Trust & Security

Responsible AI

We build AI for environments where a wrong answer has real consequences. These are the principles and practices that shape how we design, deploy, and secure it.

Responsible AI is not a marketing layer for us — it is how our systems are engineered. Our own AI governance platform, AXON, exists precisely to make AI auditable and defensible. The principles below apply across everything we build.

Our principles

Human-in-the-loop

For consequential decisions, AI prepares, checks, and recommends — people decide. We design clear approval boundaries rather than unsupervised autonomy.

Source-grounding & traceability

Outputs are grounded in approved sources and are traceable back to them, so a reviewer can see why a system produced what it did.

Determinism where it matters

Governance, scoring, and safety logic are deterministic code, not another model marking its own work — reproducible and testable.

Data minimisation & isolation

We collect only what a task needs, and support in-environment, zero-exfiltration deployments — on-premises, private cloud, or air-gapped — where required.

Security by design

Encryption in transit, least-privilege access, and audit trails are designed in from the start, not added afterwards.

Transparency & accountability

We tell you what a system can and cannot do, what is real versus aspirational, and where the risks are. We stay accountable after launch.

Standards we align to

We engineer our governance and assurance work to support widely recognised frameworks, including:

  • NIST AI Risk Management Framework — structured identification and management of AI risk.
  • ISO/IEC 42001 — AI management system practices.
  • EU AI Act — risk-based obligations for AI systems.
  • India's DPDP Act, 2023 — lawful, consent-based handling of personal data.

Alignment means our systems are built to help organisations meet these expectations; it is not a claim of formal certification on your behalf.

How we handle data in engagements

  • We do not train foundation models on your confidential data without your explicit agreement.
  • We support data-residency, isolation, and on-premises or air-gapped options for sensitive environments.
  • We keep a clear record of how data flows through a system, so it can be reviewed and audited.
  • Access to your data is limited to those who need it, under least-privilege controls.

Reporting a concern

If you believe one of our systems is behaving unexpectedly, or you have a question about how we handle data or AI safety, contact us at hello@xsdatafactory.com. We take such reports seriously.

Specific controls, standards alignment, and deployment options are agreed per engagement and described in the relevant project documentation and contract.