ExactFlow p.s.a. AI Usage Disclosure

How ExactFlow uses Artificial Intelligence in its SaaS Platform and what it means for you

Effective Date: 1 April 2026  |  Version 1.0  |  Governing Regulation: EU AI Act (Regulation (EU) 2024/1689)  (Last updated: 1 April 2026)

Document TypeAI Usage Disclosure — ExactFlow SaaS Platform
Applies ToAll Platform Clients, Authorized Users, API developers, and affected data subjects
AI RegulatorEU AI Office — digital-strategy.ec.europa.eu/ai
Data ProtectionUrząd Ochrony Danych Osobowych (UODO) — www.uodo.gov.pl
AI Contactai-governance@exactflow.com
DPO Contactprivacy@exactflow.com

ExactFlow is committed to transparent and responsible AI. This disclosure explains which AI systems we deploy, what they do, how they affect our Clients and their customers, and what rights and safeguards apply. It is issued in compliance with the EU AI Act (Regulation (EU) 2024/1689), GDPR Article 13/14 transparency obligations, and ExactFlow's own responsible AI principles.

1. Our Approach to AI — Principles

ExactFlow builds and deploys AI systems in accordance with the following principles, drawn from the EU AI Act and OECD AI Principles:

  • Human oversight — all AI Agent outputs that carry material business consequences require human review before execution
  • Transparency — we disclose when AI is involved in decisions affecting Clients, users, or end customers
  • Accuracy and robustness — our AI systems are tested, monitored, and improved continuously
  • Privacy by design — AI systems process only the minimum data necessary for each function
  • Non-discrimination — AI outputs are monitored for disparate impact and corrected where identified
  • Accountability — ExactFlow maintains documentation and governance records for all AI systems

2. AI Systems Deployed — The Six ExactFlow AI Agents

ExactFlow operates six proprietary AI Agents embedded in the SaaS Platform. These are purpose-built decision-support tools, not general-purpose AI models. All six Agents are deployed in an assistive capacity — they augment human decision-making, they do not replace it.

None of ExactFlow's AI Agents are classified as high-risk AI systems under Annex III of the EU AI Act in their standard Marketplace and Platform deployment context. ExactFlow conducts an annual AI risk classification review. If a deployment context changes in a way that triggers high-risk classification, ExactFlow will notify affected Clients and implement the additional obligations required under the EU AI Act.

AI AgentRolePrimary FunctionEU AI Act Risk Classification
AxelCustomer Support AgentHandles inbound support queries, routes complaints, drafts responses, tracks returns and order status for Clients' customer service teamsLimited Risk — chatbot transparency obligation applies (Art. 50 EU AI Act)
ZaneSales AssistantAnalyses sales data, generates pricing recommendations, drafts marketing copy, identifies upsell opportunitiesMinimal Risk — sales analytics and recommendation tool; no autonomous pricing authority
TesaPurchasing AgentScans supplier data, recommends reorder points, drafts RFQs and purchase orders, tracks fulfilmentMinimal Risk — procurement support; all purchase commitments require human authorization
RayaFinancial AssistantReconciles transactions, generates margin and cashflow reports, flags anomalies, assists VAT reconciliationMinimal Risk — financial reporting support; outputs are not statutory financial statements
KaiOperations AgentManages fulfilment workflows, coordinates logistics, tracks milestones, flags operational bottlenecksMinimal Risk — operations workflow automation; human checkpoints at critical milestones
NiaHR AssistantSupports scheduling, drafts HR templates, tracks training completion, generates workforce analyticsLimited Risk — HR context requires enhanced human oversight; no autonomous employment decisions

3. What Each AI Agent Does and Does Not Do

3.1 Axel — Customer Support Agent

What Axel does
  • Classifies and routes inbound support tickets to the appropriate team or knowledge base response
  • Generates draft responses to common queries based on the Client's configured knowledge base
  • Provides automated order status updates and tracking information to end customers
  • Initiates and tracks return and warranty claim workflows
  • Identifies when a query requires human escalation and flags it accordingly
What Axel does not do
  • Make legally binding commitments on behalf of the Client without human authorization
  • Resolve disputes involving claims of legal non-conformity or consumer rights violations autonomously
  • Deny or grant refunds without human review where the amount exceeds the Client's configured authorization threshold
  • Identify itself as human — Axel will disclose that it is an AI system if directly asked, in compliance with EU AI Act Article 50

3.2 Zane — Sales Assistant

What Zane does
  • Processes historical sales data and market signals to generate pricing recommendations within Seller-defined bands
  • Identifies cross-sell and upsell patterns across the product catalogue
  • Drafts promotional copy and campaign strategy templates for human review
  • Monitors Listing performance and generates optimization suggestions
What Zane does not do
  • Set live prices autonomously without human confirmation — all pricing changes are subject to Client-configured authorization workflows
  • Engage in or facilitate price coordination with competitor data sources
  • Make representations about competitor pricing, stock, or business practices

3.3 Tesa — Purchasing Agent

What Tesa does
  • Scans Marketplace Seller data to generate shortlists of suppliers matching Client criteria
  • Analyses inventory data to recommend reorder points and quantities
  • Drafts RFQ templates and proposed purchase orders for human review
  • Monitors Order fulfilment and flags deviations
What Tesa does not do
  • Commit to purchases above the Client's configured authorization threshold without human sign-off
  • Guarantee Seller compliance status, product certifications, or delivery capacity
  • Access Seller systems directly — Tesa works only with data available within the ExactFlow Platform

3.4 Raya — Financial Assistant

What Raya does
  • Reconciles transaction records with Platform Fee statements and Escrow releases
  • Generates margin analysis and cashflow projection reports
  • Flags transactions that appear anomalous against historical patterns
  • Assists in organizing data for VAT reconciliation and management accounting
What Raya does not do
  • Provide regulated financial advice, tax advice, or statutory accounting outputs under Polish accounting law
  • Submit data directly to tax authorities, auditors, or financial institutions — all Raya outputs require human review before external use
  • Access live bank accounts or payment systems with autonomous debit authority

3.5 Kai — Operations Agent

What Kai does
  • Automates task assignment and workflow routing within configured business rules
  • Tracks Order fulfilment milestones and delivery exceptions
  • Generates operational performance dashboards
  • Coordinates multi-step fulfilment workflows across integrated systems
What Kai does not do
  • Override human-defined escalation rules or skip mandatory human approval checkpoints
  • Modify delivery commitments already made to end customers without human review
  • Interface with third-party logistics beyond the scope of authorized API integrations

3.6 Nia — HR Assistant

What Nia does
  • Supports scheduling and shift planning based on configured rules
  • Drafts HR documentation templates (onboarding, role descriptions, training records)
  • Tracks training completion and compliance certification renewal dates
  • Generates workforce analytics and headcount reports
What Nia does not do
  • Make, recommend, or automate any employment decision — including hiring, promotion, redundancy, or disciplinary action — without documented human review, in compliance with GDPR Article 22 and the Polish Labour Code (Kodeks pracy)
  • Process special category personal data (health, disability, union membership) without explicit Client configuration and a documented GDPR Article 9 legal basis
  • Issue legally binding HR instruments (contracts, disciplinary notices) — all such documents require human authorization

4. Personal Data Processed by AI Agents

Each AI Agent processes personal data only within the scope described below. All AI Agent processing of personal data is governed by ExactFlow's Privacy Policy and, where ExactFlow acts as Data Processor on the Client's behalf, by the Data Processing Agreement (DPA).

AI AgentPersonal Data ProcessedData ControllerRetention by AI System
AxelEnd customer identity, order data, communication content, contact detailsExactFlow (as processor for Client)Session logs: 90 days; ticket data per DPA retention schedule
ZaneAggregated/pseudonymized sales data; no individual consumer personal data in standard deploymentExactFlow (as processor for Client)Analytics data: 2 years aggregated
TesaSeller contact person data; business transaction data; no end-consumer dataExactFlow (as processor for Client)Procurement logs: per DPA retention schedule
RayaTransaction identifiers, invoice references, payment metadata (no card numbers)ExactFlow (as processor for Client)Financial logs: 7 years (accounting obligation)
KaiOrder references, delivery addresses, logistics status dataExactFlow (as processor for Client)Operational logs: 3 years
NiaStaff names, roles, schedules, training records (within Client's HR configuration)Client (ExactFlow as processor)Per Client's own HR retention policy; ExactFlow logs: 3 years

5. No Solely Automated Decisions with Legal Effects

ExactFlow confirms that none of its AI Agents make solely automated individual decisions that produce legal effects or similarly significantly affect individuals, within the meaning of GDPR Article 22. Specifically:

  • Account suspension decisions involve human compliance officer review
  • Refund approvals or rejections above configured thresholds require human authorization
  • Fraud flags generated by AI systems are reviewed by a human team before any enforcement action is taken
  • Employment-related recommendations from Nia require documented human sign-off
  • Creditworthiness or payment risk assessments are not made solely by AI systems

Where automated systems generate a flag, score, or recommendation that leads to a decision affecting an individual, that individual may request human review of the decision by contacting privacy@exactflow.com. We will respond within one calendar month.

6. AI Transparency for End Customers (Axel)

Where Clients deploy Axel as a consumer-facing AI chatbot or messaging agent, the following transparency obligations apply in compliance with EU AI Act Article 50:

  • Axel must be configured to identify itself as an AI system when a natural person directly and sincerely asks whether they are interacting with a human or an AI
  • Clients must not configure Axel to deny being an AI system or to claim to be human
  • Where Axel is deployed in a context that could deceive a reasonable person into thinking they are communicating with a human, a visible AI disclosure label must be displayed
  • ExactFlow provides Clients with compliant disclosure templates and configuration guides in the Platform's AI Governance section

Clients are responsible for ensuring that their deployment of Axel complies with the transparency requirements of the EU AI Act and any applicable national implementing measures. ExactFlow provides the technical capability for compliance — the responsibility for correct configuration sits with the Client.

7. Human Oversight Requirements

ExactFlow's AI Agents are designed with mandatory human oversight mechanisms. Clients must not disable or circumvent these mechanisms. Key human oversight requirements are:

ScenarioRequired Human ActionConfigurable Threshold?
Refund or credit note above thresholdAuthorized human must approve before issuanceYes — Client sets threshold in Platform settings
Purchase order above authorization limitAuthorized procurement officer must confirmYes — Client sets per-agent authorization limit
Consumer complaint involving legal rights claimEscalated to human agent within 1 business dayNo — mandatory escalation regardless of configuration
Employment-related recommendation from NiaHR officer or manager must review and sign offNo — mandatory for all HR decisions
Fraud flag or AML alertHuman compliance officer reviews before enforcement actionNo — mandatory per AML Act obligations
Financial output for external submissionHuman accountant or CFO review before submissionNo — mandatory; AI outputs are not statutory records
AI content used in legally binding communicationsHuman legal or senior business reviewRecommended — Clients should configure mandatory review

8. AI Model Updates and Notifications

ExactFlow continuously improves its AI Agents. Where an update materially changes an Agent's behaviour, capabilities, or data processing in a way that affects Clients or their customers, ExactFlow will:

  • Provide at least 14 days' advance notice of material AI Agent changes via Platform dashboard and email
  • Publish release notes describing the nature of the change and any new human oversight requirements
  • Update this AI Usage Disclosure and the DPA sub-processor schedule where relevant
  • Provide a testing period in the sandbox environment before material changes go live in production

9. AI Governance and Accountability

ExactFlow maintains the following AI governance structures:

  • An internal AI Governance Committee responsible for AI risk assessment, policy, and incident response
  • An AI system register documenting the purpose, technical approach, training data sources, known limitations, and human oversight mechanisms for each AI Agent
  • Annual AI risk classification reviews under the EU AI Act framework
  • A responsible AI incident response procedure for cases where AI outputs cause harm or behave unexpectedly
  • A public point of contact for AI-related queries: ai-governance@exactflow.com

10. Your Rights Regarding AI Processing

If you are an individual whose personal data is processed by ExactFlow's AI Agents, you have the following rights:

  • Right to explanation: request an explanation of how an AI-assisted decision was reached
  • Right to human review: request that a human reviews any AI-assisted decision that significantly affects you
  • Right to object: object to processing of your personal data by AI systems based on legitimate interests under GDPR Article 21
  • Right to erasure: request deletion of your personal data from AI system logs, subject to legal retention obligations
  • Right to complain: contact the UODO (www.uodo.gov.pl) if you believe AI processing of your data breaches the GDPR

Exercise these rights by contacting privacy@exactflow.com or ai-governance@exactflow.com. We will respond within one calendar month.

11. Contact

AI Governanceai-governance@exactflow.com
Data Protection (DPO)privacy@exactflow.com
Generalhello@exactflow.com
Registered AddressExactFlow p.s.a., Stanisława Bodycha 87, 05-816 Reguły, Poland
EU AI Officedigital-strategy.ec.europa.eu/ai
Supervisory AuthorityUODO — ul. Stawki 2, 00-193 Warsaw | www.uodo.gov.pl

This AI Usage Disclosure is issued in compliance with: EU AI Act (Regulation (EU) 2024/1689); GDPR Articles 13, 14, 22 (Regulation (EU) 2016/679); Polish Personal Data Protection Act (Dz.U. 2018 poz. 1000); and ExactFlow's Responsible AI Policy. Independent legal and technical review is recommended before publication.

— END OF AI USAGE DISCLOSURE — EXACTFLOW P.S.A. —

ExactFlow AI Usage Disclosure