Responsible AI Framework

Datafi Labs, Inc. (“Datafi,” “we,” “our,” or “us”) is committed to the responsible development, deployment, and use of artificial intelligence across our products and services, including Studio, Control Tower, Sentinel, and Orchestrate (collectively, the “Platform”). This Responsible AI Framework (“Framework”) articulates the principles, governance structures, and operational practices that guide how we build, evaluate, and monitor AI-powered capabilities within the Datafi ecosystem.

As an enterprise data intelligence company, we recognize that the AI systems embedded in our Platform have a direct impact on how organizations make decisions, manage data, and govern information assets. We take that responsibility seriously. This Framework is a living document that evolves alongside advances in AI technology, emerging regulations, and the expectations of our customers, employees, and the broader community.

1. Our Commitment to Responsible AI

Datafi believes that artificial intelligence should augment human judgment, not replace it. Our commitment to responsible AI is grounded in the understanding that trust is the foundation of every customer relationship we build. We design AI systems that are transparent in their operation, fair in their outcomes, protective of individual privacy, and subject to meaningful human oversight at every stage.

This commitment extends across the entire AI lifecycle, from initial research and data collection through model training, validation, deployment, monitoring, and eventual retirement. Every team at Datafi, whether in engineering, product, data science, customer success, or leadership, shares responsibility for upholding the principles outlined in this Framework.

We do not pursue AI capabilities merely because they are technically possible. Every AI feature in the Datafi Platform must demonstrate a clear benefit to our users, operate within well-defined ethical boundaries, and be subject to ongoing evaluation. Where risks are identified, we take a precautionary approach, choosing to delay or decline deployment rather than compromise the safety, rights, or dignity of the people our technology affects.

2. Core Principles

The following six principles serve as the ethical foundation for all AI-related work at Datafi. They inform our product decisions, engineering practices, vendor evaluations, and customer engagements.

2.1 Fairness and Non-Discrimination

Datafi is committed to building AI systems that produce equitable outcomes and do not discriminate against individuals or groups based on race, ethnicity, gender, age, religion, disability, sexual orientation, national origin, socioeconomic status, or any other protected characteristic. We actively work to identify, measure, and mitigate bias at every stage of model development, from training data selection through output evaluation.

Our fairness practices include conducting disparate impact analyses, stress-testing models against diverse population segments, and employing multiple fairness metrics to evaluate performance across subgroups. When our systems are used to process or analyze data that may relate to individuals, we design safeguards to prevent discriminatory patterns from being amplified or perpetuated.

2.2 Transparency and Explainability

We believe that users of AI systems deserve to understand how those systems work and why they produce particular results. Datafi is committed to making our AI capabilities as transparent and explainable as possible, appropriate to the context and audience.

For our customers, this means providing clear documentation of what our AI features do, what data they use, how they generate outputs, and what their known limitations are. Where our Platform employs machine learning models to surface recommendations, classify data, detect anomalies, or automate workflows, we strive to provide explanations that are accessible, meaningful, and actionable. Users should never be left guessing about whether they are interacting with an AI system or how an AI-generated result was derived.

For further details on how AI features operate within the Platform, please refer to our AI Terms of Service.

2.3 Privacy and Data Protection

Privacy is a fundamental right, and protecting it is a core design requirement for every AI system we build. Datafi adheres to the principles of data minimization, purpose limitation, and storage limitation in all AI-related data processing. We collect and use only the data that is necessary for the specific AI function, we process it only for the stated purpose, and we retain it only for as long as required.

Our AI systems are designed to operate within the strict data governance boundaries established in our Privacy Policy. Customer Data is never used to train general-purpose AI models shared across customers unless the customer has provided explicit, informed consent. We employ technical safeguards including encryption, differential privacy techniques, data anonymization, and access controls to protect personal information throughout the AI pipeline.

When third-party AI models or services are integrated into the Platform, we conduct thorough privacy assessments and impose contractual obligations to ensure that customer data is handled in accordance with our privacy standards and applicable data protection laws.

2.4 Safety and Security

AI systems must be safe, reliable, and resilient. Datafi designs its AI capabilities with defense-in-depth security principles, ensuring that models cannot be easily manipulated, poisoned, or exploited. We conduct adversarial testing, red-teaming exercises, and robustness evaluations to identify and address vulnerabilities before deployment.

Our safety practices include implementing input validation and output filtering, monitoring for model drift and performance degradation, establishing fallback mechanisms when AI systems encounter edge cases or operate outside their intended scope, and maintaining the ability to rapidly disable any AI feature in production. We design AI systems to fail gracefully, defaulting to safe states that protect users and data when unexpected conditions arise.

2.5 Human Oversight and Control

Datafi firmly believes that humans must retain meaningful control over AI systems, especially in contexts where AI outputs influence significant decisions. We design our AI features with human-in-the-loop and human-on-the-loop mechanisms that allow users to review, override, and correct AI-generated outputs before they take effect.

No AI system in the Datafi Platform makes consequential decisions autonomously without the opportunity for human review. Users always have the ability to understand what the AI recommends, why it recommends it, and to accept, modify, or reject that recommendation. We provide clear controls that allow customers to configure the level of AI automation appropriate for their organizational context and risk tolerance.

2.6 Accountability

Datafi accepts responsibility for the AI systems we develop and deploy. Accountability means that clear lines of ownership exist for every AI capability, that decisions about AI design and deployment are documented and traceable, and that there are defined processes for addressing errors, harms, or unintended consequences.

We maintain comprehensive audit trails of AI system behavior and decision-making processes. When our AI systems produce incorrect or harmful outputs, we are committed to transparent acknowledgment, prompt remediation, and honest communication with affected stakeholders. Accountability is not just about responding to problems after they occur; it is about proactively creating the structures, incentives, and culture that prevent problems from arising in the first place.

3. Governance Structure

Responsible AI requires dedicated governance. Datafi has established a multi-layered governance structure to ensure that ethical considerations are embedded in every phase of AI development and deployment.

3.1 AI Ethics Committee

Datafi’s AI Ethics Committee is a cross-functional body composed of senior leaders from engineering, product management, data science, legal, compliance, security, and customer success. The Committee is chaired by a designated Responsible AI Lead who reports directly to the executive leadership team.

The AI Ethics Committee is responsible for:

• Setting and updating the strategic direction of Datafi’s responsible AI initiatives
• Reviewing and approving high-risk AI use cases before development or deployment
• Evaluating the ethical implications of new AI capabilities, partnerships, and data sources
• Adjudicating escalated concerns, complaints, or incidents related to AI ethics
• Commissioning internal and external audits of AI systems
• Monitoring the evolving regulatory landscape and recommending policy updates
• Publishing periodic transparency reports on Datafi’s AI practices

3.2 Review Processes

Every AI feature or model that will be deployed into the Datafi Platform must undergo a structured review process before release. This process includes a technical review assessing model performance, robustness, and reliability; an ethical review evaluating fairness, bias, transparency, and privacy implications; a security review identifying potential vulnerabilities and attack vectors; and a legal review confirming compliance with applicable laws and contractual obligations.

Reviews are proportionate to risk. Features classified as high-risk, such as those that process personal data, influence access controls, or generate recommendations that may affect business-critical decisions, require full AI Ethics Committee review. Lower-risk features follow a streamlined review process with sign-off from designated responsible AI champions embedded within engineering teams.

4. Risk Assessment and Management

Datafi employs a systematic approach to identifying, evaluating, and mitigating risks associated with AI systems. Our risk management practices are aligned with international frameworks including the NIST AI Risk Management Framework (AI RMF) and the risk classification methodology established by the EU AI Act.

4.1 AI Impact Assessments

Before any new AI capability enters development, we conduct an AI Impact Assessment (AIA) that evaluates the potential effects of the system on individuals, organizations, and society. The AIA examines:

• Intended use and scope: What the AI system will do, who will use it, and what decisions it will inform
• Data requirements: What data will be collected, processed, and stored, including any personal or sensitive data
• Fairness implications: Whether the system could produce disparate outcomes for different groups
• Privacy impact: How the system affects individual privacy rights, aligned with the data protection measures described in our Privacy Policy
• Safety considerations: What could go wrong, including worst-case scenarios and failure modes
• Societal impact: Broader implications for labor, accessibility, environmental sustainability, and public trust
• Reversibility: Whether decisions made or influenced by the AI system can be undone or corrected

4.2 Risk Classification

Based on the AIA, each AI capability is classified into one of four risk tiers: minimal, limited, high, or unacceptable. Unacceptable-risk applications, such as social scoring, manipulative AI, or systems that exploit vulnerable populations, are prohibited outright. High-risk applications are subject to the most rigorous governance, testing, and monitoring requirements. This tiered approach allows us to allocate oversight resources proportionately while maintaining a consistent ethical baseline across all AI capabilities.

5. Bias Detection and Mitigation

Bias in AI systems can arise from many sources: historical data that reflects past inequities, unrepresentative training samples, flawed feature selection, biased labeling practices, or feedback loops that amplify existing disparities. Datafi takes a comprehensive, multi-stage approach to bias detection and mitigation.

Pre-development: We assess training data for representativeness, label quality, and historical biases before model development begins. Datasets are curated and augmented as needed to improve balance and diversity.

During development: We employ fairness-aware machine learning techniques, including bias-corrected loss functions, equalized odds constraints, and counterfactual fairness testing. Models are evaluated against multiple fairness metrics, recognizing that no single metric captures all dimensions of fairness.

Post-deployment: We continuously monitor model outputs for drift and emergent bias using automated alerting systems. When bias is detected, we have established remediation protocols that may include model retraining, threshold adjustment, feature modification, or temporary feature suspension pending investigation.

We also recognize that bias is not solely a technical problem. We invest in training our teams to recognize cognitive and organizational biases that can influence AI design decisions, and we seek diverse perspectives throughout the development process.

6. Model Development and Evaluation Practices

Datafi follows rigorous engineering practices for the development, testing, and evaluation of AI models. These practices are designed to ensure that our models are accurate, reliable, robust, and aligned with the principles described in this Framework.

• Data quality and provenance: We maintain detailed records of all datasets used in model training, including their sources, collection methods, preprocessing steps, and known limitations. Data provenance is tracked to ensure reproducibility and auditability.
• Rigorous testing: Models are tested against held-out datasets, adversarial inputs, and real-world scenarios before deployment. We employ unit tests, integration tests, stress tests, and regression tests to validate model behavior across a wide range of conditions.
• Performance benchmarking: We establish clear performance baselines and thresholds for every model. Models that fail to meet minimum accuracy, precision, recall, or fairness benchmarks are not deployed.
• Version control and reproducibility: All models, training configurations, and evaluation results are version-controlled. We maintain the ability to reproduce any model at any point in its lifecycle and to roll back to previous versions if issues are identified.
• Documentation: Every deployed model is accompanied by a model card that documents its intended use, training data, performance characteristics, known limitations, and ethical considerations.
• Third-party models: When we integrate third-party AI models or foundation models into the Platform, we conduct thorough evaluations of their performance, safety, and alignment with our principles. Third-party models are held to the same standards as internally developed models, and our obligations regarding their use are detailed in our AI Terms of Service.

7. Human-in-the-Loop Design

Datafi designs AI features with the principle that humans should remain at the center of decision-making. Our human-in-the-loop approach ensures that AI augments human capability rather than supplanting human judgment, particularly in high-stakes or ambiguous situations.

In practice, this means:

• Review before action: AI-generated recommendations, classifications, and insights are presented to users for review before any consequential action is taken. Users are empowered to accept, modify, or reject AI outputs.
• Configurable automation levels: Customers can configure the degree of AI automation within the Platform, choosing between fully manual workflows, AI-assisted workflows with human approval gates, and supervised automation with exception handling.
• Clear AI indicators: Wherever AI-generated content or recommendations appear in the Platform, they are clearly labeled as such, so users can distinguish between AI outputs and human-generated information.
• Override and correction mechanisms: Users can override any AI decision and provide feedback that is used to improve model performance over time. Correction workflows are designed to be intuitive and low-friction.
• Escalation paths: When AI systems encounter situations that fall outside their confidence thresholds or intended scope, they automatically escalate to human review rather than proceeding with low-confidence outputs.

8. Data Governance for AI

Sound data governance is the foundation of responsible AI. Datafi maintains comprehensive data governance practices that ensure the data powering our AI systems is collected ethically, managed responsibly, and used appropriately.

• Data minimization: We collect and process only the data that is necessary for the specific AI function. We do not accumulate data speculatively or retain it beyond its useful life.
• Purpose limitation: Data collected for one purpose is not repurposed for unrelated AI applications without appropriate consent or legal basis.
• Customer data boundaries: Customer Data is logically and cryptographically isolated between tenants. One customer’s data is never used to train models that serve another customer, and Customer Data is not used to improve our general AI models without explicit, informed customer consent.
• Data retention and deletion: AI training data and model artifacts are subject to the same retention policies and deletion procedures that govern all data in the Datafi Platform, as described in our Privacy Policy.
• Synthetic and anonymized data: Where possible, we use synthetic or anonymized data for model development and testing to minimize privacy risks.
• Data access controls: Access to AI training data and model artifacts is restricted to authorized personnel on a need-to-know basis, with all access logged and auditable.

9. Monitoring and Continuous Improvement

Deploying an AI system is not the end of our responsibility; it is the beginning of an ongoing commitment to monitoring, evaluation, and improvement. Datafi operates continuous monitoring systems that track the performance, fairness, safety, and reliability of all deployed AI capabilities.

Our monitoring practices include:

• Performance monitoring: Real-time tracking of model accuracy, latency, error rates, and throughput to ensure AI systems continue to meet performance benchmarks in production.
• Drift detection: Automated systems that detect data drift and concept drift, alerting our teams when the statistical properties of input data or the relationship between inputs and outputs change in ways that may degrade model performance.
• Fairness monitoring: Ongoing analysis of model outputs across demographic and organizational segments to detect emergent bias or disparate impact.
• Incident response: A defined incident response process for AI-related issues, including severity classification, root cause analysis, remediation, and post-incident review. Critical AI incidents are reported to the AI Ethics Committee within 24 hours.
• Feedback loops: User feedback, correction data, and support interactions are systematically analyzed to identify opportunities for model improvement and to surface potential issues that automated monitoring may miss.
• Periodic re-evaluation: All deployed AI models undergo scheduled re-evaluations at least annually, or more frequently for high-risk applications, to confirm that they continue to meet performance, fairness, and safety standards.

10. Stakeholder Engagement

Responsible AI cannot be developed in isolation. Datafi is committed to engaging with a broad range of stakeholders, including our customers, employees, regulators, academic researchers, civil society organizations, and the communities affected by AI technology, to ensure that our AI practices reflect diverse perspectives and address real-world concerns.

Our engagement activities include:

• Customer collaboration: We work closely with customers to understand their AI governance needs, provide transparency about how AI features work within the Platform, and incorporate customer feedback into our responsible AI roadmap.
• Employee education: All Datafi employees receive training on responsible AI principles, and specialized training is provided to team members who design, develop, deploy, or manage AI systems.
• Industry participation: Datafi actively participates in industry consortia, standards bodies, and working groups dedicated to advancing responsible AI practices and establishing shared norms.
• Research partnerships: We collaborate with academic institutions and research organizations to advance the state of the art in AI fairness, explainability, safety, and governance.
• Public transparency: We are committed to publishing periodic updates on our responsible AI practices, including this Framework, and to being open about the challenges we face and the progress we make.

11. Regulatory Compliance

Datafi is committed to complying with all applicable laws and regulations governing the development and use of artificial intelligence. We actively monitor the evolving global regulatory landscape and adapt our practices to meet or exceed legal requirements in every jurisdiction where we operate.

Our compliance efforts are informed by and aligned with the following key frameworks:

• EU Artificial Intelligence Act (EU AI Act): We have adopted the EU AI Act’s risk-based classification framework as a foundational element of our AI governance. Our AI Impact Assessments, risk tiering, documentation requirements, and human oversight mechanisms are designed to meet the obligations established for providers and deployers of AI systems under the Act, including requirements for high-risk AI systems.
• NIST AI Risk Management Framework (AI RMF): Our risk assessment and management practices are aligned with the NIST AI RMF’s core functions of Govern, Map, Measure, and Manage. We use the framework’s guidance to structure our identification of AI risks, measurement of AI system trustworthiness, and management of identified risks throughout the AI lifecycle.
• Data protection regulations: Our AI data practices comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the CPRA, and other applicable data protection laws. Details about our data protection compliance are available in our Privacy Policy.
• Sector-specific requirements: For customers operating in regulated industries such as financial services, healthcare, and government, we provide additional documentation, controls, and compliance support to help them meet sector-specific AI governance requirements.

We recognize that AI regulation is rapidly evolving. We maintain a regulatory monitoring program to track emerging legislation, guidance, and enforcement actions, and we update our practices accordingly to ensure continued compliance.

12. Reporting Concerns

Datafi encourages anyone, including employees, customers, partners, and members of the public, to report concerns about the ethical behavior, fairness, safety, or compliance of our AI systems. We take every report seriously and are committed to investigating and addressing concerns promptly and thoroughly.

Concerns may be reported by contacting our AI Ethics team at [email protected]. All reports will be acknowledged within five business days and investigated by the AI Ethics Committee or its designated representatives. We do not tolerate retaliation against anyone who reports a concern in good faith.

When investigations reveal issues that require remediation, we will take appropriate corrective action, which may include modifying or disabling affected AI features, notifying impacted users, and implementing safeguards to prevent recurrence. For concerns related to data privacy, please also refer to the contact mechanisms described in our Privacy Policy.

13. Review and Updates

This Framework is a living document. Datafi reviews and updates it at least annually, or more frequently in response to significant changes in our AI capabilities, the regulatory environment, industry best practices, or stakeholder expectations.

When material changes are made to this Framework, we will update the “Effective date” at the top of this page and, where appropriate, notify our customers through the Platform or via email. Previous versions of this Framework are archived and available upon request.

We welcome feedback on this Framework from all stakeholders. To share your thoughts, suggestions, or questions, please contact us at [email protected].