Responsible AI Policy

Last updated: March 7, 2026

This Policy supplements the Grecocloud Terms of Service and Privacy Policy.

Purpose

Grecocloud uses artificial intelligence in its advisory work and advises clients on AI strategy, security, and governance. This policy defines the principles, commitments, and boundaries that govern how we use AI in our own operations and how we approach AI in our client engagements.

We hold ourselves to the same standard we recommend to clients. If we advise companies on responsible AI adoption, we must demonstrate responsible AI practice.

How Grecocloud Uses AI

We use AI tools and capabilities in the following areas of our business:

  • Research and analysis. AI-assisted research for competitive intelligence, market analysis, and technology landscape evaluation during client engagements.
  • Document preparation. AI-assisted drafting of assessment reports, recommendations, and deliverables, always reviewed and validated by our team before delivery.
  • Internal operations. AI tools for productivity, scheduling, communication, and business operations.

We do not use AI to make autonomous decisions on behalf of clients. All recommendations, assessments, and strategic guidance delivered to clients reflect our professional judgment, informed by experience and validated through human review.

Our Commitments

Human oversight and accountability

  • Every client deliverable is reviewed, validated, and approved by a senior advisor before delivery. AI may assist in preparation, but a human is always accountable for the final output.
  • We do not present AI-generated content as solely human-authored without disclosure. When AI tools have materially contributed to analysis or drafting, we are transparent about our process when asked.
  • We maintain clear accountability for every recommendation we make, regardless of what tools were used in the process.

Data protection and client confidentiality

  • We do not input client Confidential Information into public AI models, consumer-grade AI tools, or any system where client data could be used to train third-party models.
  • When AI tools are used in client engagements, we use enterprise-grade services with appropriate data processing agreements that prohibit the use of input data for model training.
  • Client data shared during engagements is handled in accordance with our Privacy Policy, applicable Engagement Agreements, and the confidentiality provisions in our Terms of Service.

Accuracy and professional responsibility

  • AI outputs are probabilistic and may contain errors. We treat AI-generated content as a starting point, not a final product. All analysis, findings, and recommendations are validated against our professional expertise and available evidence.
  • We do not rely on AI outputs for security assessments, vulnerability findings, or risk evaluations without independent verification.
  • When we identify limitations in AI-assisted analysis, we disclose those limitations to clients rather than presenting incomplete findings as comprehensive.

Fairness and bias awareness

  • We monitor for potential bias in AI-assisted analysis, particularly in competitive assessments, market evaluations, and risk scoring.
  • When advising clients on AI adoption, we include bias identification and mitigation as part of our standard assessment framework.
  • We do not use AI to make or recommend decisions that could discriminate based on protected characteristics.

Principles Guiding Our AI Advisory Work

When we advise clients on AI strategy, security, and governance, our work is guided by:

Security first

AI systems are attack surfaces. We evaluate every AI recommendation through a security lens, including prompt injection risks, data exfiltration vectors, privilege escalation in multi-agent systems, and unintended autonomous actions. Our CISSP-certified expertise informs every AI advisory engagement.

Outcomes over hype

We recommend AI adoption when it creates measurable value, not because it is fashionable. Our AI Competitive Response Sprint and related services are designed to identify where AI matters, where it does not, and where the risks outweigh the benefits. We will tell clients not to pursue AI if the evidence points that way.

Governance as a feature, not an afterthought

We advise clients to build governance, permissioning, audit trails, human-in-the-loop checkpoints, and kill switches into AI systems from the start, not to bolt them on after deployment. Responsible AI governance is a core component of every engagement that touches AI.

Transparency with clients

We are transparent about the capabilities and limitations of AI technologies. We do not overstate what AI can achieve, and we are direct about the risks, costs, and organizational readiness required for successful AI adoption.

Prohibited Uses

Grecocloud will not use AI to:

  • Generate or distribute disinformation, deceptive content, or fraudulent materials
  • Conduct or facilitate unlawful surveillance, identification, or tracking
  • Depict any person’s voice, likeness, or identity without consent
  • Produce content that exploits, harasses, or harms any individual
  • Make autonomous decisions affecting individuals without human oversight
  • Process client data in ways that violate our confidentiality obligations or applicable law

We will not advise clients to deploy AI in ways that violate these principles, regardless of the commercial opportunity.

Third-Party AI Tools

We evaluate all third-party AI tools used in our work against the following criteria:

  • Data handling practices (does the provider use input data for model training?)
  • Enterprise data processing agreements and security certifications
  • Data residency and jurisdictional compliance
  • Incident response and breach notification capabilities
  • Alignment with our confidentiality and data protection obligations

We maintain a current inventory of AI tools used in client-facing work and can provide this information to clients upon request.

Enforcement and Accountability

This policy applies to all Grecocloud personnel, contractors, and any specialists engaged in the delivery of our services.

Violations of this policy will be addressed through appropriate corrective action, which may include termination of the working relationship.

If a client or partner believes Grecocloud has acted inconsistently with this policy, we encourage them to contact us directly at legal@grecocloud.com. We take all such reports seriously and will investigate promptly.

Policy Updates

This Responsible AI Policy may be updated as regulations, best practices, and our own understanding of responsible AI evolve. We will indicate changes by updating the “Last Updated” date at the top of this page.

Contact

Questions about this policy or our AI practices can be directed to:

Grecocloud Email: legal@grecocloud.com Location: Boca Raton, Florida