Responsible AI use policy

Ensuring secure, responsible, and high-quality use of AI in software development.

• Introduction
• Our core principles
• Data we never provide to AI systems
• Data we may use with approved AI tools
• Approved AI tools and security guarantees
• How we ensure safe and high-quality AI usage
• Criteria for approving new AI tools
• Developing or training AI models for clients
• Summary

1. Introduction

Proekspert uses Artificial Intelligence (AI)–assisted development tools to improve software quality, accelerate delivery, and strengthen engineering practices.

We adopt these tools responsibly and transparently, with the highest commitment to security, confidentiality, and regulatory compliance, including GDPR and the EU AI Act.

This policy describes how Proekspert uses AI tools in customer projects and the principles we apply to safeguard client data and intellectual property.

2. Our core principles

2.1 AI improves quality and efficiency – engineers remain fully responsible

We use AI to enhance the quality, speed, and consistency of the engineering work we deliver.

AI helps us identify issues earlier, produce cleaner solutions, and accelerate development – all for the benefit of our customers.

However, AI never replaces human expertise:

• All final decisions remain under human control.
• Proekspert engineers retain full responsibility for the accuracy, reliability, and quality of all work delivered to customers.

2.2 Customer rules always override internal rules

Customer-specific requirements, policies, and restrictions have the highest priority:

• If a customer restricts or prohibits AI usage, we follow that instruction without exception.
• If a customer defines stricter security, data handling, or compliance measures, those rules override our internal AI practices.
• Our processes and tool choices always adapt to the customer’s expectations and contractual obligations.

This guarantees full alignment with each customer’s security posture and regulatory needs.

2.3 Confidentiality and security first

We protect client information with enterprise-grade safeguards:

• Only Proekspert-approved AI tools with enterprise privacy, no-training, and data-isolation settings are allowed.
• We do not submit business critical data to AI tools unless explicitly permitted by the client.
• All access credentials (keys, tokens, passwords) are strictly prohibited from being used in any AI system.

2.4 Ethical and responsible use

We prohibit the use of AI for:

• Deceptive, misleading, or unethical actions
• Generating outputs without human review
• Any activity outside legal and regulatory requirements of Proekspert complies with all relevant legislation, including GDPR, copyright law, and the EU AI Act, and honors the customer’s own compliance frameworks.

3. Data we never provide to AI systems

Proekspert does not input the following into AI systems (unless explicitly authorized by the client and using tools with guaranteed privacy modes):

3.1 Highly confidential business information

Examples include business plans, product roadmaps, strategic analyses, competitive assessments, and other sensitive documents.

3.2 Personal data and large datasets

Any datasets containing personal information must be anonymized or pseudonymised before being used in AI tools.

3.3 Access credentials or security-sensitive information

This includes passwords, tokens, API keys, certificates, SSH keys, etc.

4. Data we may use with approved AI tools

With privacy-mode AI tools, Proekspert may use project resources, such as:

• Architecture and design documentation
• Feature descriptions, backlogs, user stories
• Source code and scripts
• Configuration files (without secrets)
• Deployment setups
• Database schemas (without personal data)
• Logs and test data (anonymized where necessary)
• Code review and quality reports

These materials help accelerate development and improve engineering quality.

5. Approved AI tools and security guarantees

We use only enterprise-grade tools that meet strict requirements:

5.1 Proekspert’s internal Azure OpenAI assistant

• Runs on secure enterprise infrastructure
• No data used for model training
• GDPR compliance via Azure Europe regions

5.2 GitHub Copilot

• Privacy mode enabled
• No prompt or code data retained
• No data used for model training
• Information: GitHub Copilot Trust & Privacy pages

5.3 Cursor

• Privacy Mode enforced
• No data used for training
• Data encrypted in transit and at rest
• Local/Ghost Mode available for offline sensitive work
• SOC 2 Type II and GDPR compliant

5.4 Claude Code

• Privacy mode enforced
• No data used for training
• Data encrypted in transit and at rest
• GDPR-compliant data processor agreements with SCCs
• Strict European data protection alignment

5.5 Customer-provided AI tools

Tools supplied or mandated by the client are considered approved for that specific project, and client rules take priority.

6. How we ensure safe and high-quality AI usage

Proekspert maintains strict internal processes:

6.1 Human oversight

All AI-generated outputs are reviewed and verified by Proekspert engineers.

6.2 Minimum-necessary principle

We only provide the minimal information needed for a task.

6.3 Developer training

All engineers receive training on:

• Secure use of AI tools
• Privacy modes
• Reviewing AI-generated code
• Responsible development practices

7. Criteria for approving new AI tools

Before a new tool may be used, it must meet all the following criteria:

• GDPR compliance and European data residency, where relevant
• Enterprise privacy mode with no data used for model training
• Logical isolation of customer data
• Encryption at rest and in transit
• Clear documentation on privacy, data retention, subprocessors, and compliance
• Successful review by Proekspert’s Governance Team and, if necessary, the customer

8. Developing or training AI models for clients

When Proekspert develops or trains AI models on behalf of clients:

• GDPR, EU AI Act, and copyright rules are strictly followed
• Data sources are documented and verified
• Training datasets must be high-quality, licensed, and ethically sourced
• Models are assessed for bias and fairness
• Security controls are applied to protect models and data
• Proper risk assessments and rollback plans are prepared
• Model performance and compliance are continuously monitored

9. Summary

Proekspert is committed to providing high-quality engineering services enhanced by carefully selected AI tools.

We protect client data using strong technical and organizational safeguards aligned with GDPR and the EU AI Act.

AI is used responsibly, ethically, and transparently to increase quality and development speed, while ensuring confidentiality and full compliance with client requirements.