AI Governance Policy

Effective Date: 14/07/2025

1. Our Commitment to Responsible AI

At Exona Ltd, we are committed to building and deploying AI technologies in a responsible, transparent, and ethical manner. We prioritize user trust, safety, and compliance with all applicable laws, including the UK GDPR, EU GDPR, and emerging AI-specific regulations.

2. Privacy-First Design

Privacy is at the core of our platform architecture. Our practices include:

  • Data Minimization: We collect only the minimum data required to deliver functionality.
  • Informed Consent: All processing is based on explicit, informed consent.
  • User Transparency: We clearly communicate how and why user data is processed.

3. GDPR & UK Data Protection Compliance

We fully comply with the EU GDPR, UK Data Protection Act 2018, and associated guidance. Our key commitments:

  • Data Subject Rights: Users can access, correct, delete, or restrict their data.
  • Data Processing Agreements (DPAs): All third-party processors are contractually bound to strict data protection and confidentiality terms.
  • Privacy Impact Assessments: We conduct regular Data Protection Impact Assessments (DPIAs) where required.

4. Transparency & Explainability

We believe users and enterprises should understand how AI decisions are made.

  • Explainable AI: We provide mechanisms to interpret and understand AI agent behavior.
  • Documentation Access: On request, enterprise clients receive technical documentation on model workflows, data flows, and AI methodology.

5. Ethics, Fairness & Non-Discrimination

Exona monitors its systems to prevent unintended harm.

  • Bias Monitoring: We conduct fairness audits and intervene if biased outputs are detected.
  • Use Case Restrictions: Certain high-risk or sensitive use cases may be restricted or require additional oversight.

6. Security & Risk Management

We apply industry-standard security measures to all systems and infrastructure:

  • Encryption: All data in transit and at rest is encrypted using current best practices.
  • Access Control: Role-based access control and logging are enforced across the platform.
  • Ongoing Risk Assessments: Our internal teams regularly evaluate risks from AI use and deployment.

7. Model Providers & AI Integrations

Our platform integrates with third-party AI models (e.g. OpenAI). We ensure that all providers:

  • Comply with UK/EU data laws
  • Do not use client data for model training without explicit opt-in
  • Maintain clear audit trails and security safeguards

Users can select preferred models and control access to different capabilities through configurable settings.

8. Governance Structure & Accountability

  • AI Governance Committee: Oversees ethical development, risk management, and compliance.
  • Reporting Channels: Clients may report AI-related concerns via our support portal or by email. Concerns are logged, investigated, and acted upon transparently.

9. Training & Awareness

We run regular internal training on:

  • Responsible AI usage
  • Data protection obligations
  • Emerging compliance standards (e.g. ISO/IEC 42001, EU AI Act readiness)

10. Continuous Improvement

AI governance is an evolving field. We commit to:

  • Periodically reviewing this policy
  • Incorporating user feedback
  • Adapting to legal and technological developments

Contact Us

For questions or compliance-related requests, please reach out to: privacy@exonalab.com