AI Trust Center
Version 3 · effective 5/18/2026
AI Trust Center — attestly
Source repository: Artificial425/attestly
Effective 2026-05-18
The attestly product utilizes generative AI to provide advanced text generation and analysis capabilities. It integrates with multiple leading AI model providers, including OpenAI, Anthropic, and Google Generative AI (Gemini), to process user-provided prompts and return relevant, context-aware responses. These integrations are designed to enhance user productivity within the attestly application.
AI systems
openai-llm
Provides large language model inference for text generation and embedding creation.
| Attribute | Value |
|---|---|
| Provider | OpenAI |
| Model | gpt-4o |
| Inputs | prompt content, user identifiers (when passed) |
| Outputs | Generated text, Embeddings |
| Risk class | Limited risk |
| Human-in-the-loop | Yes |
| Source | src/lib/ai/openai-client.ts |
The system processes user-provided data to generate text. The risk is limited as the outputs are informational, subject to user review, and not used for fully automated, high-stakes decision-making. The system does not impact safety-critical systems.
Annex IV technical documentation
General description. This AI system integrates the OpenAI API into the attestly product to provide users with advanced text generation and embedding capabilities. The system takes user prompts as input and returns model-generated text or vector embeddings. It is a core component of the product's AI-powered features.
Data and inputs. The primary data input is 'prompt content' provided by the end-user. In some cases, non-sensitive 'user identifiers' may be passed to the API for moderation and abuse monitoring purposes, as per OpenAI's API terms. No automated data quality controls are applied beyond basic input validation.
Monitoring and human oversight. System performance is monitored through API response logging, tracking error rates, and latency. Output quality is primarily assessed through user feedback channels. All interactions are logged for potential review in case of a reported incident.
Post-market monitoring. A post-market monitoring plan is in place, which includes continuous logging of API interactions, review of aggregated usage metrics to detect anomalies or abuse, and a formal process for investigating user-reported issues with model outputs.
Change management. Substantial modifications, such as upgrading to a new model version provided by OpenAI, undergo a review and testing process. This includes assessing the new model's performance and safety characteristics before it is deployed to production users.
Human oversight
Oversight measures. The primary human oversight is performed by the end-user, who provides the initial prompt, reviews the generated output, and can choose to use, modify, or discard it. Outputs are not automatically acted upon without user confirmation.
Opt-out. Users can opt out of using AI-powered features by not engaging with them. There is no global setting to disable the features, as they are integral to the product's functionality.
Override mechanism. Users have full control to override any model output. They can edit the generated text, reject the suggestion entirely, or regenerate the response.
Evaluation, robustness, and red-teaming
Bias and fairness. The system relies on the bias and fairness evaluations conducted by OpenAI for its models. No separate, formal bias evaluation is performed internally. We select models from the provider that are documented as having undergone extensive safety and fairness testing.
Robustness. The system implements application-level rate limiting to prevent abuse. It relies on OpenAI's infrastructure and built-in safety mechanisms to mitigate risks from adversarial inputs and prompt injection.
Accuracy metrics. Accuracy is measured indirectly through user engagement metrics, such as the rate at which generated content is accepted versus discarded or heavily edited by the user. User-reported satisfaction surveys also contribute to the assessment.
Red-teaming. No formal red team to date. The system relies on the security and robustness testing performed by the upstream model provider, OpenAI.
Upstream provider terms
Training opt-out. Customer data submitted via the OpenAI API is not used for training OpenAI's models, as per their standard API data usage policies.
Data residency. United States
Provider SLA. Provider's published SLA
anthropic-llm
Provides large language model inference for advanced text generation and analysis.
| Attribute | Value |
|---|---|
| Provider | Anthropic |
| Model | claude-3-5-sonnet |
| Inputs | prompt content |
| Outputs | Generated text |
| Risk class | Limited risk |
| Human-in-the-loop | Yes |
| Source | src/lib/ai/anthropic-client.ts |
The system processes user-provided data to generate text. The risk is limited as the outputs are informational, subject to user review, and not used for fully automated, high-stakes decision-making. The system does not impact safety-critical systems.
Annex IV technical documentation
General description. This AI system integrates the Anthropic API into the attestly product to provide users with sophisticated text generation based on the Claude family of models. The system is designed to handle complex user prompts and produce coherent, contextually relevant text outputs.
Data and inputs. The sole data input is 'prompt content' provided by the end-user. The system does not process other categories of personal data. Input is passed directly to the Anthropic API for processing.
Monitoring and human oversight. Human oversight is conducted by the product team, who review aggregated and anonymized performance data, including API latency and error rates. Direct output monitoring is limited to investigations of user-reported incidents to protect privacy.
Post-market monitoring. Post-market monitoring involves the continuous collection of performance metrics, a user feedback loop for reporting issues, and a periodic review of the model's suitability for its intended purpose within the attestly product.
Change management. Changes to the integrated Anthropic model (e.g., version upgrades) are subject to an internal change management process, including functional testing and a risk assessment before deployment.
Human oversight
Oversight measures. End-users provide direct human oversight by initiating prompts and evaluating the generated responses. They have the final say on whether to accept, edit, or discard the AI-generated content.
Opt-out. Opt-out is achieved by not using the specific features within attestly that are powered by this AI system. It is an on-demand feature, not a passive processing system.
Override mechanism. Users can freely edit or delete any text generated by the system. They can also request a new response if the first one is unsatisfactory.
Evaluation, robustness, and red-teaming
Bias and fairness. The system relies on Anthropic's public documentation and research on AI safety, including their work on Constitutional AI to mitigate bias and ensure fairness. No independent bias audits are conducted.
Robustness. Robustness is primarily managed by Anthropic's platform, which includes defenses against common adversarial attacks. The attestly application may enforce its own rate limits to prevent service abuse.
Accuracy metrics. System success is measured by user adoption of the feature and qualitative feedback. A low rate of regeneration requests for a given prompt is considered an indicator of accuracy and relevance.
Red-teaming. No formal red team to date. The system relies on the security and robustness testing performed by the upstream model provider, Anthropic.
Upstream provider terms
Training opt-out. Data submitted to the Anthropic API is not used to train their models, in accordance with their commercial terms of service.
Data residency. United States
Provider SLA. Provider's published SLA
google-gemini-llm
Provides multimodal large language model inference for text, vision, and other data types.
| Attribute | Value |
|---|---|
| Provider | Google Generative AI (Gemini) |
| Model | gemini-1.5-pro |
| Inputs | prompt content, uploaded media |
| Outputs | Generated text, Analysis of media |
| Risk class | Limited risk |
| Human-in-the-loop | Yes |
| Source | src/lib/ai/google-genai-client.ts |
The system processes user-provided text and media to generate responses. The risk is limited as outputs are informational and subject to user review. The system is not used for high-risk automated decision-making.
Annex IV technical documentation
General description. This system integrates Google's Gemini models via the Google Generative AI API to provide multimodal capabilities within the attestly product. It allows users to submit text prompts and media files for analysis and generation.
Data and inputs. The system processes 'prompt content' (text) and 'uploaded media' (e.g., images) provided by the user. Data is transmitted to the Google Cloud infrastructure for processing by the Gemini model.
Monitoring and human oversight. Monitoring is performed by tracking API usage, error rates, and response times through Google Cloud's monitoring tools. User feedback is the primary mechanism for assessing output quality and appropriateness.
Post-market monitoring. A post-market monitoring plan includes regular reviews of usage logs, investigation of any reported safety or quality incidents, and staying informed of updates or advisories from Google regarding the Gemini models.
Change management. Significant changes, such as adopting a new version of the Gemini model, follow a documented process of technical evaluation, regression testing, and risk assessment prior to production release.
Human oversight
Oversight measures. The end-user is the primary human in the loop, responsible for submitting inputs and validating the model's output before using it for any purpose.
Opt-out. Users can choose not to use the features powered by Google Generative AI. Use of the system is initiated by explicit user action.
Override mechanism. All outputs from the system are editable and discardable by the user. The user maintains full authority to accept, reject, or modify the AI-generated content.
Evaluation, robustness, and red-teaming
Bias and fairness. The system relies on the extensive safety and fairness research, testing, and filtering mechanisms developed by Google for its Gemini models. We do not conduct independent fairness evaluations.
Robustness. The system leverages the security and infrastructure of Google Cloud, which includes protections against common attacks. Application-level controls like input validation and rate limiting are also in place.
Accuracy metrics. Accuracy is evaluated based on user satisfaction, measured through direct feedback channels and behavioral metrics like the frequency of re-generating responses.
Red-teaming. No formal red team to date. The system relies on the security and robustness testing performed by the upstream model provider, Google.
Upstream provider terms
Training opt-out. As per Google's Generative AI API terms, customer data is not used to train the underlying models.
Data residency. United States (Google Cloud, customer-selectable)
Provider SLA. Provider's published SLA
openrouter-gateway
Acts as a routing gateway to various underlying large language models.
| Attribute | Value |
|---|---|
| Provider | OpenRouter |
| Model | Customer-configured |
| Inputs | prompt content |
| Outputs | Generated text |
| Risk class | Limited risk |
| Human-in-the-loop | Yes |
| Source | src/lib/ai/router-client.ts |
This system is a gateway that routes requests to other AI models. The risk profile is dependent on the downstream model selected, but is generally limited as outputs are informational and user-reviewed.
Annex IV technical documentation
General description. This system utilizes the OpenRouter API as a unified gateway to access a wide range of large language models from different providers. Its purpose is to abstract the complexity of integrating multiple models and provide flexibility in model selection for different tasks within the attestly product.
Data and inputs. The system processes 'prompt content' from the user. This data is then forwarded by OpenRouter to the specific downstream model provider selected for the request.
Monitoring and human oversight. Monitoring is focused on the gateway's performance, including request routing success rates, latency, and costs. Oversight of the final output quality remains with the end-user.
Post-market monitoring. Post-market monitoring involves tracking the reliability and cost-effectiveness of different models available through OpenRouter and adjusting routing strategies based on this data and user feedback.
Change management. Changes to the set of models used via OpenRouter or the default routing logic are reviewed internally to ensure continued performance and cost-effectiveness.
Human oversight
Oversight measures. The end-user provides human oversight by reviewing the output generated by the model that OpenRouter routed the request to. The user can accept, edit, or discard the output.
Opt-out. Users can opt out by not using the AI features that are configured to use the OpenRouter gateway.
Override mechanism. Users can edit or discard any output. Depending on the feature's implementation, they may also be able to request the use of a different underlying model.
Evaluation, robustness, and red-teaming
Bias and fairness. Evaluation of bias and fairness is dependent on the underlying model selected through OpenRouter. The system relies on the safety measures of the downstream providers (e.g., OpenAI, Anthropic).
Robustness. Robustness depends on the security of both the OpenRouter gateway and the downstream model provider. The system relies on their respective measures against adversarial attacks.
Accuracy metrics. Accuracy is evaluated based on the performance of the selected downstream models for specific tasks, measured by user feedback and engagement.
Red-teaming. No formal red team to date.
Upstream provider terms
Training opt-out. The training data policy is determined by the end model provider selected via OpenRouter. We configure routing to use providers that do not train on API data.
Data residency. Depends on selected provider
Provider SLA. Provider's published SLA
portkey-gateway
Provides an observability and routing gateway for large language model APIs.
| Attribute | Value |
|---|---|
| Provider | Portkey |
| Model | Customer-configured |
| Inputs | prompt content, request metadata |
| Outputs | Generated text |
| Risk class | Limited risk |
| Human-in-the-loop | Yes |
| Source | src/lib/ai/gateway-config.ts |
This system functions as an observability and routing layer. The risk is limited as it primarily forwards data to other AI providers and provides analytics. The final output is user-reviewed.
Annex IV technical documentation
General description. This system uses Portkey as an AI gateway to manage and monitor requests to various large language model providers. Its primary purpose is to provide observability, caching, and reliable routing for all AI-powered features in the attestly product.
Data and inputs. The system processes 'prompt content' and associated 'request metadata' (like user IDs or session info for logging). This data is passed through Portkey's infrastructure to the target LLM provider (e.g., OpenAI, Anthropic).
Monitoring and human oversight. Portkey provides the primary tools for monitoring and oversight of AI interactions, including detailed logs, cost tracking, and performance analytics. The product team reviews this data to ensure system health and efficiency.
Post-market monitoring. Post-market monitoring is facilitated by Portkey's dashboard, allowing for continuous review of AI model performance, cost, and usage patterns to inform operational decisions and identify potential issues.
Change management. Changes in routing logic, model fallbacks, or other configurations within Portkey are managed and tested by the engineering team to prevent service disruptions.
Human oversight
Oversight measures. Human oversight is provided by the end-user who reviews the final output from the downstream model, and by the engineering team who uses Portkey's observability data to monitor system health.
Opt-out. Users can opt out by not using the AI features that are managed through the Portkey gateway.
Override mechanism. Users can edit, discard, or regenerate any output received from the AI models accessed via Portkey.
Evaluation, robustness, and red-teaming
Bias and fairness. The evaluation of bias and fairness is the responsibility of the downstream model providers. Portkey itself is a neutral gateway and does not alter model outputs.
Robustness. Robustness is a function of the Portkey gateway's reliability and the security of the end model provider. Portkey may offer features like retries and fallbacks to improve overall system robustness.
Accuracy metrics. Accuracy is a characteristic of the underlying model. Portkey helps measure it by logging user feedback and tracking metrics like response latency and success rates.
Red-teaming. No formal red team to date.
Upstream provider terms
Training opt-out. The training data policy depends on the end model provider. Portkey does not train its own models on customer prompt data.
Data residency. United States
Provider SLA. Provider's published SLA
lmstudio-local
Enables local, self-hosted large language model inference.
| Attribute | Value |
|---|---|
| Provider | LM Studio (self-hosted) |
| Model | Customer-controlled |
| Inputs | prompt content |
| Outputs | Generated text |
| Risk class | Minimal risk |
| Human-in-the-loop | Yes |
| Source | src/lib/ai/local-client.ts |
The system runs entirely within the customer's own environment. No data is transmitted to third parties, minimizing privacy and security risks. The risk is therefore considered minimal.
Annex IV technical documentation
General description. This system provides an interface for the attestly product to connect to a local AI model server managed by the customer using LM Studio. It allows for AI processing to occur entirely within the customer's infrastructure.
Data and inputs. The system processes 'prompt content' provided by the user. All data remains within the customer's network, flowing from the user's client to their self-hosted LM Studio instance.
Monitoring and human oversight. Monitoring and oversight of the self-hosted model are the sole responsibility of the customer. The attestly product does not have visibility into the performance or outputs of the local model.
Post-market monitoring. Post-market monitoring is the responsibility of the customer who operates the LM Studio instance and the models within it.
Change management. The customer is responsible for all change management related to their self-hosted models, including updates and configuration changes.
Human oversight
Oversight measures. Human oversight is provided by the end-user who reviews the output from their local model.
Opt-out. This is an opt-in feature. Users who do not configure a local model endpoint will not use this system.
Override mechanism. Users can edit or discard any output generated by their local model.
Evaluation, robustness, and red-teaming
Bias and fairness. The evaluation of bias and fairness for the self-hosted model is the responsibility of the customer. The performance depends entirely on the model they choose to run.
Robustness. The robustness of the system depends on the customer's infrastructure and the specific model they have deployed.
Accuracy metrics. The customer is responsible for defining and measuring the accuracy of their self-hosted model.
Red-teaming. Red teaming is the responsibility of the customer for their self-hosted environment.
Upstream provider terms
Training opt-out. As the model is self-hosted, no customer data is used for training by any third party. The customer controls any fine-tuning or training processes.
Data residency. Customer-controlled
Provider SLA. Customer-controlled
Data flows
| From | To | Categories | Purpose |
|---|---|---|---|
| attestly application backend | OpenAI API | Communications, Identifiers | To generate text-based responses and embeddings based on user prompts. |
| attestly application backend | Anthropic API | Communications | To generate text-based responses to user prompts. |
| attestly application backend | Google Generative AI (Gemini) API | Communications, Other | To generate responses from text prompts and uploaded media. |
| attestly application backend | OpenRouter API | Communications | To route user prompts to a selected downstream LLM provider. |
| attestly application backend | Portkey API | Communications, Identifiers | To provide observability and routing for requests to other LLM providers. |
Training-data policy
Domenic Julian's workspace is committed to protecting customer data. The attestly product uses third-party AI providers such as OpenAI, Anthropic, and Google Generative AI (Gemini) whose commercial API terms specify that customer data submitted will not be used to train their models. We exclusively use these non-training APIs for processing customer data. For customers utilizing the self-hosted model option (LM Studio), all data processing occurs within the customer's own environment, and no data is sent to Domenic Julian's workspace or any third-party AI provider. Therefore, no customer data is ever used to train our or our sub-processors' general-purpose AI models.
Governance & oversight
Our AI governance framework is centered on responsible implementation and user transparency. We select AI providers that demonstrate a strong commitment to safety, security, and ethical AI principles. All new AI features undergo an internal review process to assess their purpose, potential risks, and user impact. We rely on a combination of automated monitoring of our AI systems' performance and user feedback channels to identify and address any issues, such as poor output quality or potential misuse. Model versions and providers are periodically reviewed to ensure they continue to meet our standards.
Acceptable use
Users of AI features within attestly must not submit any input that is unlawful, harmful, abusive, or infringes on the rights of others. This includes, but is not limited to, content related to hate speech, harassment, and child sexual abuse material (CSAM). The generation of such content is also strictly prohibited. We reserve the right to monitor inputs and outputs to detect and prevent abuse. Use of the AI systems must also comply with the acceptable use policies of our underlying AI providers, including OpenAI, Anthropic, and Google.
Incident response
Classification. AI-specific incidents are classified based on severity: P0 (Critical) for system-wide model outages or critical security vulnerabilities; P1 (High) for data leakage via model output or significant service degradation; P2 (Medium) for bypass of safety filters or prompt-injection vulnerabilities; P3 (Low) for minor degradation in output quality.
Detection. Incidents are detected through a combination of automated monitoring of API error rates, latency, and costs; alerts from our observability platform (Portkey); security scanning; and reports from our users and internal teams.
Response SLA. Our target initial response time for AI-related incidents is 1 business hour for P0/P1 incidents and 8 business hours for P2/P3 incidents.
Customer notification. In the event of a security incident involving customer data, we will notify affected customers without undue delay, in accordance with our Data Processing Addendum and applicable legal obligations. Notifications for operational incidents like model outages will be provided via our status page.
End-user disclosure
Within the attestly product, any feature that utilizes generative AI to produce content is clearly marked. This ensures that users are always aware when they are interacting with an AI system versus a deterministic software component. We believe in transparency and want users to have clear context about how their data is being processed.
Child safety
The attestly product is not directed at or intended for use by individuals under the age of 16. We do not knowingly collect or process personal data from children. If we become aware that personal data from a child has been processed through our AI systems, we will take steps to delete that information.
EU AI Act conformity
Annex IV technical documentation applies to one or more systems above.
This document provides transparency into the AI systems used within the attestly product. It is intended to help customers with their own risk assessments and due diligence processes, including those related to emerging regulations such as the EU AI Act, for which this document provides information aligned with the technical documentation requirements of Annex IV.