FlowAssure AI Disclosure Statement

Version: 1.0 | Last Updated: 19/06/2026

1. Purpose of This Document

This AI Disclosure Statement explains how FlowAssure uses artificial intelligence ("AI") technologies within its vendor risk assessment platform, including limitations, data usage, and user responsibilities.

It is intended to support transparency for customers, vendors, and other stakeholders using or affected by FlowAssure outputs.

2. Use of Artificial Intelligence

FlowAssure uses artificial intelligence technologies to support vendor risk assessment and third-party risk management workflows.

AI capabilities may be used to:

  • Summarise vendor-provided documentation (e.g. security policies, questionnaires, certifications)
  • Analyse and structure risk-related information
  • Generate risk insights, classifications, and scoring suggestions
  • Assist users in identifying potential compliance, security, operational, and financial risks
  • Improve consistency and efficiency of vendor risk reviews

AI-generated outputs are intended to assist human decision-making and do not replace human judgement.

3. Technology Providers

FlowAssure utilises Microsoft Azure OpenAI Service to provide certain AI capabilities.

This means:

  • Prompts and inputs may be processed by Azure OpenAI models hosted on Microsoft infrastructure
  • Processing is subject to Microsoft's enterprise data protection and security commitments
  • Customer data is not used to train OpenAI or Microsoft foundation models

4. Data Hosting and Processing Location

FlowAssure processes and stores customer data within the European Union (EU).

Where Azure OpenAI services are used, processing occurs in EU-based data centres in accordance with Azure regional availability and configuration.

5. Nature and Limitations of AI Outputs

AI-generated outputs provided by FlowAssure may include:

  • Risk summaries and classifications
  • Suggested risk ratings or severity levels
  • Extracted key points from vendor documentation
  • Automated responses to questionnaires or assessment frameworks

However, you acknowledge and agree that:

  • AI outputs may be incomplete, inaccurate, outdated, or contextually incorrect
  • AI may misinterpret vendor documentation or infer incorrect conclusions
  • Outputs are probabilistic, not deterministic or guaranteed
  • AI does not "understand" risk in a human or regulatory sense

Accordingly, AI outputs should not be treated as authoritative, definitive, or final assessments.

6. Human Oversight Requirement

FlowAssure is designed to support human-in-the-loop decision-making.

Customers are solely responsible for:

  • Reviewing all AI-generated outputs before use
  • Validating risk assessments and recommendations
  • Making final decisions regarding vendor onboarding, approval, monitoring, or rejection
  • Ensuring compliance with applicable legal, regulatory, and internal governance requirements

AI outputs must not be used as the sole basis for material business decisions.

7. Prohibited Uses

AI outputs from FlowAssure must not be used for:

  • Fully automated vendor approval or rejection without human review
  • Legal or regulatory compliance certification
  • Security guarantees or assurances regarding vendors
  • Replacement of formal due diligence or audit processes

8. Data Usage and Privacy

FlowAssure processes customer-submitted data strictly for the purpose of:

  • Delivering vendor risk assessment functionality
  • Generating AI-assisted insights and outputs
  • Improving platform performance and reliability (in anonymised or aggregated form where applicable)

FlowAssure does not:

  • Use customer data to train public AI models
  • Sell customer data to third parties
  • Share customer data with unauthorised third parties

All processing is subject to applicable data protection laws, including the GDPR.

9. Security and Safeguards

FlowAssure implements appropriate technical and organisational measures designed to protect data integrity and confidentiality, including:

  • Encryption in transit and at rest
  • Role-based access controls
  • Secure authentication mechanisms
  • Data segregation between customer environments where applicable

Azure OpenAI services are used under Microsoft's enterprise security and compliance framework.

10. Customer Responsibilities

Customers are responsible for ensuring that:

  • They have lawful grounds to submit vendor, supplier, and third-party data into FlowAssure
  • Any personal data shared is limited, relevant, and legally permissible
  • Confidential or sensitive data is handled in accordance with internal policies and applicable law
  • AI outputs are reviewed prior to use in any decision-making process

11. No Warranties

FlowAssure makes no warranties that:

  • AI outputs will be accurate, complete, or fit for purpose
  • All risks relating to a vendor will be identified
  • AI outputs will comply with specific regulatory requirements in all jurisdictions

12. Changes to This Statement

FlowAssure may update this AI Disclosure Statement from time to time to reflect changes in technology, legal requirements, or platform functionality.

The latest version will always be made available within the FlowAssure platform or upon request.

13. Contact

For questions about this AI Disclosure Statement, please contact:

FlowAssure / FlowForma

 +1 (617) 398 4990
+44 (0) 20 3481 1319
+353 (0)1 5369 650
info@flowforma.com