Responsible AI Policy

Stratavor develops and operates software that uses artificial intelligence (AI) to help finance and strategy teams interpret data, generate narratives, and support decision-making. This Responsible AI Policy sets out how we design, deploy, and govern those capabilities so they remain lawful, trustworthy, and aligned with human judgment.

This policy applies to Stratavor Limited and its personnel, and to AI features we offer to customers through the Stratavor service. It complements our Terms of Use, Customer Privacy Notice, Data Protection Policy, Cyber Security Policy, and Sub-processor Register.

Human accountability: AI assists users; people remain responsible for business, financial, and compliance decisions. Users should review outputs, validate material figures against source systems, and not treat AI-generated text as professional advice.

Transparency: We aim to make it clear where outputs are AI-assisted, what classes of data are involved at a high level, and that outputs may be incomplete or incorrect.

Privacy and data minimisation: We process personal and commercial data only as described in our privacy materials and customer agreements, apply access controls, and do not use customer content to train third-party foundation models.

Security and reliability: We implement technical and organisational measures consistent with our security programme and monitor for abuse of customer-facing AI features.

Fairness and non-discrimination: We seek to avoid designing features in ways that encourage unlawful discrimination or exclusion; where models may reflect biases in data, users should apply judgment and controls appropriate to their context.

Stratavor may use AI to summarise metrics, draft commentary, answer natural-language questions over connected data, and suggest insights, subject to product configuration and plan. Outputs are generated from customer-authorised data and platform context. Features may evolve; material changes to how AI is used will be reflected in product documentation and, where appropriate, contract terms and this policy.

Processing of personal data in connection with AI features is governed by our role as processor or controller (as applicable), our DPA where executed, and applicable Data Protection Laws. We retain data in line with our Data Protection Policy and customer agreements.

Where we use third-party model providers (e.g., large language model APIs), we contract for processing in line with GDPR and use configurations intended to exclude customer data from model training, consistent with our published terms and trust materials. Authorised sub-processors are listed in the Sub-processor Register.

Customers and users must not use Stratavor AI features to: generate unlawful, harassing, or deceptive content; attempt to extract personal data they are not entitled to access; bypass security or rate limits; or automate high-stakes decisions (e.g., credit, hiring, or medical outcomes) without appropriate human oversight and legal review. Stratavor may suspend or restrict use that poses security, legal, or reputational risk.

AI outputs may contain errors, omissions, or outdated reasoning. Stratavor does not warrant that outputs are complete or suitable for any particular regulatory filing or audit. For board, investor, or statutory reporting, customers should apply their own review, sign-off, and record-keeping practices.

The board and leadership are responsible for maintaining this policy and ensuring AI capabilities are proportionate to Stratavor's size, risk profile, and customer commitments. The ESG & Compliance Lead (or designee) coordinates updates, vendor due diligence for AI sub-processors, and alignment with incident response where AI-related issues arise.

Concerns about misuse of AI, biased or harmful outputs, or gaps in our controls may be reported via privacy@stratavor.com or through the channels described in our Whistleblowing Policy. We will review credible reports and take remedial action where appropriate.

This policy will be reviewed at least annually and whenever we introduce materially new AI capabilities or providers. The effective date reflects the latest publication on the Trust centre.

Terms of Use; Customer Privacy Notice; Data Protection Policy; Cyber Security Policy; Sub-processor Register; Whistleblower Policy; Anti-Corruption & Anti-Bribery.