// AI transparency

AI Data Processing

A plain-language explanation of what the client platform sends to AI providers, what returns, and which controls apply.

Public trust documentLast updated July 10, 2026

Questions can be sent to [email protected].

Where AI is used

The client platform uses GPT-5 family models for contract analysis, contract comparison, negotiation support, cyber-risk analysis, tabletop exercises, and related decision-support workflows. AI functionality is delivered through OpenRouter, which routes each request to a compatible model endpoint.

What is sent for processing

Depending on the tool, a request can contain extracted contract text, user-entered descriptions, selected perspectives, organization instructions, risk inputs, prior output needed for a follow-up task, and a system prompt defining the requested analysis. The application does not intentionally send account passwords or authentication cookies to AI providers.

Customer responsibility: Submit only content your organization is authorized to process with an external AI service. Remove information that is not needed for the requested analysis.

Provider retention controls

Every application request uses OpenRouter provider preferences that require zero-data-retention routing and deny providers that collect request content. If no compatible endpoint satisfies those controls, the request can fail rather than route to a less restrictive provider.

OpenRouter states that it retains request metadata such as model, token counts, and latency, while prompt and response content is not logged by default. OpenRouter and model-provider practices can change, so EdgePoint reviews these controls when providers or models change.

What EdgePoint stores

Zero-data-retention routing applies to external AI processing. It does not mean the EdgePoint client platform stores nothing. The platform can retain uploaded files used for redlining, saved analyses, comparison results, risk analyses, file metadata, and generated outputs so authorized users can retrieve or delete them. See the Data Retention and Deletion Policy.

Human review and limitations

AI outputs are probabilistic and can contain errors, omissions, or invented details. Contract, risk, negotiation, and security outputs require review by a qualified person with the relevant business and professional context. The platform does not provide legal advice, make autonomous commitments, or replace an audit or professional judgment.

Questions and customer requirements

Customers with specific processing, geographic, provider, or contractual requirements should contact [email protected] before submitting regulated or highly sensitive content. Additional requirements should be documented in a signed agreement or data processing addendum.