FT Faaz Technology Solutions
Legal

AI & Data Use Policy

How we build, deploy, and govern AI capabilities in our products and services.

Effective date: 12 June 2026

Faaz Technology Solutions Pvt Ltd (“Faaz”) develops AI-enabled features for enterprise clients — including intelligent automation, document processing, workflow copilots, and retrieval-augmented generation (RAG) over business data. This AI & Data Use Policy describes our principles and contractual practices. It supplements our Privacy Policy, Product Terms, and Data Processing Addendum.

1. Scope

This policy applies to AI features delivered in:

  • Apps4x Platform and custom applications built on it
  • Professional services engagements involving machine learning, LLMs, or intelligent agents
  • Internal Faaz tools used to support client systems (subject to confidentiality and access controls)

It does not govern third-party AI products used independently by clients outside Faaz deliverables.

2. Our Principles

  • Client control: Clients decide which data sources are connected to AI features and who may use them
  • Purpose limitation: Client data is used to deliver contracted functionality, not to train public foundation models, unless explicitly agreed in writing
  • Transparency: We document when AI assists a workflow and what categories of data may be processed
  • Security by design: AI integrations follow our Security & Compliance standards
  • Human oversight: High-impact decisions should include appropriate human review as defined in the engagement

3. Types of AI Capabilities

Automation and classification

Rules-based and model-assisted routing, categorisation, and data extraction within defined business processes.

Copilots and assistants

Natural-language interfaces that help users query approved business data, draft content, or navigate workflows.

RAG over enterprise knowledge

Retrieval from client-authorised documents, databases, or knowledge bases to ground model responses in organisation-specific context.

Integration with external model providers

Where used, calls to third-party LLM APIs are configured to minimise data exposure, apply enterprise agreements where available, and disable provider training on client content unless contractually permitted.

4. Data Use

Unless otherwise agreed in writing:

  • Client data submitted to AI features is processed to perform the requested function
  • Faaz does not use Client Data to train general-purpose AI models for unrelated products
  • Logs may retain prompts, outputs, and metadata for audit, support, and security for a limited period defined in the Agreement
  • Clients should avoid submitting unnecessary sensitive personal data to AI features unless required and authorised

Specific data flows, retention, and subprocessors are listed in the Data Processing Addendum and SOW.

5. Accuracy and Limitations

AI outputs may be incomplete, outdated, or incorrect. Users must validate results before relying on them for legal, financial, HR, compliance, or safety-critical decisions. Faaz does not guarantee that AI-generated content is error-free or suitable for a particular purpose.

For regulated domains — including ZATCA e-invoicing, payroll, and government reporting — automated suggestions do not replace official systems of record or professional review unless explicitly designed and accepted as part of the solution.

6. Client Responsibilities

Clients are responsible for:

  • Lawful basis to process personal data through AI features
  • User training and access policies
  • Configuring which data sources and actions AI may access
  • Monitoring outputs in production and reporting issues to Faaz support
  • Compliance with applicable AI and data protection regulations in their jurisdiction

7. Subprocessors and Cross-Border Processing

AI features may rely on cloud infrastructure and model APIs. Subprocessors are engaged under written agreements with security and confidentiality obligations. Cross-border processing is addressed in the Data Processing Addendum.

8. Incident Response

Suspected misuse, prompt injection, data leakage, or model abuse should be reported to security@faaztechsolutions.com. Faaz will investigate in accordance with our security incident procedures and contractual breach notification terms.

9. Updates to AI Features

We may update models, prompts, and integrations to improve quality and security. Material changes affecting data handling will be communicated through release notes, the Agreement, or direct client notification where appropriate.

10. Contact

AI governance questions: privacy@faaztechsolutions.com
Security incidents: security@faaztechsolutions.com