Grassfeld - Artificial Intelligence Policy

As developers of AI, we at Grassfeld are aware of the ethical issues associated with its use. Therefore, we employ seven core principles that highlight these ethical considerations.

‍

These principles are closely aligned with fundamental rights and reflect important ethical concerns when using AI.

• Human autonomy and oversight: we ensure that human autonomy and oversight are central, with a strong emphasis on respecting fundamental rights;
• Technical robustness and security: our systems are technically robust and secure, with comprehensive attack protection, security protocols, contingency plans, and an overall focus on safety, accuracy, reliability, and reproducibility;
• Privacy and data management: we handle privacy and data management with the highest care, respecting privacy, ensuring data quality and integrity, and responsibly managing access to that data;
• Transparency: we value transparency through traceability, explainability, and clear communication of our processes and decisions;
• Diversity, non-discrimination, and equity: we promote diversity, avoid unfair prejudice, ensure accessibility and universal design, and encourage the participation of all stakeholders;
• Social and environmental well-being: we focus on sustainability, environmental soundness, social impact, and supporting society and democracy;
• Accountability: we take accountability seriously by providing opportunities for audits, minimizing and reporting negative impacts, carefully balancing interests, and providing remediation when necessary.

‍

Ethical AI Code of Conduct

Grassfeld adheres to an Ethical AI Code of Conduct based on ISO/IEC 27001 Security Standards, ensuring responsible AI development. Our commitment includes fairness, accountability, and transparency principles in AI operations.

Grassfeld maintains a strict Privacy and Cookie Policy with your data always remaining within our organization. Your data will not be sold or transferred to third parties. Our AI systems run on our own servers, and all testing and production work takes place internally. This means that your data is safe and only used by us to optimize the services we offer.

‍

Data Processing Measures

Grassfeld’s AI systems process data according to the National Artificial Intelligence Initiative Act, ensuring secure data handling practices. All data is anonymized before analysis to protect user privacy, and Grassfeld takes steps to minimize the risk of data misuse.

As a user, you are responsible for the data you provide to the application. Grassfeld has no direct access to your data. All information entered by you will remain private and controlled solely by you. When you choose to delete your account, all associated data is also deleted from our system. Any residual data that may remain in our learning mechanisms (LM) cannot be traced back to an individual.

Grassfeld applies the principles of “Privacy by Design” and “Security by Design”, ensuring that from the beginning of the development of our services, the protection of your privacy and information security is at the center. To use the application, only basic information is required, such as your login details. Any additional information is optional and can be added at your discretion.

‍

Data Security Protocols

Grassfeld’s security measures include:

• Encryption: all sensitive data is encrypted during storage and transmission.
• Data access controls: access to data is restricted to authorized personnel only.
• AI model training procedures: Grassfeld ensures that AI models are trained on anonymized data to prevent personal information from being used inappropriately.
• Incident response plan: in case of a data breach, we have a robust incident management plan in place.

Grassfeld offers a premium option where you can store documents and transactions without that data being used for data training. This option is designed specifically for users who want to maintain maximum control over their data. Smart technology (intelligence) will be added in the future. Premium customers will have the ability to automatically link transactions to documents and vice versa. Consider, for example, transactions automatically linked to a policy.

Security measures are proactively integrated into Grassfeld’s design. Cyberpartner MMOX receives threat information from a variety of sources. In the event of an incident, Grassfeld immediately escalates to the core team, isolates affected systems, and conducts forensic investigations. A 24/7 cyber team communicates according to laws and regulations. Further information can be found in the Security Policy.

‍

Incident Response Measures

Grassfeld ensures compliance with incident management best practices by following NIST CSF guidelines. Our 24/7 incident response team monitors threats, isolates affected systems, and ensures that any breach is managed in accordance with legal requirements.

This policy may be updated at any time to reflect legal, technical, or business changes. We encourage you to check this statement regularly to stay informed of any updates.

‍

Grassfeld uses clear communication channels such as email notifications, website pop-ups, or direct account notifications to inform users of significant policy changes in accordance with FTC Guidelines on Material Changes.