top of page

Trust, Privacy, and Ethical AI Policy

Introduction

At EQ SCOTi, we believe that emotional intelligence is the heartbeat of successful projects. However, intelligence without privacy is an intrusion. Our platform is built on the principle of Privacy-by-Design, ensuring that while we help your team grow, we never compromise the individual’s right to a safe and private workspace.

1. The "Zero-Training" Guarantee

We utilize the world’s most advanced AI foundation models, but we maintain a strict "one-way" data valve. Your data belongs to you.

  • No Model Training: Under our Data Processing Addendum (DPA), your project correspondence is never used to train, retune, or improve the base AI models for any other customer.

  • Transient Processing: Text is analyzed in a secure, siloed environment and is either encrypted or discarded immediately after the sentiment metadata is generated.

2. Aggregation, Not Surveillance

EQ SCOTi is a Team Development Tool, not a productivity tracker.

  • Focus on Dynamics: Our algorithms are engineered to detect collective "friction points" and "flow states" specifically focused on: Self Awareness, Self-Regulation, Motivation, Empathy and Social Skills.

  • Anonymisation by Default: Individual identity is decoupled from sentiment scores in all management-facing dashboards.  We report that "The team is experiencing high urgency," not that a specific individual is "stressed."

  • No Automated Decisions: In compliance with the EU AI Act and global labour laws, EQ SCOTi never makes automated employment decisions.  We provide insights; humans provide the leadership.

3. Our Commitment to Enterprise-Grade Compliance

We recognise that analysing team dynamics requires the highest levels of institutional trust.  While EQ SCOTi is built on top of SOC 2-compliant infrastructure, we are actively maturing our own platform-specific controls to meet and exceed global standards.

SOC 2 Type II: Our Compliance Roadmap

We have adopted a "Security-First" framework from day one. Rather than waiting to be "big enough," we are building our controls into our foundation today.

  • Current Status (Phase 1: Readiness): We have completed our internal gap analysis and implemented core technical controls, including Multi-Factor Authentication (MFA), role-based access, and centralized logging.

  • Maturity Milestone (Phase 2: Type I): We are currently documenting our formal policies (Access Control, Incident Response, and Data Retention) with the goal of achieving our SOC 2 Type I "point-in-time" certification by 2H26.

  • Enterprise Standard (Phase 3: Type II): Following our Type I, we will enter a 6-month observation period to prove the operational effectiveness of these controls for our Type II report

GDPR & Privacy-by-Design

As a small-scale agile team, we have the advantage of "baking in" privacy before our data footprint grows large. We are maturing our data lifecycle management as follows:

  • Data Mapping & Minimization: We have completed a comprehensive data inventory. We strictly limit the "surface area" of personal data we process—only analyzing what is necessary to provide team EQ insights.

  • Small-Scale Privacy Excellence: In compliance with GDPR's Article 25, we have implemented automated "transient processing" where raw communication text is deleted immediately after the sentiment metadata is generated.

  • Mature Governance (In Progress): We are currently formalizing our Data Protection Impact Assessment (DPIA) and refining our Data Subject Access Request (DSAR) workflows to ensure that even as a startup, we handle your rights with enterprise precision.

 

Transparency Note: Our current data management is in the "Defined" stage of maturity. This means our processes are documented and repeatable, and we are moving toward the "Managed" stage through automated compliance monitoring.

Ethical AI & The EU AI Act

As a "Limited Risk" AI application focused on communication clarity, we are proactively aligning with the EU AI Act (2026):

  • Transparency Logs: We maintain detailed audit logs of how the AI interacts with your data.

  • Human Oversight: Our system is engineered to require human intervention for any significant team-wide feedback, ensuring we remain a "Human-in-the-Loop" solution.

4.  Our Commitment to Transparency: The EQ SCOTi Trust Center Roadmap

We believe that trust is earned through transparency, not just certifications. We are currently in the active planning and architecture phase of our dedicated Live Trust Centre—a centralised hub that will provide our partners with real-time visibility into our security posture.

What to Expect in Our Upcoming Trust Centre:

  • On-Demand Documentation: Seamless access to our latest whitepapers, SOC 2 bridge letters, and architectural diagrams.

  • Real-Time Compliance Monitoring: A live dashboard showing the health of our security controls.

  • Automated NDA Workflow: One-click access to sensitive security evaluations to speed up your procurement process.

In the Meantime: Get the "Security Preview"

While we build out the automated portal, we remain fully committed to supporting your due diligence today.

  • Request a Security Packet: If you are currently evaluating EQ SCOTi, our team can manually provide a curated folder containing our current Data Processing Addendum (DPA), our Privacy Impact Assessment (PIA), and our Infrastructure Security Overview.

  • Direct Inquiry: Have a specific security questionnaire? Our compliance lead is available to walk your IT team through our roadmap.

bottom of page