# EquanimGRC AI Ethics Policy **Effective:** April 14, 2026 **Owner:** Atomlab LLC, operator of EquanimGRC **Canonical URL:** https://equanimgrc.com/trust/ai Compliance is a trust document. The reader needs to know who stands behind every line. That's why EquanimGRC treats AI as a draftsman, not an author. This page is our written policy on where we use AI, where we don't, and what we tell you about every artefact we help you draft. --- ## 1. AI drafts. Humans decide. AI is a drafting tool in EquanimGRC. It proposes policies, suggests answers, and flags gaps. It does not approve, attest, or sign off. Every artefact that affects your compliance posture passes through a named human reviewer before it is treated as truth. ## 2. Every AI output is labelled. AI-generated content is flagged in the database and visible in the UI. You see which model produced it, when, what sources it drew from, and what confidence score it carried. If a policy version came out of an AI draft, there is a visible badge on it until a human edits or re-attests it. ## 3. Sources are always shown. When the assistant suggests an answer or generates a policy, it shows the specific evidence items and policies it used to get there. If it can't show sources, it doesn't ship the suggestion. ## 4. Confidence is shown, not hidden. AI suggestions come with a numerical confidence score and an explanation. Low-confidence drafts are marked as low-confidence. We don't paper over uncertainty. ## 5. No cross-tenant training. Your documents, controls, and evidence are not used to train the models that serve other customers. Embeddings are tenant-scoped. If we ever change this, you will hear about it first and consent explicitly. ## 6. AI actions are logged. Every AI call made on your behalf is recorded with the user, timestamp, context, and result. You can export this log at any time. --- ## What this means in practice ### We will not - Ship compliance claims without human review. - Hide that an artefact was AI-drafted. - Use your data to train models for anyone else. - Generate audit opinions, attestation letters, or assessor conclusions. - Fabricate citations. If the model can't ground a claim in your source material, we emit an `` marker instead. ### We will - Show the model, prompt version, and inputs for every AI action we take. - Let you turn AI assistance off per tenant or per workspace. - Give you full export of every AI call, prompt, and response. - Tell you first — in writing — if any of this changes. --- ## Verification This document is published with a detached PGP signature. To verify: ``` curl -sL https://equanimgrc.com/pgp-key.asc | gpg --import curl -sO https://equanimgrc.com/policies/ai-ethics.md curl -sO https://equanimgrc.com/policies/ai-ethics.md.asc gpg --verify ai-ethics.md.asc ai-ethics.md ``` PGP key fingerprint: `5B61 9918 0EC8 D3E8 C6FA CBDE CB80 F375 407E 3B26`