AI Safety & Transparency Statement
A plain-language account of where Govarna uses AI, what the current provider path receives, and which decisions remain deterministic or human-reviewed.
Implementation snapshot reviewed 13 July 2026
Deterministic core classification
The core EU AI Act risk-tier workflow is a rules engine. It maps structured answers to defined conditions without asking a language model to choose the tier.
Drafts require human judgment
AI-assisted questionnaire answers are stored as drafts with confidence and review signals. A qualified user must check facts and suitability before external use.
Tenant-scoped context
Database and storage policies use organization membership and role checks. Drafting queries also filter organization-specific inventory and approved answers by organization.
1. Current model provider and client path
The current application calls Anthropic's Messages API through one server-side client. Its default model is Claude 3.7 Sonnet (claude-3-7-sonnet-20250219); the client also permits pinned Claude 3.5 Sonnet and Claude 3.5 Haiku model identifiers. The active implementation does not route customer prompts to Gemini.
Model output is parsed as structured JSON and validated against a Zod schema before the application uses it. Validation reduces malformed output; it does not make model-generated content factually correct.
2. When AI assistance is used
- Questionnaire extraction fallback: Govarna first tries format-specific and rule-based parsing. Raw questionnaire text is sent to Anthropic only when the deterministic parser finds no questions and the Anthropic integration is configured.
- Response drafting: Anthropic receives the individual question plus selected context: relevant organization inventory fields, up to three similar approved answers, and up to three curated response templates.
- Core risk classification: the EU AI Act tier is produced by deterministic boolean rules. The language model is not the core classifier.
3. Data minimization and provider handling
Govarna sends task-relevant text to Anthropic for the two workflows above. The questionnaire fallback can include the submitted raw questionnaire text; response drafting sends one question and the selected context described above. API credentials remain server-side.
4. Tenant isolation and storage
Customer tables use Postgres Row Level Security policies based on organization membership and role. Evidence and original-questionnaire files use private Supabase Storage buckets with organization-scoped object paths and membership-based policies. Server actions authenticate the user before retrieving drafting context.
These controls are defense-in-depth measures, not a guarantee that software can never contain a defect. See the Security & Trust page for more implementation detail.
5. Human review and auditability
AI-assisted answers are saved with draft status. The stored record includes confidence, context identifiers, whether review is needed, and missing-evidence signals. Draft generation and later response state changes create audit-log entries through server-side workflows.
- Review the source context and every factual claim.
- Edit unsupported or organization-specific statements.
- Obtain legal, security, or compliance review where the answer has material consequences.
6. Services involved in current code paths
Anthropic is the current AI model provider. Supabase provides authentication, database, and file storage, while Vercel hosts the Next.js services. Other configured product operations may involve Stripe (billing), Resend (transactional email), Loops (marketing contacts), Google Analytics and PostHog (website analytics), Sentry and Axiom (observability), and Upstash (rate limiting). Which services receive data depends on the feature used and deployment configuration.
For broader data categories and contact routes, read the Privacy Policy. Neither page replaces a signed DPA, order form, or provider-specific terms.