# TwentyCore AI Data Handling Policy

Last reviewed: 2026-05-17

This policy summarizes how TwentyCore AI features should handle operational data. It is a buyer-review document, not a substitute for provider-specific legal terms.

## Tenant-Scoped Context

- AI features should only receive data scoped to the current tenant and user permission.
- Prompt construction should use tenant context helpers rather than hardcoded company assumptions.
- Sensitive values such as passwords, secrets, tokens, and unnecessary personal data should not be sent to AI providers.

## Human Confirmation

- AI output is advisory by default.
- High-impact actions should require explicit human confirmation.
- Finance, inventory, approval, payment, and shipment mutations should not be silently executed by AI.
- Tenant-specific answers should cite source records where practical.

## Provider Review

Before enterprise rollout, confirm:

- AI provider.
- Processing region, if applicable.
- Retention policy.
- Whether customer data is used for model training.
- Opt-out or disablement path.

## Buyer Evidence To Request

- AI endpoint scope.
- Prompt/data minimization approach.
- Human-confirmation controls.
- Provider terms and data-processing review.