The AI systems we use and how we govern them.
We govern our AI systems under the EU AI Act and recognized global frameworks (ISO 42001, NIST AI RMF). Each system below is risk-classified, and high-risk systems are subject to human oversight, documentation, and ongoing monitoring.
Custom named-entity-recognition model that detects and anonymizes personal information (244 entity types, 92% F1) before data reaches downstream AI systems.
Runtime LLM proxy that enforces PII redaction (via Shielk), model allow-lists, prompt-injection / jailbreak guardrails, and per-org spend budgets before forwarding to the model provider.
Deterministic EU AI Act risk-tier classifier (prohibited / high / GPAI / limited / minimal) based on curated rules — no LLM.
Claude-powered Canadian privacy-compliance assistant answering user questions grounded in a curated legal corpus via retrieval-augmented generation.
Drafts privacy and AI-governance documents (privacy policy, DPA, Annex IV, FRIA, model card) grounded only in the org's registry data, with an anti-hallucination guard.
Hybrid semantic + keyword retrieval (BGE-M3 embeddings + pgvector) over a curated corpus of Canadian privacy law and regulator enforcement decisions.
Last updated 2026-07-13.