← Back to NEXQ Legal Center

Contract effective date: September 18, 2024. Runtime consent, request, security, audit, and deployment timestamps remain factual records.

AI Governance Policy for Web and Mobile Apps

Scope

This policy applies to AI, machine learning, generative AI, automated decision systems, recommendation systems, classifiers, chatbots, agents, retrieval augmented generation, personalization engines and analytics models used in web apps, mobile apps, APIs and developer tools.

Risk classification

Before launch, every AI system must be classified by:

Required controls

Third-party AI providers

Third-party AI providers must pass privacy, security, retention, training-use, data residency, subprocessors, abuse reporting, deletion, incident notice, confidentiality and IP review. User data must not be routed to a provider until vendor risk is approved and app-store disclosures are updated.

AI release blockers

Release is blocked when: data flows are unknown; privacy labels are inconsistent; high-risk use lacks human oversight; safety evaluation is missing; children/health/financial/employment use lacks counsel review; generated-content reporting is absent where required; or the product makes unsupported claims.