Last modified at: June 05 2026
This annex sets out the principles and requirements governing Axaz’s use of artificial intelligence tools, including large language models, generative AI assistants, code assistants, autonomous or semi-autonomous development agents, and similar AI-enabled tools, in connection with the delivery of services to the Client.
The purpose of this annex is to enable practical and secure use of AI-assisted tools while protecting the Client’s confidential information, personal data, source code, business information, operational data, and other sensitive materials.
AI tools may be used to support activities such as software development, analysis, documentation, testing, workflow automation, content generation, and quality assurance, provided that such use complies with this annex, the Main Agreement, any applicable Data Processing Agreement, and applicable law.
AI tools are used as assistive technologies. Responsibility for final deliverables remains with Axaz, and AI-generated or AI-assisted outputs included in deliverables remain subject to professional review and applicable contractual requirements.
For the purposes of this annex:
“AI Tool” means any software, service, platform, model, assistant, agent, or integrated development tool that uses artificial intelligence, machine learning, large language models, generative AI, or similar technologies to process input and generate, transform, analyze, summarize, recommend, or otherwise assist with output.
“Public AI Tool” means an AI Tool made available under public, consumer, trial, free, or otherwise non-enterprise terms where Axaz has not approved the tool for processing Client Data or where the applicable terms do not provide appropriate confidentiality, data protection, and usage restrictions.
“Secure AI Environment” means an AI Tool or AI-enabled service approved by Axaz for business use and operated under commercial, enterprise, or equivalent terms that include appropriate confidentiality, security, access control, data protection, and model-training restrictions.
“Client Data” means information provided by or on behalf of the Client, or accessed, generated, or processed by Axaz in connection with the services, including Client confidential information, source code, technical documentation, business information, personal data, health data, production data, system information, credentials, secrets, logs, payloads, and operational data.
“Personal Data” has the meaning given to it under applicable data protection law, including the GDPR where applicable.
Axaz may use AI Tools to support delivery activities where such use is appropriate, secure, and consistent with this annex.
Axaz shall use reasonable organizational and technical measures to ensure that AI-assisted processing is performed in a manner that protects Client Data against unauthorized access, disclosure, loss, or misuse.
Axaz shall maintain internal guidelines, controls, or approval processes for the use of AI Tools in delivery activities.
Personnel using AI Tools shall be expected to follow applicable confidentiality, security, data protection, and quality assurance requirements.
Client Data must not be entered into, uploaded to, pasted into, or otherwise processed by Public AI Tools unless the information has first been anonymized, aggregated, generalized, or otherwise transformed so that it no longer identifies the Client, data subjects, systems, source code, confidential business information, or other sensitive information.
Public AI Tools may be used for abstract, generic, or non-confidential tasks, such as:
When using Public AI Tools, prompts and inputs should avoid Client-specific details, including:
Client Data may be processed using Secure AI Environments where such processing is reasonably necessary or useful for delivery activities and is consistent with the Main Agreement, applicable Data Processing Agreement, and applicable law.
Secure AI Environments should, as applicable to the relevant tool and use case:
Source code, technical documentation, and delivery-related materials may be processed in Secure AI Environments where necessary for delivery, review, testing, analysis, or quality improvement.
Secrets, credentials, private keys, access tokens, passwords, live production credentials, and similarly sensitive values must not be submitted to AI Tools unless expressly authorized, technically required for the specific secured workflow, and protected by appropriate controls.
Axaz’s use of AI Tools shall be subject to the confidentiality obligations set out in the Main Agreement.
Where AI-assisted processing involves Personal Data, such processing shall be performed in accordance with the applicable Data Processing Agreement, applicable data protection law, and Axaz’s relevant security controls.
Where the processing involves health data, special categories of personal data, protected health information, or similarly regulated information, Axaz shall apply safeguards appropriate to the regulatory context and the agreed scope of services.
This annex does not replace any Data Processing Agreement between the parties. In the event of conflict between this annex and a Data Processing Agreement regarding the processing of Personal Data, the Data Processing Agreement shall prevail for that processing.
Axaz shall not knowingly use AI Tools in a manner that permits Client Data to be used to train public or third-party foundation models, unless expressly agreed with the Client in writing.
For Secure AI Environments, Client Data should be processed under terms that either:
Where provider retention cannot be fully disabled, Axaz shall use reasonable efforts to ensure that such retention is limited, protected by confidentiality and security terms, and not used for training public models.
AI Tools may be used to assist with, among other things:
AI Tools must not be used to intentionally bypass security controls, confidentiality obligations, access restrictions, licensing terms, or legal requirements.
AI Tools must not be used to generate or deploy malicious code, unauthorized surveillance functionality, credential harvesting mechanisms, or other harmful functionality.
AI-generated or AI-assisted output that forms part of final deliverables, production code, Client-facing materials, contractual materials, or critical analysis shall be reviewed by qualified Axaz personnel before delivery, deployment, or formal reliance.
Such review should be proportionate to the nature, risk, and importance of the output and may include, as applicable:
AI-generated code or recommendations shall be treated with the same care as third-party code, externally sourced material, or manually produced work of equivalent importance.
Internal drafts, exploratory analysis, intermediate scripts, or rough concepts may be reviewed in accordance with Axaz’s standard internal workflows, provided they are not delivered to the Client or deployed into production without appropriate review.
The use of AI Tools in accordance with this annex shall not alter the allocation of intellectual property rights set out in the Main Agreement.
Deliverables generated, assisted, or enhanced through the secure use of AI Tools shall remain subject to the ownership, license, and usage terms agreed between the parties.
Axaz shall use reasonable care to avoid knowingly incorporating AI-generated material into deliverables where such incorporation would materially conflict with the agreed intellectual property terms, applicable third-party licenses, or applicable law.
Any suspected unauthorized disclosure of Client Data through an AI Tool shall be handled in accordance with the incident notification, confidentiality, security, and data breach provisions of the Main Agreement and any applicable Data Processing Agreement.
Axaz shall take reasonable steps to investigate, contain, and remediate suspected misuse or unauthorized disclosure involving AI Tools.
The parties acknowledge that AI technologies, legal requirements, and provider terms are evolving.
Axaz may update its internal AI governance practices, approved AI Tool list, security controls, and usage guidelines from time to time, provided that such updates do not materially reduce the protection of Client Data under this annex.
Where a material change affects the processing of Client Data in a way that requires notice or agreement under the Main Agreement or applicable Data Processing Agreement, such notice or agreement shall be handled in accordance with those terms.
This annex supplements the Main Agreement.
In the event of conflict between this annex and the Main Agreement, the Main Agreement shall prevail unless this annex expressly states otherwise.
In the event of conflict between this annex and an applicable Data Processing Agreement regarding the processing of Personal Data, the Data Processing Agreement shall prevail for that processing.