Responsible AI at DSE
Data Science & Engineering Experts, Inc. ("DSE," "we," "us," or "our") advises organizations on how to adopt artificial intelligence ("AI") responsibly, and we hold our own use of AI to the same standard we help our clients set. This statement explains how we use AI internally and in client engagements, the governance methodology we apply, and the commitments we make about the data entrusted to us.
This statement is a description of our current practices. It is not a contract, does not create warranties, and does not modify the terms of any agreement between you and DSE. Where this statement and a signed agreement (including a Data Processing Addendum or "DPA") address the same subject, the signed agreement controls.
Scope of this statement
This statement applies to DSE's use of AI in the delivery of its professional services, including AI-governance advisory, data and analytics engagements, and internal business operations. It covers AI systems we operate, AI features embedded in the software tools we use, and third-party AI model and inference providers we rely on to support our work.
Our SaaS product, PrivateStack, publishes its own Responsible AI statement covering how that platform processes tenant prompts and outputs. Where a client engagement is governed by a separate agreement, that agreement's data-handling terms take precedence over this statement.
How DSE uses AI
DSE uses AI in two contexts:
- Internally, to support research, drafting, code assistance, analysis, and routine operational work. A qualified DSE professional reviews and is accountable for any work product informed by AI before it is relied upon or delivered.
- In client engagements, to accelerate analysis, generate draft artifacts, and support advisory deliverables. AI is used as a tool that augments the judgment of our practitioners; it does not replace the professional responsible for the engagement.
We do not use AI to make final, consequential decisions about individuals on a client's behalf without a human in a position to review and override the outcome. Where an engagement involves AI that could affect individuals' rights, opportunities, or access to services, we treat that as a higher-risk context and apply the additional review described below.
Our AI governance methodology
DSE's internal governance practice is aligned with the U.S. National Institute of Standards and Technology AI Risk Management Framework (NIST AI 100-1, the "AI RMF") and its four core functions:
- Govern — We maintain internal accountability for AI use, including designated ownership, acceptable-use expectations for our team, and periodic review of the AI tools and providers we rely on.
- Map — Before applying AI to a new context, we identify the intended use, the people and data involved, and the potential for harm, so that risk is understood before deployment.
- Measure — For higher-risk uses, we assess AI outputs for accuracy, reliability, and disparate impact using methods appropriate to the context, and we document limitations.
- Manage — We prioritize and act on identified risks, apply human oversight proportionate to the stakes, and adjust or discontinue an AI use when the risk is not acceptable.
For engagements where AI may materially affect individuals, our methodology includes an impact-assessment practice: we document the intended use and affected populations, consider foreseeable harms and bias, identify applicable legal and regulatory obligations, and recommend mitigations and human-oversight controls. This practice is a professional methodology, not a guarantee of any particular outcome, and its application is scoped to each engagement.
Our core AI commitments
The commitments in this section are shared, without modification, across DSE's Responsible AI statement and the PrivateStack Responsible AI statement. In this section, "you" and "your" refer to our customers and clients, and "content" means the prompts, inputs, files, and outputs that you provide to, or generate through, our AI systems and services.
Processing of your content
We process your content solely to provide, operate, secure, and support our AI systems and services. We do not use your content for advertising, and we do not sell your content.
No training on your content
We do not use your content to train, fine-tune, or otherwise develop AI models — neither our own models nor those of any third-party provider. We engage AI model and inference providers under commercial (API) terms that do not permit those providers to train their models on your content.
Opt-in service-improvement analytics
We use aggregated, de-identified usage analytics to improve and operate our services only with your opt-in. These analytics are aggregated and de-identified so that they do not identify you or any individual, and they are used to improve our services — not to train AI models. Where you have not opted in, we do not use your content for service-improvement analytics.
AI model and inference providers
We rely on third-party AI model and inference providers to deliver certain features. We disclose the categories of providers we engage — including cloud infrastructure and hosting providers, identity and authentication providers, AI model and inference providers, and analytics providers. A current list of the specific providers we engage is available to customers under our Data Processing Addendum on written request. We engage all such providers under terms consistent with the commitments in this statement.
Human oversight
A qualified person remains accountable for AI-assisted work. We design our AI uses so that a human can review, correct, or override AI outputs, and we do not rely on AI to make final consequential decisions about individuals without a person in a position to review the outcome.
Data retention and deletion
We honor verified deletion requests as required by applicable law and our agreements. Following termination of an account or conclusion of an engagement, we purge the associated content within 30 days, except that residual copies contained in encrypted backups age out on our standard backup-rotation schedule. We retain records for longer only where required by law, such as for tax, legal-hold, or other legal-retention obligations.
Security safeguards
We protect content processed by our AI systems using safeguards including encryption in transit (TLS 1.2 or higher) and at rest (AES-256), least-privilege access controls, multi-factor authentication for administrative access, storage of credentials in managed secret storage rather than in source code, and audit logging. In the event of a security incident affecting your content, we will notify affected parties without undue delay and as required by applicable law.
Framework alignment
Our AI governance is designed to align with the NIST AI Risk Management Framework (AI RMF). Alignment describes the framework we apply to our own practices; it is not a certification, accreditation, or attestation by any third party, and no such alignment guarantees any particular result.
Limitations and no warranty
AI systems can produce outputs that are inaccurate, incomplete, or unsuitable for a given purpose. You are responsible for reviewing AI-assisted outputs before relying on them. This statement describes our practices and does not create any warranty or contractual commitment; any warranties, disclaimers, and limitations of liability are governed exclusively by the agreement between you and Data Science & Engineering Experts, Inc.
Changes to this statement
We may update this statement from time to time. When we do, we will revise the effective date above and post the updated statement. Material changes take effect upon posting unless a later date is stated.
Our commitments to client data
In a consulting engagement, the client remains responsible for its own data and, where applicable, is the controller or business with respect to that data; DSE acts as a service provider or processor and handles client data in accordance with the engagement agreement and the core AI commitments above. We support our financial-institution and other regulated clients in meeting their own compliance obligations, and we handle client data on a need-to-know, least-privilege basis for the purpose of delivering the engaged services.
Questions and contact
For questions about this statement or DSE's use of AI, or to make a privacy-related request, contact us at legal@thedataexperts.us, or use the privacy request form available on this Site. Requests may include access, correction, deletion, or opt-out request types where applicable law provides those rights.
Data Science & Engineering Experts, Inc.
8735 Dunwoody Place #5714, Atlanta, GA 30350
This statement is governed by the laws of the State of Georgia, without regard to its conflict-of-laws principles.