PowerDMARC AI Principles

1. Safety

We design and operate PowerDMARC AI to produce reliable, security focused outputs. PowerDMARC AI does not fall under the high-risk categories described under Annex III of the EU Artificial Intelligence Act. We exclude prohibited AI practices like manipulative or exploitative systems and  apply secure engineering practices, testing, and monitoring to reduce the risk of harmful or misleading results.

2. Privacy and Security

We apply appropriate technical and organizational safeguards to protect customer data processed by PowerDMARC AI. Access is limited to authorized systems and personnel and is protected through security controls appropriate to the sensitivity of the data, with the defined retention period and maintaining activity logs for traceability.

3. Transparency

We aim to provide clear, understandable AI outputs. Where feasible, PowerDMARC AI explains what it identified, why it matters, what signals informed the result, and the confidence level, so customers can evaluate recommendations before taking action. 

4. Relevance and Data Minimization

PowerDMARC AI processes only the data required to provide the specific AI feature a customer has enabled. We seek to avoid processing unnecessary or personal and sensitive data and keep outputs focused on the requested security use case, ensuring purpose limitation and minimisation throughout the AI lifecycle. Processing is also limited to customer-configured features and scoped to the domains, users or datasets explicitly authorized and consented to by the customer.

5. User Control and Human Oversight

Customers remain in control of whether PowerDMARC AI is used and when, where and how outputs are to be applied. AI results are provided to support decision making and can be reviewed, edited, ignored, or validated by the customer before implementation. PowerDMARC AI is not designed for customers to make automated decisions solely. Customers use PowerDMARC AI to support the service quality and not replace human judgment.

6. Accountability

We take responsibility for operating PowerDMARC AI appropriately. We track quality, investigate reported issues, and improve the system over time based on feedback and operational learnings.

7. Output

All AI outputs or synthetic content are clearly labeled, with disclosures on system limitations, including machine-readable watermarking and metadata identifying it as AI-generated output detectable via C2PA or equivalent standards.

We implement reasonable technical and organizational measures to reduce the risk of AI outputs containing unlawful, misleading or infringing content. Customers must assess and validate AI outputs prior to use.

Data Use for PowerDMARC AI

Opt-in and consent

PowerDMARC AI will only process customer information when the customer explicitly enables AI and accepts the applicable AI data processing terms for their account.

Domain-level selection

Customers can control scope by selecting the specific domains that PowerDMARC AI is permitted to use. AI processing is limited to the domains the customer has authorized.

Purpose limitation

PowerDMARC AI processes customer data solely for the purpose of generating AI outputs requested by the customer through enabled features. PowerDMARC AI does not process customer data for unrelated purposes, and it limits processing to what is necessary to produce the requested output. PowerDMARC AI does not process customer data to train or improve generative AI models, except where expressly agreed by the Customer.

Withdrawal and “Forget my profile”

Customers can disable PowerDMARC AI at any time. If the customer requests “Forget my profile,” PowerDMARC will remove the AI profile and delete customer data previously used for AI insights, so it is no longer available for PowerDMARC AI features for that customer, subject to any limited retention required by law, security, audit, fraud prevention, or backup integrity.

Feedback

If customers provide feedback on AI outputs, that feedback may be used to improve the quality and safety of the AI experience, consistent with the customer’s settings and applicable terms.