AI you can
actually trust

• Privacy first. Customer Data is never used to train third-party foundation models.
• Human in the loop. AI proposes — people decide. We don’t make fully automated decisions with legal or similarly significant effects on individuals.
• Transparency. Users see when content is AI-generated and can review the source.
• Minimisation. We only send the data the model actually needs to produce a useful answer.
• Customer control. Admins can disable AI features for their workspace.

• Onboarding guidance — answering common questions about Sweden-specific steps (Migrationsverket, Skatteverket, BankID, housing, etc.).
• Document summarisation — short summaries of permit decisions, contracts, or letters uploaded by HR or the hire.
• Drafting — first-draft of emails, checklists, and reminders that HR can edit before sending.
• Translation — translating onboarding messages and instructions between supported languages.
• Search & retrieval — semantic search over a customer’s own workspace content (never across customers).

We do not use AI for: scoring or ranking candidates, eligibility decisions, immigration outcomes, or any decision that legally binds a person without explicit human review.

• No training on Customer Data, prompts, or outputs by Settio or our AI providers.
• Zero retention at the model provider beyond what is required for abuse prevention (typically 0–30 days), under enterprise contracts.
• EU-hosted inference where available; otherwise we use providers under SCCs with technical safeguards (encryption in transit, scoped access, audited).
• Minimisation: we strip unnecessary identifiers from prompts; redact obvious PII fields when not required for the task.
• Logging of AI calls is metadata-only by default; full prompts/outputs are only kept when needed for debugging, with retention limits and access controls.

Settio uses enterprise-grade AI providers chosen for their security posture, EU presence, and contractual no-training and zero-retention terms. The current list of AI subprocessors is published at /subprocessors. Any change is notified at least 30 days in advance.

• AI suggestions are surfaced as drafts, summaries, or proposed actions — never as final decisions.
• Sensitive workflows (e.g. permit-related communications) require explicit confirmation from an HR user before sending.
• Hires can always escalate from an AI answer to a human contact on their HR team.

AI can be wrong, biased, or out of date. We mitigate this by grounding responses in verified Sweden-specific sources where possible, displaying source links when we have them, and clearly marking AI-generated content. Even so:

• Treat AI output as a draft, not legal, immigration, or tax advice.
• Always have a human review AI-generated communications before they are sent to a hire.
• Report incorrect or harmful output to [email protected].

Our AI features are designed with the EU AI Act’s risk classification in mind. Settio does not deploy prohibited AI practices and does not use AI as a stand-alone decision system in high-risk areas such as employment outcomes. For features that could touch employment workflows, we apply additional safeguards:

• clear documentation of AI capabilities and limitations;
• human-in-the-loop by design, with audit trails;
• transparency notices so users know when they interact with AI;
• ongoing risk assessment and a process for handling user reports.

• Workspace toggle: admins can turn AI features on or off for their workspace.
• Per-feature opt-out: granular control over specific AI features (e.g. AI drafts, AI search).
• Audit log: every AI-assisted action is recorded with the human user who triggered it.
• Data residency: customers can request EU-hosted inference for all AI features (default where available).