Governance
Responsible AI & Data Governance
Last updated:
Got AI Policy helps Canadian public-sector teams research, compare, and improve AI governance. Because we ask organizations to be transparent about AI, we hold ourselves to the same standard: clear limits, human oversight, privacy by design, and source-based verification.
Our operating principles
- AI drafts. Humans decide.
- Verify against the source.
- Minimum necessary data.
- Privacy by design.
- No fully automated decisions about people.
- Public evidence remains the source of truth.
- Clear limits are better than vague promises.
What we do with uploaded policies
When you upload a policy or paste a policy link for review, Got AI Policy uses that document to generate a private structured analysis for your account. This may include strengths, gaps, missing clauses, risk areas, and practical next steps.
We do not republish your uploaded document or private review unless you choose to share it.
What we do not do
- We do not directly train public AI models on user uploads, private drafts, direct messages, or forum content.
- We do not sell user data.
- We do not use uploaded policy reviews for advertising.
- We do not use AI to make automated decisions about people.
- We do not treat AI output as legal, privacy, procurement, or compliance advice.
How anonymized and aggregated insights may be used
To improve the platform, we may use anonymized and aggregated analytical insights derived from policy reviews and site usage. For example, we may analyze broad trends such as common missing clauses, frequently requested review areas, recurring governance gaps, or where users encounter friction in the workflow.
These insights are used at a systems level to improve benchmarking, recommendations, prompt quality, safety checks, usability, and service reliability. They are not intended to identify individual users or organizations, reproduce original documents, or train public foundation models.
Raw content vs derived insights
| Data type | Example | How it may be used |
|---|---|---|
| Raw uploaded policy | The original PDF or pasted document. | Used to produce the user's private review. |
| Private AI review | The structured analysis generated for the user. | Visible to the user and authorized staff as needed for support, moderation, security, or service operation. |
| Aggregated insights | Broad patterns across many reviews, such as common missing governance clauses. | Used to improve benchmarking and platform quality. |
| Usage analytics | Feature usage, page activity, error patterns, response timing, helpfulness votes. | Used to improve reliability, usability, prompt quality, and abuse prevention. |
| Public registry sources | Public municipal policies, minutes, reports, and URLs. | Used to power public summaries, search, comparison, and registry evidence. |
Human oversight
AI helps structure research and analysis. It does not replace human judgment. Users remain responsible for reviewing, validating, adapting, and approving any policy, briefing, or decision that uses Got AI Policy outputs.
Data user responsibilities
Do not upload confidential, restricted, personal, or third-party information unless you are authorized to do so. Organizations are responsible for ensuring their use of Got AI Policy complies with their internal privacy, records management, procurement, confidentiality, and AI governance requirements.
Questions and deletion
Users can delete their account and associated personal data from Settings where available, or contact support@gotaipolicy.ca. Questions about AI use, privacy, or data handling can be sent to the same address. See also the AI Use page and the privacy policy.