Vortex Apps, Vortex Memory) and to all AI models and providers used to deliver them.
2. Principles
- Human accountability. AI assists people; it does not replace their authority. A person is accountable for any change to a customer's systems.
- Least data. We send the model only the data a task requires.
- Transparency. Customers can see what the AI did, why, and on what evidence.
- Safety by default. Higher-impact actions require stronger controls and explicit approval.
- No training on customer data. Customer data is not used to train models, ours or our providers
3.Models and providers
- Vortex IQ's reasoning runs primarily on Claude, provided by Anthropic, and also uses Gemini, provided by Google, and Vortex IQ's own proprietary models, selected according to the task. Third-party models are accessed over secure APIs and listed in our sub-processor register.
- Our model providers do not use API data to train their models, and neither does Vortex IQ.
- New models or providers are assessed against this policy before use.
4.Data handling in AI processing
- Inputs sent to the model are limited to what the task needs and are transmitted over encrypted channels.
- Customer data processed by the model is not retained to improve Vortex IQ models or shared with other customers.
- Customer data remains logically isolated per tenant.
- Customers can request deletion of their data in line with the Data Protection Addendum.
5. Levels of autonomy and human-in-the-loop
Every AI capability operates at one of three levels:
- Insights (read-only). The AI surfaces information. No change is made.
- Recommended Actions. The AI proposes a change. A person reviews and decides.
- Automated Decisions. The AI executes a change, only for a specific, scoped task the customer has explicitly enabled, with limits and logging.
By default, nothing that changes a customer's store or systems happens without human sign-off. Where automation is enabled, changes are tested in staging first and can be reverted in one click (StagingPro, DryRunPro, RollbackPro).
6. Guardrails and safety controls
- Scoped permissions. The AI acts only within the connectors, data and actions the customer has authorised, read-only wherever possible.
- Input and output handling. Prompts and outputs are validated, and known prompt-injection and unsafe-output patterns are mitigated.
- Restricted actions. High-impact actions (bulk changes, deletions, financial operations) are gated behind approval and additional confirmation.
- Accuracy. Outputs that drive actions are grounded in the customer's own data and cite their evidence; users are told when a result is a model inference rather than a measured value.
- Rate and scope limits prevent runaway or out-of-scope automation.
7. Auditability
Every AI-driven recommendation, decision, action and data access is logged with the inputs, the model output, the approver where applicable, and the outcome. Logs are available to the customer.
8. Testing and evaluation
AI capabilities are evaluated before release and monitored in production for quality, safety and drift. Material changes to models or prompts that affect customer-facing behaviour follow our Secure SDLC and Change Management Policy.
9. Appropriate use, bias and fairness
Vortex IQ uses AI for commerce operations: monitoring, diagnostics, content, and deployment support. We do not use it for prohibited or high-risk decisioning outside that scope. Where outputs could be influenced by bias in source data, we flag the limitation.
10. AI incidents
Suspected unsafe outputs, data exposure through AI, or automation acting out of scope are handled under our Incident Response and Breach Notification Policy, with AI-specific containment (disable the capability, revert via rollback, review logs).