TrackProject is currently available by invitation only.
Request access·Book a demo·Sign in
TrackProject
Trust & Compliance · Security & AI

AI Usage Policy

The principles and guardrails that govern every AI feature in TrackProject.

Versionv2.2Last updated2026-06-25Last audit2026-05-12
UK GDPREU GDPRCCPA / CPRAISO/IEC 27001:2022ISO/IEC 42001 (AI)SOC 2
Contact security Report vulnerability Request data export Request account deletion

1. Responsible-AI principles

TrackProject AI is designed to assist project delivery, infrastructure and operations teams, not to replace human judgement. Every AI feature is built on five principles: permission-aware, explainable, auditable, tenant-isolated and human-verified.

2. Permission-aware by design

The Assistant, Copilot, executive briefings, Twin Analyst and autonomous agents inherit the calling User's Row Level Security scope. AI cannot return data the User could not otherwise see in the UI, and it cannot read across workspaces or tenants.

3. No cross-tenant learning

Customer prompts, retrieved context and AI responses are never used to train shared models, fine-tune base models or improve our retrievers. Foundation models are accessed through providers contractually prohibited from training on TrackProject Customer data and from retaining inference payloads beyond the operational window required to return a response.

4. Human verification required

AI-generated outputs — risk summaries, handover-readiness assessments, schedule analyses, twin diagnostics, autonomous recommendations and proposed actions — are decision support. Customers must verify outputs before acting on them. Material recommendations require explicit human approval before execution.

5. Explainability & citations

AI responses cite the underlying TrackProject entities (projects, racks, cables, audit entries, telemetry samples) used to compose the answer. Reviewers can trace each claim back to its source record and replay the tool calls that produced it.

6. Auditability

AI tool calls are recorded in the workspace audit log, including the User, the entities accessed, the model used, the timestamp and a hash of the prompt. Workspace administrators can export AI logs for compliance review.

7. Known limitations

Large language models can hallucinate, misinterpret ambiguous prompts and miss context. They are not deterministic. Confidence scores are heuristic, not probabilistic guarantees. Do not rely solely on AI for safety-critical, life-safety, structural, medical or financial sign-offs.

8. Prohibited uses

AI features must not be used to generate harmful, discriminatory, deceptive or unlawful content, to bypass workspace permissions, to process special-category personal data outside the Customer's lawful basis, to attempt prompt injection against other tenants, or to extract model weights, system prompts or retriever indices.

9. Model updates

Foundation models are versioned. Customer-visible model changes are announced in product release notes. Enterprise customers may pin to a specific model tier or request advance notice of model rotation.

10. AI incidents

Customers should report suspected AI misbehaviour — hallucinated citations, leaked information, unsafe recommendations — to security@track-project.com. Reports are triaged within two business days and acted on through our incident response process.

Questions about this document? Contact legal@track-project.com · Security: security@track-project.com

© 2026 TrackProject Ltd. Version 2.2 · Last updated 2026-06-25.

Version history

  • v2.22026-06-25Added AI incidents reporting section.
  • v2.12026-03-15Added model-update notification clause.
  • v2.02026-03-01Five-principle responsible-AI framing.
Trust Center Security Center AI Governance Responsible AI Architecture Integrations Compliance Subprocessors