Product Frameworks Pricing Trust About
Sign in Book a demo

Trust Charter / How we use AI

AI drafts the work. You own the result.

Compliance is a trust document. The reader needs to know who stands behind every line. That's why EquanimGRC treats AI as a draftsman, not an author.

AI drafts. Humans decide.

AI is a drafting tool in EquanimGRC. It proposes policies, suggests answers, and flags gaps. It does not approve, attest, or sign off. Every artefact that affects your compliance posture passes through a named human reviewer before it is treated as truth.

Every AI output is labelled.

AI-generated content is flagged in the database and visible in the UI. You see which model produced it, when, what sources it drew from, and what confidence score it carried. If a policy version came out of an AI draft, there is a visible badge on it until a human edits or re-attests it.

Sources are always shown.

When the assistant suggests an answer or generates a policy, it shows the specific evidence items and policies it used to get there. If it can't show sources, it doesn't ship the suggestion.

Confidence is shown, not hidden.

AI suggestions come with a numerical confidence score and an explanation. Low-confidence drafts are marked as low-confidence. We don't paper over uncertainty.

No cross-tenant training.

Your documents, controls, and evidence are not used to train the models that serve other customers. Embeddings are tenant-scoped. If we ever change this, you will hear about it first and consent explicitly.

AI actions are logged.

Every AI call made on your behalf is recorded with the user, timestamp, context, and result. You can export this log at any time.

The line

Where AI stops.

AI does

  • Draft policies from templates and context you provide
  • Suggest questionnaire answers based on your existing policies and evidence
  • Propose control mappings between frameworks
  • Extract structured data from uploaded documents
  • Flag gaps and expired evidence
  • Summarize long documents for reviewer context

AI doesn't

  • Approve or sign off on any artefact
  • Mark a control effective
  • Send an artefact to an auditor
  • Auto-publish any customer-facing compliance page
  • Train on your data to serve another customer
  • Make a claim your team hasn't reviewed
← Back to the Trust Charter