SupaProxyby Numstack
Governance

AI Policy

How SupaProxy uses AI and our commitments as an AI-driven product.

Last updated 30 April 2026

SupaProxy is an AI operations platform. AI is central to what we build and how we build it. This policy explains how we use AI, what we commit to, and what you can expect.

How your data flows through AI

SupaProxy routes queries between your users and AI models through a governed layer. The flow is:

  • A user sends a message through a configured channel (Slack, API, etc.)
  • SupaProxy applies your configured guardrails (PII redaction, prompt injection detection)
  • The processed query is sent to the configured AI provider
  • The AI provider returns a response
  • SupaProxy logs conversation metadata (tokens, cost, duration) and delivers the response

Our data commitments

  • We do not train AI models on your data
  • We do not use your conversations to improve our product without consent
  • We do not share your data with third parties beyond what is needed to process your queries
  • We do not use your data for advertising, profiling, or selling

Conversation analysis

When a conversation closes, SupaProxy generates analytics including sentiment score, category, resolution status, summary, and knowledge gap detection. This analysis is performed on your conversation data and stored within your organisation. It can be disabled per workspace.

How we use AI to build SupaProxy

We use AI tools in our development process:

  • AI coding assistants help write, review, and refactor code
  • Documentation is written with AI assistance and reviewed by humans
  • Customer data is never used in development or testing

Guardrails and safety

SupaProxy provides configurable guardrails between your users and AI models:

  • PII redaction: detects and removes personal information before it reaches the AI
  • Prompt injection detection: identifies attempts to manipulate AI behaviour
  • Content filtering: block queries that match rules you define
  • Cost controls: set spending limits to prevent unexpected charges
  • Audit trail: every interaction is logged for compliance and review

You configure the guardrails appropriate for your use case and regulatory requirements.

AI model outputs

AI models can produce incorrect, biased, or harmful outputs. SupaProxy does not guarantee the accuracy or appropriateness of AI responses. You are responsible for:

  • Evaluating whether AI responses are appropriate for your use case
  • Configuring guardrails to mitigate risks specific to your domain
  • Monitoring conversation quality through the dashboard
  • Maintaining human oversight where AI is used for sensitive decisions

Our commitments

  • We will notify you before making material changes to how AI is used in the platform
  • We will never train models on your data without explicit, separate consent
  • We will document any automated decision-making that affects your account
  • We will keep our security and architecture practices transparent

Changes to this policy

We may update this policy as AI technology and regulations evolve. Material changes will be communicated with 30 days notice.

Contact

Questions about our AI practices? Email numstackdev@gmail.com.