AI Use Policy
Guidelines for the use of Artificial Intelligence features within the ESGdesk™ platform.
Version: v1.0 | Last updated: 28.04.2026
This document is provided in English as the official and legally binding version of the ESGdesk™ policies and agreements.
This AI Use Policy describes how Artificial Intelligence features are used within the ESGdesk™ platform.
This AI Use Policy forms part of the ESGdesk™ Terms of Service and applies to all users of the ESGdesk™ platform.
1. AI Features in ESGdesk™
ESGdesk™ provides AI-powered functionality designed to assist users in processing ESG-related data, improving workflow efficiency, and generating summaries and insights.
The platform may include AI-powered tools such as:
- Elisa AI Assistant – conversational assistant supporting ESG data management
- AI Document Scanner – automatic extraction of structured data from invoices and documents
- AI Executive Summary – generation of narrative ESG summaries for management reports
These tools are designed to support users but do not replace professional judgment or independent verification.
1a. Dual-Channel AI Access
AI features are powered by Google's Gemini large language models, accessed through two channels:
- Lovable AI Gateway — a routing service operated by our platform provider Lovable AB, which proxies requests to Gemini and other LLMs. Used for the majority of AI features (including Elisa scan, structured extraction).
- Direct Google Generative Language API (Gemini) — accessed via Google AI Studio API key. Used for specific tasks: Elisa streaming chat assistant, executive summary translation, mass i18n key translation, newsletter translation, and platform health monitoring.
1b. International Data Transfers for AI Processing
AI processing involves the transfer of input data (documents, text, chat conversations) to servers operated by Google LLC, which may be located in the United States. Such transfers are made under:
- Standard Contractual Clauses (SCCs) approved by the European Commission (EU 2021/914), or
- The EU-US Data Privacy Framework (DPF) for sub-processors that have certified under the framework.
Lovable AB (Lovable AI Gateway) and Google LLC / Google Ireland Limited (Gemini API) are listed as separate sub-processors in the Privacy Policy §10 and at /legal/sub-processors.
2. Human Responsibility
Users remain fully responsible for:
- verifying all AI-generated outputs
- validating extracted or generated data
- ensuring accuracy of ESG reports and disclosures
AI-generated results should be treated as supportive recommendations rather than authoritative outputs.
3. No Professional Advice
AI-generated outputs provided by ESGdesk™ do not constitute:
- legal advice
- financial advice
- ESG certification
- regulatory compliance guarantees
Users must perform their own review before using AI-generated information in official reports or regulatory disclosures.
4. Data Processing by AI
AI features may process user-provided data in order to:
- extract structured data from documents
- generate summaries or insights
- improve usability of ESG reporting workflows
Data processing is performed in accordance with the Privacy Policy and applicable data protection regulations, including GDPR.
Where external AI service providers are used, ESGdesk™ ensures that appropriate safeguards and contractual protections are in place.
ESGdesk™ may use third-party AI providers to deliver certain AI functionalities. These providers may process limited data strictly for the purpose of generating requested outputs. Such providers operate under contractual safeguards and applicable data protection regulations.
4a. No AI Training with Customer Data
By contractual agreement and the documented policies of our AI providers, ESGdesk™ does not use customer-uploaded documents, extracted data, or chat conversations to train, fine-tune, or improve AI models.
- Lovable AI Gateway: subject to Lovable's Data Processing Agreement, which excludes customer data from model training.
- Google Generative Language API (Gemini): Google's API Terms of Service for paid Gemini API access exclude customer prompts and outputs from being used to train Google's models.
Documents and conversations are processed solely for the purpose of fulfilling the user's request within the active session.
5. AI Traceability
Certain AI-generated outputs may include traceability logs for audit purposes, including:
- timestamps
- model identifiers
- generation metadata
These logs may be stored to support transparency and compliance requirements.
Traceability logs are designed to support transparency, auditing, and compliance with applicable regulatory frameworks.
6. Limitation of Liability
ESGdesk™ does not guarantee the accuracy, completeness, or reliability of AI-generated outputs.
Users acknowledge that AI systems may produce inaccurate or incomplete results and agree to independently verify any AI-generated content before relying on it.
7. Acceptable Use
Users agree not to use AI features to:
- upload unlawful or harmful content
- attempt to manipulate or reverse-engineer AI models
- generate misleading ESG disclosures
- violate applicable laws or regulations
Violation of this policy may result in suspension or termination of platform access.
8. EU AI Act Classification
Under the European Union Artificial Intelligence Act (Regulation (EU) 2024/1689), ESGdesk™ AI features are classified as Limited Risk systems. This classification is based on the following characteristics:
- AI is used exclusively as an assistive tool — it does not make autonomous decisions affecting legal or regulatory outcomes
- All AI-generated outputs require human review and verification before use (human-in-the-loop)
- AI-generated content is transparently labeled as AI-assisted throughout the platform
- Full traceability logs are maintained for all AI operations (see Section 5)
- No customer data is used for AI model training (see Section 3)
- Users retain the ability to disable AI features and use the platform without AI assistance
ESGdesk™ assumes no legal liability for decisions made based on AI-generated content. Users must independently verify all AI outputs before relying on them for regulatory, financial, or compliance purposes.
For details on data categories processed by AI features, retention periods for AI activity logs, and your rights as a data subject, please refer to the Privacy Policy — especially Section 9 (AI-Assisted Data Import) and Section 12 (Data Retention).
Version History
| Version | Date | Summary of Changes |
|---|---|---|
| v1.0 | 28.04.2026 | Initial versioned release. Added dual-channel Gemini access disclosure (Lovable AI Gateway + direct Google AI Studio API). Added international transfers section (SCCs + EU-US DPF). Strengthened no-training clauses with per-provider breakdown. Added cross-reference to Privacy Policy v2.0. |
9. Policy Updates
This AI Use Policy may be updated from time to time to reflect changes in technology, legal requirements, or platform functionality.
The latest version will always be available at:
Continued use of ESGdesk™ after updates constitutes acceptance of the updated policy.
