This page is a plain-language summary for evaluators. The authoritative document is the SmartAlex AI Usage Policy. If anything here differs from that document, the full policy prevails. This summary reflects version 1.1, effective 1 June 2026.
AI Usage Policy
The authoritative, controlling document. Read this for the binding text.
Acceptable Use Policy
The wider rules of the road for the platform, cross-referenced throughout.
Telephony and Call Recording Notice
Consent and notice duties for recording and transcribing calls.
How AI is used
The platform uses machine learning across a few capabilities:- AI voice agents that place and receive calls on your behalf.
- Conversational chat agents embedded on websites and messaging surfaces.
- AI-assisted analysis of call transcripts, including contact enrichment, sentiment and outcome classification, and reporting.
- AI-assisted content generation for prompts, scripts, summaries, and templates used by your administrators.
The general-purpose models behind these features are operated by our third-party AI and voice-infrastructure providers under contractual terms we negotiate to protect your data. We describe those providers by category. Their identities, the data categories each receives, and the transfer safeguards that apply are listed in our published subprocessor list, which is the authoritative source, and you receive prior notice of any change with a right to object as set out in our Data Processing Addendum. We do not train our own foundation models.
The model-training wall
This is the commitment procurement teams ask about first. Where a provider offers contractual terms that prevent such use, for example a zero data-retention configuration or enterprise terms that exclude training on submitted data, we contract on those terms. The specific safeguard for each provider is recorded in our subprocessor list and Data Processing Addendum. Two narrow, opt-in exceptions exist, and both stay inside your tenant:- Operational analytics. As an independent controller of service-operations data, we may use aggregated and de-identified metrics about how the agents perform, such as latency, error rates, and transfer rates, to monitor, secure, and improve the platform. This does not reconstruct the content of any caller’s conversation and is never used to train foundation models.
- Customer-elected fine-tuning and custom voices. You may choose to fine-tune a model or train a custom synthetic voice on your own data. This is off by default, runs only on your instructions, and the resulting model artifacts are scoped to your tenant and never made available to other customers. If the custom voice clones an identifiable person, the voice-consent rules below apply in full.
Transparency and disclosure
Where an AI agent, voice or chat, interacts with a person, the AI nature of the agent is disclosed:1
Where the law requires it
Including the EU AI Act transparency obligation for systems that interact directly with people, the California bot-disclosure law, and similar statutes elsewhere.
2
By default in the standard configuration
We ship default disclosure language designed to meet the strictest applicable transparency standard.
3
Always, on request
Whenever a person asks whether they are speaking with a human or an AI, the agent answers truthfully and without qualification.
Voice cloning and voice consent
Whenever you clone, replicate, or imitate the voice of an identifiable person, all of the following apply:- You must obtain and retain documented, informed, and explicit consent from that person before the voice is cloned or used, and be able to produce evidence of it on request.
- A voice print used to identify or authenticate a person is biometric data. Under the GDPR and equivalent laws it is special-category personal data that needs an explicit lawful basis, ordinarily the person’s explicit consent.
- As controller of the underlying data, you establish that lawful basis, give the required notices, and honor any withdrawal of consent, including by stopping use of the cloned voice and instructing us to delete the related artifacts.
- You must not clone or imitate the voice of a public figure, a celebrity, or any other person for deception, fraud, or misrepresentation of identity.
Human oversight and your configuration duties
The platform is built so significant decisions stay with people, not solely with a model.- Live human transfer is available on voice calls where you have enabled it. A person can ask to be transferred to a human at any time, and the request is honored where you have staffed live transfer.
- No solely automated significant decisions. SmartAlex does not make decisions producing legal or similarly significant effects on a solely automated basis, and you cannot override this default for an in-scope decision. Where a decision could produce such effects, you are responsible for configuring human review. An affected person may, through you as controller, request human intervention, express their view, and contest the outcome.
- Audit log. Your tenant administrator can review AI decisions through the audit log, which records the agent configuration in force, the tools the agent invoked, and the outcome of each interaction.
Prohibited uses
You must not use the AI capabilities for any of the following.
Using the AI capabilities for any of these is a material breach of our Terms of Service and Acceptable Use Policy, and may lead to suspension of the affected feature or the account.
Who is responsible for what
Roles at a glance
Roles at a glance
Your obligations summary
Your obligations summary
When using the AI features, you must:
- Enable and maintain AI disclosure to people at the standard required by the strictest applicable law.
- Establish a lawful basis, give required notices, and obtain any consent needed to process personal data, including special-category data and voice prints.
- Obtain all consents required for recording and transcribing calls, as described in the Telephony and Call Recording Notice.
- Test and supervise your agents, provide accurate knowledge sources, and never deploy the features for a prohibited use case.
- Comply with EU AI Act deployer obligations, and any equivalent law, that apply to your use case.
High-risk deployments under the EU AI Act
High-risk deployments under the EU AI Act
The platform is general-purpose voice and conversational AI infrastructure and is not, by default, a high-risk AI system. Your use case can bring your deployment into high-risk scope, for example in recruitment, credit assessment, education access, essential services, law enforcement, migration, or the administration of justice.Before deploying in any high-risk use case you must consult your own legal counsel, implement the deployer obligations the EU AI Act imposes, such as human oversight, monitoring, log retention, and any required impact assessment and registration, and inform us through your account contact. On reasonable request and subject to confidentiality, we provide the technical information you need to complete a data-protection or fundamental-rights impact assessment.
Accuracy, security, and data location
Accuracy and limitations
Accuracy and limitations
General-purpose models can produce inaccurate, fabricated, or unsupported output. We ground agents in your knowledge, prompts, and tools, and apply default guardrails, but we do not warrant that outputs are error-free, complete, or fit for a particular purpose. Transcription can contain errors with strong accents, background noise, overlapping speakers, or specialized terms, and synthesized speech may mispronounce names or numbers.You should test agent flows before deployment and on material changes, keep knowledge sources accurate and current, avoid treating a transcript or summary as a verbatim or legally authoritative record without human verification, and not use agents to give regulated professional advice without the appropriate standing and human review. AI outputs are not professional advice. The services are not designed for use where failure could cause death, injury, or severe damage, and must not be relied on to reach emergency services.
Bias, fairness, and safety testing
Bias, fairness, and safety testing
We monitor the published evaluations and safety documentation of our providers, account for known fairness limitations when selecting and configuring models, build safety guardrails into our default configuration, and act on platform-level fairness issues, including by adjusting defaults or switching providers where a reasonable remediation exists. Because your prompts, knowledge bases, and decision logic materially affect outcomes, you are responsible for testing your custom agents for bias and fairness in your deployment context. If you identify a concern that appears to arise at the platform level, report it to us so we can investigate.
Security of the AI features
Security of the AI features
Measures specific to the AI features include encryption of your data in transit to and from our providers and at rest in our systems, tenant isolation so that one customer’s prompts, knowledge bases, custom voices, and outputs are not accessible to another, contractual no-training and, where available, zero data-retention configurations, access controls and logging on the systems that orchestrate the features, and controls designed to mitigate prompt-injection and tool-abuse risks.We do not currently hold our own SOC 2 or ISO 27001 attestation and are working toward SOC 2 readiness. Our infrastructure subprocessors maintain SOC 2 or ISO 27001 attestations. If we become aware of a security incident affecting your data processed by an AI feature, we notify you in line with the Data Processing Addendum.
International transfers and intellectual property
International transfers and intellectual property
The AI features are operated by providers located principally in the United States, and running a live call necessarily processes audio and transcript content wherever the relevant model is hosted. Where this transfers personal data out of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards, principally the standard contractual clauses, the UK transfer agreement or addendum, and the Swiss addendum, together with supplementary measures such as encryption and access controls. The location of each provider and the safeguard that applies are set out in the subprocessor list.As between us and you, and subject to the rights of the AI providers and any third party in the underlying models, you own the outputs generated through your use of the features, on the same basis as the rest of your data. You are responsible for ensuring your use of an output does not infringe a third party’s rights. Models can generate similar or identical outputs for different users, so an output is not warranted to be original or protectable.
Data retention
The authoritative periods and criteria live in the Data Processing Addendum and Privacy Policy.

