AI Policy

At Senbee we are an AI-first company. We use artificial intelligence (AI) extensively in our internal development, testing, security, support, and operational workflows, and we also offer selected AI-powered features and integrations within the Senbee platform.

Our use of AI is governed by the same principles that apply across our information security management system: confidentiality, integrity, availability, data minimisation, privacy by design, secure development, supplier control, accountability, and customer control. This policy supports our approach to responsible AI use and is aligned with relevant ISO 27001 information security controls.

Scope

This policy applies to:

• AI used internally by Senbee employees, contractors, and approved partners.
• AI used in software development, testing, documentation, troubleshooting, and security workflows.
• AI-powered features, integrations, and automations made available within the Senbee platform.
• AI support tools used in customer communication, live chat, and operational support.
• Third-party AI providers and services approved for use by Senbee.

How we use AI

Senbee uses AI to improve speed, quality, consistency, and user experience. This includes:

• Product features: to power specific functions inside Senbee, such as assistance, summarisation, classification, suggestions, drafting, content generation, and automation.
• Platform integrations: to allow customers to connect approved AI providers, such as OpenAI, for clearly labelled AI-powered functionality.
• Internal software development: to generate, review, refactor, document, and test code.
• Internal testing and quality assurance: to support test generation, debugging, issue analysis, and release validation.
• Security and operations: to assist with log review, documentation, incident analysis, policy drafting, and operational improvements.
• Support: optional AI support agents in our live chat to answer questions faster and route issues correctly.

AI-generated code

A significant part of Senbee's software development is supported by AI. AI may generate or assist with code, tests, documentation, configuration, and technical analysis. However, AI-generated code is treated as Senbee code and is subject to the same security, quality, and review requirements as code written manually.

AI-assisted development must follow our secure development practices, including:

• Human review before code is merged or deployed.
• Secure coding principles and protection against common vulnerabilities.
• Testing appropriate to the change, including functional, integration, and security testing where relevant.
• Review of third-party dependencies, libraries, and generated suggestions before use.
• Protection of secrets, credentials, customer data, and confidential information.
• Traceability through version control, pull requests, issue tracking, and release records.

AI output must not be accepted blindly. Employees remain responsible for validating correctness, security, licensing implications, and suitability before using AI-generated work.

Customer data and AI

Senbee does not process customer data through external AI systems unless this is part of a customer-enabled AI integration or another explicitly agreed service configuration.

For Senbee's internal use of AI, employees must not submit customer personal data, tenant data, access logs, credentials, secrets, confidential customer records, or other customer-controlled information to external AI systems.

Where AI processing is used within Senbee-controlled environments, we apply appropriate technical and organisational controls, including access control, logging, encryption, data minimisation, and retention management.

Customer-enabled AI integrations

Senbee may offer AI integrations, including integrations with providers such as OpenAI, for features such as content generation, drafting, summarisation, classification, or other AI-assisted workflows.

AI integrations are clearly labelled in the Senbee platform. Where a customer chooses to use an AI integration, the customer is responsible for ensuring that the information they submit is appropriate for that AI service and does not include personal data, confidential information, or their own customer data unless they have a lawful basis and the necessary rights, notices, agreements, and safeguards in place.

Senbee designs AI integrations to support customer control and transparency. Where relevant, we provide information about the AI provider, the purpose of processing, and any applicable configuration options.

Third-party AI providers

Senbee may use vetted third-party AI providers for approved business purposes. Before use, AI providers are assessed based on relevant security, privacy, contractual, and operational requirements.

Where third-party AI providers act as processors for Senbee, we require appropriate contractual safeguards. We do not allow customer data submitted through Senbee to be used to train public or general-purpose AI models, unless the customer has explicitly enabled and accepted such processing through their own provider configuration.

AI providers and relevant sub-processors are managed through our supplier management and information security processes.

What we do not do

• We do not sell customer data.
• We do not use customer data to train public or general-purpose AI models.
• We do not submit customer data to external AI systems for internal development, testing, support, or operational use.
• We do not intentionally send passwords, secret keys, API tokens, private certificates, or similar credentials to AI systems.
• We do not allow AI output to bypass human accountability in security, legal, compliance, or production decisions.

AI support agents in live chat

If you contact us via live chat, you may interact with an AI support agent.

• AI agents are clearly identified in the chat experience.
• You can request a human agent at any time.
• AI agents are intended to assist with general support, routing, and basic guidance.
• Chat transcripts may be stored as part of our support records in line with our retention practices.
• Chat transcripts may be reviewed to improve support quality and internal support processes, but are not used to train external public AI models.

Security and controls

Senbee protects AI-related processing using security controls aligned with our information security management system, including:

• Role-based access controls and least-privilege permissions.
• Secure authentication for approved AI services.
• Logging and monitoring of relevant AI-related activity.
• Encryption in transit and at rest where applicable.
• Data minimisation and restrictions on sensitive input.
• Review and approval of AI tools before business use.
• Supplier review, contractual safeguards, and sub-processor management.
• Secure coding, peer review, and testing for AI-generated or AI-assisted code.
• Incident management procedures for suspected data exposure, misuse, or security issues involving AI.

Acceptable use of AI by Senbee personnel

Senbee personnel may use approved AI tools to improve productivity, quality, and decision support. AI tools must be used responsibly and in accordance with our internal security policies.

Employees and contractors must not use AI tools to:

• Process customer data in external AI systems without approval.
• Process personal data unless there is a valid business purpose and an approved processing basis.
• Upload secrets, passwords, API keys, certificates, tokens, or private credentials.
• Bypass security reviews, code reviews, approval processes, or change management.
• Make automated decisions with legal, financial, employment, access, or security impact without appropriate human review.
• Generate or use code, text, images, or other material that infringes third-party rights or violates applicable law.

Accuracy and human review

AI-generated output can be incorrect, incomplete, outdated, or misleading. AI features and AI-assisted workflows are intended to assist users and employees, not replace professional judgement.

Senbee applies human review where AI output may affect security, production systems, customer-facing information, compliance, contractual obligations, or operational decisions. Customers should not rely on AI output as legal, compliance, financial, medical, or security advice without independent verification.

Privacy and data protection

Senbee applies privacy by design and data minimisation principles to AI-related processing. Where personal data is processed, we assess the purpose, necessity, lawful basis, retention, access, and security requirements before use.

Where AI features involve customer-controlled data, the customer remains responsible for determining whether their use of the feature is appropriate for their own data, users, customers, and legal obligations.

Transparency

We aim to make AI use clear and understandable. AI-powered platform features and AI support agents are labelled where relevant. We document relevant sub-processors and data processing practices in our Privacy Policy, Data Processing Agreement, and Sub-Processors list.

Governance and review

Senbee reviews its use of AI as part of its information security, privacy, supplier management, and software development processes. AI tools, integrations, and workflows may be reviewed when there are changes to technology, providers, risks, legal requirements, or business use.

This policy is reviewed periodically and updated when necessary to reflect changes in Senbee's use of AI, applicable law, customer expectations, and our information security management system.

Questions

If you have questions about how AI is used in Senbee, contact us at security@senbee.com.