# AI Delivery Policy **[BRAND_NAME] is an AI-first consulting firm.** Most of our services are delivered through autonomous AI agents with human quality review. This page explains exactly what that means and the safeguards we maintain. ## What we use AI for - **Outbound prospecting:** AI personalizes cold emails using publicly available enrichment data - **Voice qualification:** AI voice agents call inbound prospects and qualify fit - **Discovery interviews:** AI voice agents conduct 20-30 minute structured interviews with you and your team during the audit phase - **Deliverable generation:** AI synthesizes interview transcripts, uploaded artifacts, and public data into your AI Opportunity Map - **Implementation:** Implementations we deploy for you (voice agents, chatbots, workflow automations) are themselves AI ## What we always disclose - **AI identity:** Every AI call opens with: "I'm an AI assistant calling on behalf of [BRAND_NAME]." No exceptions. - **Recording:** Every AI call discloses recording at the start. Recordings are retained 30 days unless engagement is active. - **Opt-out:** You can stop or transfer to a human teammate at any time during any AI interaction. ## What humans do - Quality review of every audit deliverable before it reaches you - Strategy and judgment calls that AI is not yet reliable for - Final scope and pricing on implementation engagements - Direct response to escalations, complaints, and edge cases - Compliance review on every engagement involving regulated data ## What AI does NOT do without human review - Sign or modify legal agreements - Make pricing decisions outside published menu - Promise specific revenue or performance outcomes - Process Protected Health Information (PHI) without a signed BAA and additional human gating - Take destructive actions on your systems ## How we handle errors AI agents may occasionally produce inaccurate information ("hallucinations"). When discovered: - We correct the error and re-deliver any affected deliverable at no charge - We flag the failure mode in our internal logs to improve prompts and pipelines - For material errors that affect your decision making, we'll proactively notify you ## Compliance - **FCC AI-voice rule (2024):** Mandatory AI disclosure on every call. - **TCPA:** B2B landlines only on cold outbound dial. Cells and consumer numbers require prior express written consent. - **A2P 10DLC:** Brand and campaign registered before any SMS. - **CAN-SPAM:** Physical address and one-click unsubscribe on every commercial email. - **GDPR / CCPA:** Data export and deletion endpoints in client portal. - **HIPAA:** Engagements involving PHI require a signed BAA and use a separate, BAA-eligible LLM provider tier. - **SOC 2:** We are pursuing SOC 2 Type II certification. ## Data handling - All client data encrypted at rest (AES-256) and in transit (TLS 1.3). - Per-client data isolation via row-level security. - Zero credential handover required for any standard engagement. We integrate via OAuth-scoped tokens or service accounts you provision. - No co-mingled training: your data is not used to train any model. ## Questions [BRAND_EMAIL]