Skip to main content
CompetitorX.

Responsible AI · 12 non-negotiables

The things we won't trade away to win.

Responsible AI gets a page on every consulting site. Most of them say nothing. Ours is a list of twelve things we do on every engagement and a thirteenth that says we will walk away rather than compromise them. If your procurement team wants evidence, the Shield-tier audit produces it.

  1. 01

    Consent before collection

    No data enters our systems without a traceable consent event. DPDPA-aligned consent capture on every ingest path, revocable at any time.

  2. 02

    Purpose-bound processing

    Data flows are tagged with a named purpose. Secondary use requires a new consent or a documented legitimate-interest assessment.

  3. 03

    Residency you control

    Default: India (ap-south-1, Mumbai). We name the region in the charter, never surprise you with a US-region default.

  4. 04

    Model-choice transparency

    Every engagement lists the models used, their hosting location, and whether your data leaves your perimeter. TALPRO-IQ 8-axis matrix is a standard deliverable.

  5. 05

    Bias testing before production

    We run bias probes on every user-facing model against protected attributes relevant to the use case. Report is in the charter, not a separate add-on.

  6. 06

    Human-in-the-loop by default

    High-stakes outputs (hiring, credit-adjacent, safety) ship behind human review unless the client explicitly takes ownership of full automation.

  7. 07

    Audit trail on every decision

    Every inference is logged with prompt, retrieval context, model version, and output. Default retention 180 days, adjustable per charter.

  8. 08

    Prompt-injection defence

    Input sanitisation, retrieval trust levels, and output-side output filters as standard. Shield-tier audit covers the penetration-test set.

  9. 09

    PII minimisation

    Inputs that carry PII are redacted at the ingest layer before they reach the model. We don't send raw PII to third-party inference endpoints unless the charter explicitly allows it and you've signed off on DPA.

  10. 10

    Drift + hallucination monitoring

    Pulse-tier observability catches silent degradation. For non-Pulse clients we install a baseline eval harness and hand over the runbook.

  11. 11

    Off-boarding on your terms

    When an engagement ends, we hand over the training data, eval set, models, and operational runbooks. No lock-in. Our reputation is the moat, not your dependency.

  12. 12

    We say no

    Some problems should not be automated. If your use case fails our internal gate (weapons, surveillance of protected classes, election-targeting), we decline — on the record, with the reasoning.

Frameworks we align to

  • DPDPA 2023 — India's Digital Personal Data Protection Act. Primary framework.
  • EU AI Act — applied when the product serves EU users or is built for EU deployment.
  • NIST AI RMF 1.0 — US-procurement-friendly risk management framework used in Build and Shield tiers.
  • SOC 2 Type II — operational-controls reference for Build-tier engagements. We don't issue the certification; your auditor does. We prepare you for it.

Need evidence for your board or DPO?

Shield is a 3-week audit with a written report and remediation roadmap. ₹3L · starts any Monday.

See Shield →