AI Vendor Compliance Pre-Fill Pack
Twelve disclosures every institutional buyer asks before approving an AI vendor. Pre-filled for EDGE Terminal so procurement can finish in a single round.
1. Model provider
Anthropic claude-opus-4-7 for Desk Panel memos and Morning Packet generation. Anthropic claude-haiku-4-7 for marketing-weekly copy generation. No other LLM vendor processes customer data.
2. Training-data policy
EDGE does not use customer prompts, trading-journal entries, or any other customer-conditional data to train any model. Anthropic retains prompts for up to 30 days for abuse detection per their commercial terms; under the Zero Data Retention beta (enabled by the operator via ANTHROPIC_ZDR_ENABLED=true) retention is zero.
3. Retention
Desk Panel audit-log rows (SHA-256 hashes of prompt + response, model id, temperature, token counts, latency) are retained for 7 years per CFTC §1.31 / SEC 17a-4. Raw prompt and response text are NOT retained on the audit row.
4. Audit trail
Every Desk Panel invocation writes one row to audit_log with event_type='desk_panel_invocation' and a payload carrying: { model, prompt_sha256, response_sha256, system_prompt_version, temperature, tokens_in, tokens_out, latency_ms }. The SHA anchors let compliance reconstruct invocations from prompt snapshots in lib/desk-panel/prompts/v8/.
5. Hallucination SLA
Models can and do hallucinate. EDGE prompts forbid asserting numbers absent from the supplied DeskContextJSON; agents are instructed to use "no observation" when context is missing. We commit to review and triage user-submitted review flags (/api/desk/review-flag) within 2 business days.
6. Disclaimer language
The literal disclaimer is rendered by components/desk/Disclaimer.tsx on every memo, packet, and Desk page, and is exported as DESK_DISCLAIMER_TEXT so the same string ships in the PDF and the email body.
7. Prompt logging
System prompts are versioned files in lib/desk-panel/prompts/v8/ and the version string (v8) is captured in every audit-log row. Customer can request a copy of the exact prompt that produced a given hash at support@edgefx.xyz.
8. Inference region
Default — Anthropic us-east-1. Enterprise option — AWS Bedrock eu-central-1 routes inference traffic through the customer's VPC. See /trust/sub-processors.
9. On-premises option
Customers requiring full data isolation deploy EDGE via Docker Compose with self-hosted Supabase. AI provider is configurable between Anthropic direct and AWS Bedrock; the entire inference path stays inside the customer's perimeter. Runbook at deploy/onprem/RUNBOOK.md.
10. Termination / deletion
On contract termination, EDGE deletes all customer trading and journal data within 30 days. Audit-log rows are anonymised (foreign keys to app_users.id SET NULL) but retained per regulatory obligations above.
11. Indemnification scope
Standard mutual indemnification in the Master Services Agreement; AI-specific indemnification capped at fees paid in the preceding 12 months. EDGE carries professional indemnity insurance with adequate per-claim coverage; certificate available on request.
12. Customer rights
Customers may at any time: request an export of all data (CSV / JSON), request anonymisation of audit-log rows, opt out of Desk Panel features entirely (the rest of the terminal functions without AI), or submit a review flag against any model output. Requests to support@edgefx.xyz; SLA 5 business days for non-emergency.