Responsible AI Policy

At GuruMood we build AI systems with a responsible approach. Our guiding principles are:

• Usefulness: systems should produce useful, measurable results for the customer and their users.
• Safety: we minimize risks through guardrails, testing, monitoring, and content controls.
• Transparency: we disclose when a user is interacting with an automated system and explain the capabilities and limitations of our agents.
• Human oversight: we keep humans in the loop for high-impact decisions and for product iteration.
• Privacy and data protection: we apply minimization, purpose limitation, and appropriate technical controls.
• Fairness and non-discrimination: we evaluate biases and impacts on vulnerable populations where relevant.
• Accountability: we maintain decision traceability, audit logs, and an incident response process.

We integrate models from several providers depending on the use case, including (without limitation): OpenAI, Anthropic, Google, Meta (open weights), and self-hosted open-source models. Model selection considers quality, safety, compliance, cost, latency, language support, and contractual terms (including no-training terms and data handling policies).

• We do not use customer or end-user data to train our own or third-party foundation models. We use provider API tiers that exclude training on submitted data.
• Prompts and contexts are sent to model providers only to the extent necessary to produce the requested response, and are subject to the provider's data handling policies (which we review before selecting them).
• Customer data may be used to tune customer-specific configurations (e.g., prompts, templates, retrieval sets) for that customer only.
• When a customer explicitly requests fine-tuning with its own data, we perform it in segregated environments, under specific agreements and isolation measures.
• We will not sell or transfer customer data to third parties for training or enrichment purposes.

Before deploying an agent, we carry out functional and safety evaluations, including prompt injection testing, information leakage, toxic responses, hallucinations, and adherence to customer rules. We maintain internal evaluation sets and monitor quality in production.

• Versioned system prompts with access controls over their modification.
• Input and output content filters (e.g., toxicity, PII, sensitive content).
• Defenses against prompt injection (delimiters, isolated retrieval, sanitization of external sources).
• Rate limits, quotas, and circuit breakers per customer and integration.
• Allowlist of domains and tools when agents use external tools.
• Centralized monitoring with alerts for anomalous behavior.

When an end-user interacts with an automated system (for example, a chatbot or voice agent), we provide a clear disclosure at the start of the interaction or in a visible location, as required by applicable regulations (including EU AI Act Art. 50 and US laws such as California SB 1001). Customers are responsible for configuring disclosures in line with their legal obligations and local context.

For synthetic content (images, videos, cloned voices), we will apply watermarks or metadata where regulation requires, and we discourage deceptive use under the Acceptable Use Policy.

For use cases with legal or similarly significant impact (employment, credit, health, housing, education, law enforcement), we maintain meaningful human oversight and provide mechanisms for users to request human review, contest decisions, and receive clear explanations. We respect the rights in GDPR Art. 22 and equivalent requirements in other jurisdictions.

We design our services with the obligations of Regulation (EU) 2024/1689 (AI Act) in mind. We assess the risk level of each use case, avoid prohibited practices (for example, social scoring, subliminal manipulation, real-time remote biometric identification in public spaces for law enforcement outside of exceptions), and apply additional safeguards for systems considered high-risk.

As a provider or deployer (depending on the role) of foundation models, we will make technical documentation available to customers so they can meet their own AI Act obligations.

We test for bias in sensitive use cases and work with customers to mitigate disproportionate impacts. We acknowledge that foundation models may reflect biases in their training data; we apply prompting, filtering, and product design to mitigate the risk.

See our Acceptable Use Policy for the full list. In summary, GuruMood does not permit the use of its services for practices prohibited by the AI Act, generation of illegal or deceptive content, unauthorized impersonation, harmful manipulation, mass surveillance, or any use that violates applicable laws or third-party rights.

We keep access, configuration, prompt change, invocation, and output logs (depending on sensitivity and customer-agreed configuration) to support audit, debugging, security, and compliance. Logs are protected with the same controls applied to production data and are subject to the Data Retention Policy.

If we detect an AI incident (for example, an information leak, a harmful response, a guardrails failure), we activate our response plan: containment, impact analysis, customer notification, remediation, and post-mortem review. Incidents involving personal data are handled under the DPA and applicable data protection laws.

Where technically feasible, we offer users and customers mechanisms to opt out of AI processing, request human intervention, see what data is used, and request deletion of data from prior interactions.

For questions about this policy or to report an AI-related issue, contact ai@gurumood.com or privacy@gurumood.com.