AI Compliance

1. Our Commitment to Responsible AI

At Aditya Labs, operated by B Mohan (Watford, United Kingdom), we are committed to building and deploying artificial intelligence in a way that is ethical, transparent, and respectful of our users' rights. Our AI agent platform at adityalabs.ai empowers small businesses with intelligent chatbot agents, and we take our responsibility seriously to ensure these tools are used safely and in compliance with applicable regulations worldwide. This page outlines how we approach AI governance, data protection, and regulatory compliance across every jurisdiction where our customers operate.

2. EU AI Act Compliance

We are committed to compliance with the European Union's Artificial Intelligence Act (EU AI Act) and have taken steps to align our platform accordingly.

• Risk Classification: Our chatbot agents are classified as limited-risk AI systems under the EU AI Act. They are designed to assist with customer service, lead capture, and informational inquiries rather than making high-risk decisions that affect individuals' fundamental rights.
• Transparency Requirements: All AI-generated responses are clearly labeled as coming from an AI system. Users interacting with our chat agents are informed that they are communicating with an artificial intelligence, not a human.
• AI Disclosure: The chat widget displays "Powered by Aditya Labs" to clearly indicate AI involvement in every interaction. This ensures end-users are never misled about the nature of their conversation partner.
• Human Oversight: Business owners can review all AI conversations through the dashboard and intervene when needed. End-users can contact the business directly via the contact information displayed in the chat widget.

3. AI Transparency

We believe users and businesses deserve full visibility into how our AI systems work.

• Model Information: Our AI agents use OpenAI GPT-4o-mini models to generate conversational responses. We select models that balance performance, cost-effectiveness, and safety for small business use cases.
• Response Generation: Responses are generated based on the business-provided knowledge base and system prompts configured by the business owner. The AI does not access external data sources beyond what the business has explicitly provided.
• Accuracy Disclaimer: AI may sometimes generate inaccurate or incomplete responses. Businesses should regularly review their agent configurations, test conversations, and monitor analytics to ensure response quality meets their standards.
• No Automated Decision-Making: We do not use AI for automated decision-making that significantly affects individuals. Our agents are informational and conversational in nature and do not make binding decisions on behalf of businesses or their customers.

4. Data Usage in AI

We handle conversation data with care and transparency.

• Real-Time Processing: Conversation data is used solely to generate responses in real-time. Messages are sent to the AI model provider to produce a response and are not used for model training, per our provider agreements and API configuration.
• No Model Training: We do NOT train AI models on customer conversation data. Your conversations are never used to improve or fine-tune any underlying AI models.
• Conversation Logging: Conversations are logged within the Aditya Labs platform for analytics, quality improvement, and to provide business owners with conversation history and insights.
• Data Deletion: Business owners can delete conversation data at any time through their dashboard. We respect your right to control your data and provide tools to manage it accordingly.

5. Human Oversight

We ensure that humans remain in control of AI agent behavior at all times.

• Conversation Monitoring: Business owners have access to full conversation history and analytics through the dashboard, allowing them to review interactions and follow up with customers directly.
• Full Agent Control: Business owners have full control over their agent's behavior through configurable system prompts, knowledge base entries, and response settings. They define the tone, scope, and boundaries of their AI agent.
• Monitoring and Analytics: The dashboard provides comprehensive conversation monitoring and analytics, allowing business owners to review interactions, identify issues, and continuously improve their agent's performance.

6. CCPA Compliance (California)

We comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). California residents have the following rights:

• Right to Know: You have the right to know what personal data we collect, how it is used, and with whom it is shared. We detail this in our Privacy Policy.
• Right to Delete: You have the right to request deletion of your personal data. Business owners can delete conversation data through their dashboard, and account deletion can be requested at any time.
• Right to Opt-Out of Sale: We do not sell personal data to third parties. There is no need to opt out because we never engage in the sale of user data.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will receive equal service and pricing regardless of whether you exercise your privacy rights.

To exercise any of these rights, please contact us at hello@adityalabs.ai.

7. PIPEDA Compliance (Canada)

We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and adhere to the following principles:

• Consent: We obtain meaningful consent before collecting, using, or disclosing personal information. Users are informed about what data is collected and how it will be used.
• Limited Collection: We collect only the personal information necessary to provide and improve our services. We do not collect data beyond what is required for the stated purposes.
• Purpose Limitation: Personal information is used only for the purposes for which it was collected. We do not repurpose data without obtaining additional consent from the individual.

8. Australian Privacy Act

We are committed to compliance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).

• APPs Compliance: We adhere to the 13 Australian Privacy Principles governing the collection, use, disclosure, storage, and management of personal information. We maintain open and transparent practices about how we handle personal data.
• Cross-Border Disclosure: When personal information is transferred outside of Australia (for example, to AI model providers or cloud infrastructure in other jurisdictions), we take reasonable steps to ensure the overseas recipient handles the information in accordance with the APPs.

9. Bias and Fairness

We are committed to minimizing bias in AI-generated responses and promoting fair outcomes for all users.

• Model Safety: We use OpenAI models that undergo rigorous safety evaluation and alignment processes. These models are designed to minimize harmful, biased, or discriminatory outputs.
• Business Responsibility: Business owners are responsible for reviewing their agent's responses and ensuring that the knowledge base and system prompts do not introduce biased or discriminatory content.
• Customization Tools: We provide tools to customize agent behavior and tone, enabling business owners to adjust their agents to be inclusive, respectful, and appropriate for their audience.

10. Security Measures

We implement comprehensive security measures to protect data processed by our AI systems.

• Encryption in Transit: All data transmitted between users, our platform, and AI model providers is encrypted using TLS 1.3 to prevent interception and tampering.
• Encryption at Rest: Stored data, including conversation logs, knowledge base entries, and account information, is encrypted at rest using industry-standard encryption algorithms.
• Row-Level Security: Our database implements row-level security (RLS) policies to ensure that each business can only access its own data. No cross-tenant data access is possible.
• Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and address potential threats proactively.
• Infrastructure Providers: Our platform is built on industry-leading infrastructure providers including Supabase, Vercel, and Stripe, each of which maintains their own security certifications and compliance programs.

11. Incident Reporting

If you encounter any issues with our AI systems, including inaccurate responses, biased outputs, privacy concerns, or security vulnerabilities, we encourage you to report them promptly.

• Contact: B Mohan, trading as Aditya Labs — email us at hello@adityalabs.ai with a description of the issue, including any relevant screenshots or conversation details.
• Response Time: We aim to acknowledge all AI-related incident reports within 48 hours and provide a resolution or update within 7 business days.
• Transparency: For significant incidents that affect multiple users, we will provide transparent communication about the issue, its impact, and the steps we are taking to resolve it.

12. Updates to This Page

AI regulation is an evolving landscape. We will update this AI Compliance page as new regulations are enacted or existing regulations are amended. When significant changes are made, we will update the "Last updated" date at the top of this page and, where appropriate, notify our users via email or through the platform. We encourage you to review this page periodically to stay informed about how we are meeting our compliance obligations.