Where AI is used
The client platform uses GPT-5 family models for contract analysis, contract comparison, negotiation support, cyber-risk analysis, tabletop exercises, and related decision-support workflows. AI functionality is delivered through OpenRouter, which routes each request to a compatible model endpoint.
What is sent for processing
Depending on the tool, a request can contain extracted contract text, user-entered descriptions, selected perspectives, organization instructions, risk inputs, prior output needed for a follow-up task, and a system prompt defining the requested analysis. The application does not intentionally send account passwords or authentication cookies to AI providers.
Provider retention controls
Every application request uses OpenRouter provider preferences that require zero-data-retention routing and deny providers that collect request content. If no compatible endpoint satisfies those controls, the request can fail rather than route to a less restrictive provider.
OpenRouter states that it retains request metadata such as model, token counts, and latency, while prompt and response content is not logged by default. OpenRouter and model-provider practices can change, so EdgePoint reviews these controls when providers or models change.
What EdgePoint stores
Zero-data-retention routing applies to external AI processing. It does not mean the EdgePoint client platform stores nothing. The platform can retain uploaded files used for redlining, saved analyses, comparison results, risk analyses, file metadata, and generated outputs so authorized users can retrieve or delete them. See the Data Retention and Deletion Policy.
Human review and limitations
AI outputs are probabilistic and can contain errors, omissions, or invented details. Contract, risk, negotiation, and security outputs require review by a qualified person with the relevant business and professional context. The platform does not provide legal advice, make autonomous commitments, or replace an audit or professional judgment.
Questions and customer requirements
Customers with specific processing, geographic, provider, or contractual requirements should contact [email protected] before submitting regulated or highly sensitive content. Additional requirements should be documented in a signed agreement or data processing addendum.