Commitment to Responsible AI Use

This page was last updated on 05/13/2025.

At Crosswise, we understand that financial institutions require the highest standards of security and data protection. Our approach to artificial intelligence (AI) reflects this understanding through transparent policies and robust safeguards. We also understand that the AI landscape continues to evolve rapidly, and so do the security considerations surrounding it. We are committed to:

• Regularly reviewing and enhancing our AI security controls
• Maintaining transparency about our AI usage and security practices
• Adapting our approach as industry standards and regulatory expectations evolve

AI Principles

Security by Design

Our platform incorporates AI capabilities with security as a foundational element. We implement multiple layers of protection to ensure that AI features enhance your regulatory operations without introducing new risks.

Data Privacy

We treat your regulatory data with the utmost care. Our AI systems are designed to assist with regulatory management while maintaining strict data privacy controls. Your data belongs to you—not to us or our AI providers.

Transparency

We believe you should understand how AI is used in our platform. All AI-assisted actions are visible to users, and we provide clear information about how our AI features work with your data.

Regulatory Compliance

Our AI implementation is designed to support your compliance requirements. We maintain SOC 2 Type I certification pending Type II and continuously evaluate our practices against evolving regulatory standards for AI in financial services. We also understand that these standards can lag behind the evolving landscape of AI tools and continuously evaluate how to proactively address risks as they emerge.

How We Use AI

Our platform uses AI technologies from trusted providers to help you manage regulatory information more effectively. These capabilities include:

• Categorizing regulatory information to improve searchability and relevance
• Analyzing regulatory documents to identify key requirements and implications
• Assisting with organizing and contextualizing regulatory data

All AI features operate within our secure platform environment and are subject to the same rigorous access controls as all other platform functions. In short, the AI cannot do anything that users do not have permission to do and it will always show exactly what data it is accessing and what actions it is taking.

How We Protect Your Data

No Training on Your Data

We do not use your data to train AI models. Content and documentation that you store or produce in Crosswise is never used to train, fine-tune, or improve the foundation models we employ.

Limited Data Access

Our AI implementations access your data only through a secure middleware layer that enforces strict permission controls. AI capabilities can only access information that the authenticated user is authorized to view.

Multi-Tenant Protection

Our architecture maintains complete isolation between customer environments. AI features operate within this multi-tenant framework, ensuring that your data remains segregated from other customers.

Artifact Deletion

We provide the option to delete data within the UI. When data is deleted by the user, it is immediately deleted from our production system and is no longer available to other users or to us. Our cloud storage system may keep backups of this data for no longer than 30 days. 

Account Deletion

All customer data, including AI interaction logs and conversations is deleted within 30 days of contract termination. We provide verification of this deletion upon request. 

By customer request, we are able to implement custom data retention and deletion policies in order to comply with record keeping regulations.

Security Controls for AI

Authorized Model Usage

We only use foundation models from trusted cloud providers through their official API channels. These providers are selected based on their enterprise-grade security capabilities and contractual protections of customer data that meet or exceed our own.

Permission Boundaries

Our AI implementation follows the principle of "least privilege." AI capabilities assume the same permissions as the authenticated user, meaning they cannot perform actions beyond what the user is authorized to do.

Output Transparency

All AI-generated outputs that affect your data are visible to users. This transparency allows for human oversight and validation of any AI-assisted processes.

Continuous Monitoring

We employ industry-leading security monitoring tools to detect unusual patterns or potential security issues related to AI usage.

Assurance

We understand that financial institutions require assurance regarding AI security. We're happy to discuss our controls in detail with potential and current customers, including:

• Providing additional technical documentation during the due diligence process
• Answering specific questions about our AI implementation
• Discussing how our security approach aligns with your compliance requirements

For more information about our AI security approach or to schedule a conversation with our security team, please contact us at support@crosswise.io.