AI Ethics Statement

Version 1.0 · Effective 8 June 2026

Tailored Tools builds with AI and helps other businesses use it responsibly. This page sets out how we think about that responsibility, what we believe, how we apply it day-to-day, the frameworks we align with, and the specific commitments we make on sensitive data. It is a public commitment and we expect to be held to it.

1. Our principles

Human oversight on consequential decisions. AI is a tool, not a decision-maker. Where an AI output affects someone's livelihood, money, health, legal standing, or access to a service, a human reviews before it goes out.
Transparency about when AI is in use. We tell clients and end-users when content, output, or a recommendation was AI-assisted or AI-generated.
Data minimisation. We collect only what the task needs. We do not hoard data "in case it's useful later."
Honest limits. We tell clients what AI is not good at, where it gets things wrong, and when it shouldn't be used at all. "AI can't do this" is a complete sentence.
Bias awareness. AI models reflect the data they were trained on. We look for and flag bias in outputs, especially anywhere a recommendation affects a person.
Security as a foundation, not an add-on. AI systems we build follow the same security baseline as any production system we operate, encryption, access control, logging, incident response.

2. How we apply these in practice

We review AI outputs before they go to clients. We do not auto-publish or auto-send unreviewed AI-generated content.
We disclose when content shared with clients (reports, copy, designs) is AI-assisted.
We do not use client data to train third-party AI models without the client's explicit, written, informed consent.
We do not build surveillance systems, social-scoring systems, or covert biometric identification systems, full stop. Those use-cases sit outside the work we are willing to take on.
Where we automate communications (emails, WhatsApp messages, reminders) on a client's behalf, we make sure the client is the named sender and that recipients can opt out.
For AO Audit work, we score and report on publicly available information about businesses, not about individuals. Where individual names appear in the public sources we audit (e.g., reviewers), we redact them in our reports.

3. Framework alignment

We align our approach with the following recognised frameworks:

OECD AI Principles, inclusive growth, human-centred values, transparency, robustness, accountability.
UK Government pro-innovation AI regulation white paper, the five cross-sector principles (safety, transparency, fairness, accountability, contestability).
NIST AI Risk Management Framework (US, widely referenced internationally), govern, map, measure, manage.
EU AI Act, we follow the spirit of the Act's risk-based approach where applicable to UK delivery, in particular its prohibitions on social scoring and untargeted facial-recognition databases.

We do not claim formal certification against any of the above. We use them as the standard for how we behave.

4. Special category and biometric data

Special category data under UK GDPR Article 9, biometric data used for unique identification, health data, ethnic origin, religious belief, sexual orientation, political opinions, trade union membership, genetic data, carries higher risk. Our specific commitments when engaged on work involving such data:

Explicit consent is required from the data subjects (Article 9(2)(a)). We will not proceed without it being clearly evidenced in writing.
A Data Protection Impact Assessment (DPIA) is completed before any processing begins, documenting the lawful basis, necessity, proportionality, and risk mitigations.
Enhanced technical measures: encryption at rest and in transit, separation from non-sensitive systems, restricted access, audit logging.
Deletion on engagement end unless the client has a separate lawful basis to retain and has contracted for that retention in writing.
No transfer outside the UK / EEA without adequate safeguards (UK GDPR Chapter V).
No use for any secondary purpose, including training third-party AI models, without fresh explicit consent.

5. When we won't take a project on

We will turn down work that:

builds covert surveillance, including facial recognition without subject knowledge;
contributes to social scoring of individuals;
relies on opaque automated decisions about a person's livelihood, health, legal status, or access to essential services without a viable human-review path;
uses dark-pattern persuasion techniques to override informed consent;
asks us to disable safety controls in a third-party AI system in production.

This is a non-exhaustive list. We use judgement on edge cases and prefer to walk away from work we are not comfortable with than to compromise.

6. Review

This statement is reviewed annually or whenever our service mix materially changes, whichever comes first. Material changes are noted in the version history below.

7. Contact

Concerns about our use of AI on a specific project, or about this statement generally: [email protected]. We aim to respond within one working week.

Version history

1.0, 8 June 2026, First published.