AALI
Trust Center

Governance is a first-class concern.

How AALI handles client data, intellectual property, AI tool usage, and access. Six commitments and the operational detail behind them.

Six Commitments

The structural protections every client receives.

  1. 01

    Client owns everything built

    Every system, prompt, integration, runbook, and document produced during an engagement is owned by the client. We assign all rights on payment in full. The IP language is in our Master Services Agreement; we will redline it for any client that asks.

  2. 02

    Client data is never used to train models

    Confidential information, customer data, internal documents, and engagement materials are never used to train any AI model that is not exclusively owned by the client. This is a contractual commitment, not a marketing position.

  3. 03

    Every account stays in your name

    Tools like OpenAI, Anthropic, integration platforms, and SaaS subscriptions are billed directly to the client's company card under the client's accounts. We do not pass through, resell, or mark up third-party costs. If we leave, every credential remains with you.

  4. 04

    Confidentiality is default-on

    Mutual NDAs are signed before the second conversation. Internal materials, strategy decisions, financials, and customer data stay inside the client organization. The five-year confidentiality clause is standard in our MSA.

  5. 05

    Governance is built before automation

    For every engagement, the first 30 days include a governance review — AI policy, acceptable-use guidelines, data handling documentation, and risk register. Nothing goes live in production until the governance framework is approved by the client's leadership team.

  6. 06

    Engineering review on every system

    Because our founding team includes production software engineers, every integration is reviewable, documented, and reproducible by the client's own engineering team. No black-box systems. No dependencies that vanish when the engagement ends.

Tooling Posture

What we use, and how we use it.

Every tool listed below is configured per-engagement under the client's own accounts. Nothing is shared across clients. The client owns the configuration end-to-end.

Foundation models

  • OpenAI (GPT-4 family, GPT-5)
  • Anthropic (Claude family)
  • Open-source alternatives by client request

Agent infrastructure

  • OpenClaw — AALI's agent platform, deployed inside the client's infrastructure with client-owned API keys
  • Custom skills, hooks, and integrations tailored per engagement

Integrations (selected by client need)

  • CRM: HubSpot, Salesforce
  • Finance: QuickBooks, NetSuite
  • Collaboration: Slack, Microsoft 365, Google Workspace
  • Bespoke integrations as needed
Data Handling

Operational answers, not legal hedges.

If your security or compliance team needs more detail before an engagement, we'll meet with them directly.

01

Where does client data live?

Inside the client's existing infrastructure — the SaaS platforms, cloud accounts, and tools you already use. We do not stand up parallel data infrastructure. We do not store client data on our own servers beyond what is necessary to run the engagement (e.g., shared documents in your Google Workspace or Microsoft 365 tenant).

02

Who at AALI has access to client systems?

During the engagement period, only the AALI team member assigned to your engagement. Access is granted by the client through the client's identity provider, governed by the client's access policies, and revoked by the client at any time. We never request administrator-level access unless explicitly necessary.

03

What happens to access at engagement end?

Within 5 business days of termination, all access is revoked by the client. Any documents, repositories, or shared resources the AALI team member had access to are returned or destroyed at client direction. A formal off-boarding checklist is in our Statement of Work template.

04

Do you carry insurance?

Professional liability and cyber liability insurance are in place. Certificates of insurance are available on request before contract signing.

05

Are background checks available?

Yes. Pre-engagement background check is available on request. Some regulated-industry clients require this before contract execution; we accommodate.

06

How do you handle regulated data (HIPAA, PCI, SOX, GDPR)?

Regulated data is governed by Business Associate Agreements or equivalent contractual frameworks layered on top of our standard MSA. For HIPAA engagements, we sign a BAA and follow client-specified access protocols. We do not move regulated data into AI tools that lack the appropriate contractual protections.

Citation

The Applied AI Leadership Institute. “Trust Center.” https://appliedaileadership.org/trust-center. Accessed [date].

Permission granted to quote any passage from this page with attribution. Recommended attribution: The Applied AI Leadership Institute (AALI), https://appliedaileadership.org/trust-center.

Security & Compliance Questions

Bring your security team into the conversation.

We'll meet directly with CISOs, compliance officers, and general counsel before any contract is signed. Bring the hard questions.