CustomerNode

Theme: Light

AI Governance

CustomerNode uses generative AI to assist users — not to make autonomous decisions on their behalf. AI features are opt-in at the tenant level, customer data is not used to train shared foundation models, and vendor configurations are reviewed against documented risk categories. The full policy is the GenAI Governance Policy; this page summarizes what procurement and security teams typically need to know.

Governance principles

  • AI is an aid to user workflows, not an autonomous decision-maker for material or legal outcomes.
  • AI outputs are presented as advisory; users remain responsible for reviewing and adopting them.
  • AI is not used for behavioral profiling or discriminatory purposes.
  • AI use is treated as a controlled processing activity and is subject to ongoing review.

Tenant controls

  • AI functionality can be enabled or disabled at the tenant level by a tenant administrator.
  • When disabled, customer data from that tenant is not transmitted to any AI subprocessor.
  • When enabled, only the minimum data required to produce the requested output is sent.
  • Tenants may disable AI features at any time without affecting remaining non-AI functionality.

AI disablement

Tenant administrators may disable AI functionality entirely. When AI is disabled:

  • No new AI requests are issued from that tenant's environment.
  • No customer data from that tenant flows to AI subprocessors.
  • Existing AI-generated artifacts already stored in the tenant remain in place; the tenant may delete them through standard data-management controls.

No-training commitments

CustomerNode does not use customer data to train shared or general-purpose foundation models.

CustomerNode may support tenant-specific AI optimization, retrieval augmentation, embeddings, fine-tuning, or model adaptation where explicitly enabled for that tenant. Any such processing remains logically isolated to the applicable tenant environment and is not used to improve shared models across customers.

Where third-party AI providers expose controls to prevent the use of submitted data for training shared models, CustomerNode configures those controls accordingly.

Tenant isolation

AI prompts, embeddings, retrieval indexes, and outputs are kept logically isolated to the tenant from which they originated. CustomerNode does not pool customer data across tenants for the purpose of producing AI features.

Vendor controls

CustomerNode performs documented assessments of its AI vendors against the OWASP Top 10 for LLM Applications. The assessment covers, among other categories: prompt injection, data leakage, insecure output handling, excessive data exposure, and access-control risks. Findings are addressed through the Secure Development Lifecycle and revisited as OWASP guidance, vendor capabilities, or our integration evolves.

Risk management

  • AI integrations are deployed under the same change-management, code-review, and testing controls as the rest of the platform.
  • Inputs are subject to application-layer validation; outputs are treated as untrusted input prior to display or downstream use.
  • Usage is monitored for anomalous or abusive patterns and rate-limited where appropriate.

Acceptable use

Users may not use AI features to circumvent safety controls, extract underlying models or prompts, generate harmful or illegal content, or build competing AI systems from CustomerNode outputs. The full list is in Section 5(F) of the Terms of Use.

Contact & accountability

CustomerNode maintains internal ownership of AI governance. Questions about this page, the formal policy, or AI data handling may be directed to Michael Cantow at [email protected].

First-Party AI

1-2 minutes please — Your AI agent is working

First-Party AI™ can make mistakes. Always check important information.