AI Ethics & Governance
Vantage is committed to responsible AI use. This page outlines our principles for ethical AI, how data is handled, and the governance controls available to your organization.
Core Principles
1. Transparency
- All AI-generated content is clearly labeled as AI-produced
- Users can see which AI provider and model is generating responses
- Token usage is tracked and visible per user, client, and organization
- AI context snippets are visible and editable by authorized users
2. Data Ownership
- Your data is yours. Vantage does not use your data to train AI models
- Data sent to AI providers is used only for generating the requested response
- No AI provider retains your data beyond the API request lifecycle (subject to each provider's data policies)
3. Human in the Loop
- AI provides insights and suggestions — humans make decisions
- AI-generated summaries, enrichments, and classifications should be reviewed before acting on them
- Workflow AI nodes produce outputs that can be inspected at every step
- The AI Compliance Check node explicitly flags items for human review
4. Bias Awareness
- AI models can reflect biases present in their training data
- Vantage does not fine-tune or modify provider models — responses come directly from the provider
- Organizations should review AI outputs critically, especially for decisions affecting people or compliance
- Context snippets can be used to guide AI away from biased patterns
Governance Controls
Vantage provides multiple controls for managing AI use within your organization.
Provider Selection
Administrators choose which AI provider is used across the organization. This allows you to:
- Select a provider that meets your compliance and regulatory requirements
- Use a provider with specific data residency guarantees (e.g., Mistral for EU hosting)
- Standardize on a single provider for consistent behavior
Domain Restrictions
Restrict which external domains can be connected for integrations, limiting the surface area of data that interacts with AI features.
Configure in Settings → AI Features → Domain Restrictions.
Context Snippet Management
Organization-level context snippets are managed by admins and shared across all users. This ensures:
- Consistent AI behavior across the team
- Company-specific terminology and priorities are respected
- Custom instructions apply uniformly
Role-Based Access
AI settings and configurations respect Vantage's role-based permission system:
- Owners and Admins can configure providers, manage context snippets, and view organization-wide usage
- Standard users can use AI features but cannot change provider configurations
- Restricted roles may have AI features disabled entirely
Token Usage Monitoring
Track and review AI usage at the user, client, or organization level through the Usage Overview dashboard. Use this to:
- Identify unusually high consumption
- Set internal usage guidelines
- Audit AI usage for compliance purposes
AI Compliance Check Node
For organizations with formal compliance requirements, the AI Compliance Check workflow node evaluates data rows against defined policies:
- Define compliance criteria in natural language
- Each row receives a PASS or FAIL classification
- Failed rows are flagged with a reason for human review
- Audit trails are preserved in workflow execution logs
Example policy:
"Evaluate each customer record. FAIL any record that: (1) is missing a consent date, (2) has a consent date older than 24 months, or (3) has an empty email address. All others PASS."
Data Handling Guidelines
| Concern | How Vantage Addresses It |
|---|---|
| Is my data used for training? | No. Vantage does not use your data to train models. Provider policies vary — see each provider's terms. |
| Is data stored by providers? | Most providers do not retain data from API requests. Check your provider's data retention policy. |
| Can I control what data is sent? | Yes. Only data relevant to the specific AI request is sent. Enable data sampling to limit row counts. |
| Who can see AI responses? | Only the user who initiated the request, unless data is shared via email or reports. |
| Are AI interactions logged? | Token usage is logged. Conversation content is stored for the duration of the session. |
Best Practices for Responsible AI Use
- Review AI outputs before sharing with stakeholders or making decisions
- Keep context snippets current — outdated context leads to less relevant responses
- Use the Compliance Check node for regulated data processing workflows
- Monitor token usage regularly to catch unexpected patterns
- Choose providers thoughtfully based on your data sensitivity and regulatory requirements
- Educate your team on AI limitations — AI can be wrong, outdated, or biased