AI-First Engineering Partner
Legal Document

Responsible AI Use

How esinergia applies artificial intelligence in its internal operation and in the projects it delivers to clients, what stays under human judgment, and what is delegated to the model.

1. Introduction and scope

This policy describes how esinergia applies artificial intelligence in its internal operation and in the projects it delivers to clients. It defines the principles of use, the ethical commitments, the decisions that stay under human judgment, and the reporting channels regarding AI use in any interaction with esinergia.

It applies to the esinergia team in its daily operation, to the AI models that esinergia operates internally or integrates into client solutions, and to any data that esinergia processes through AI-assisted tools.

It does not replace specific contractual agreements signed with each client. When a client contract sets stricter rules on AI use in its project, the contract prevails.

 

2. Principles of AI use at esinergia

Five operational principles guide AI use at esinergia:

  • AI augments, does not replace. AI accelerates engineering work; it does not substitute enterprise judgment. Every technical decision that directly affects client delivery goes through human review.
  • AI applied with purpose, not as fashion. We apply AI when it reduces cost, accelerates delivery, or improves the quality of the outcome in a measurable way. We do not apply AI just to announce it.
  • Transparency with the client. When a deliverable is produced with significant AI assistance, we declare it to the client in the project scope.
  • Client data under reinforced controls. Client data is not used to train third-party models. It is processed under NDA, encryption, and restricted access.
  • AI validated before applying it. AI microsolutions are validated internally in our own operation before applying them to a client.

 

3. AI in our internal operation

esinergia maintains its own internal AI architecture that supports the team in its daily work, with differentiated controls depending on the type of processing.

This internal architecture is aligned with three operational principles:

  • Access to organizational knowledge governed by role and project context.
  • Tools and models validated internally before deployment to teams.
  • Isolation between esinergia's internal processing and client data, under reinforced controls.

The specific details of the internal architecture are confidential for operational security reasons and are documented in the internal procedures of the ISMS.

This internal architecture is our operating system: it lets us work faster with the same judgment. AI accelerates production; enterprise judgment validates the result.

 

4. AI in client projects

We apply AI in client projects under three modalities:

  • AI-Augmented Engineering. Code and architecture assistants accelerate enterprise software production without replacing human review by the solutions architect or the technical PM of the project.
  • AI solutions integrated into the client's platform. RAG, agents, and semantic search embedded in Drupal, Acquia, or Dropsolid according to project architecture.
  • AI microsolutions validated internally. AI flows built first for our own operational use and applied to clients after validating real value.

When a delivery includes significant AI components, the project scope explicitly declares the role of AI, which decisions are automated, and which decisions require human review.

 

5. Client data and model training

esinergia does not use identifiable client data to train third-party AI models.

Client data is processed under:

  • Confidentiality agreements (NDA) signed before processing begins.
  • Encryption in transit (TLS 1.2 or higher) and at rest for sensitive data.
  • Access controls with the principle of least privilege, restricted to the team assigned to the client's project.
  • Isolation between clients: data from one client does not inform models or assistants that operate for another client.

When the client requires additional controls (dedicated environments, on-premise models, specific restrictions on use of public models), those controls are agreed in the project contract and documented in the associated security plan.

The specific list of LLM model providers authorized internally is provided to the client under NDA when required for contractual evaluation purposes.

 

6. Internal AI governance

AI use at esinergia is governed at three levels:

  • Operational level: the esinergia applied AI team defines which models, tools, and flows are authorized for internal and client use. It maintains the active list of authorized providers.
  • Project level: the solutions architect and the technical PM of the project validate that AI use complies with the client contract and with the principles of this policy.
  • Executive level: the CEO holds final approval on structural changes to the AI use policy and on AI incidents with material impact on a client.

This governance is documented internally and audited periodically as part of the ISMS.

 

7. Transparency with the client

When a client project includes significant AI components, esinergia communicates to the client:

  • Which tools or models are used.
  • Which decisions are automated and which decisions stay under human review.
  • Which client data is processed via AI and under what controls.
  • How performance is measured and how results are reported.
  • Which known risks exist and how they are mitigated.

The client receives this information before the project starts or upon any substantial change during execution.

 

8. Limitations and acknowledged risks

AI use in enterprise production has limitations that we acknowledge openly:

  • Generative AI models can produce incorrect or biased information. That is why every AI output applied to a client passes through human review before delivery.
  • AI models evolve rapidly. Our judgment on what is responsible use is updated when new evidence emerges.
  • Automation of technical decisions reduces cost but can hide errors that human review would have caught. We compensate with disciplined review at key moments of the project.

This policy does not promise that AI use at esinergia is error-free. It promises that human judgment stays as the spine of delivery.

 

9. Client rights regarding AI use in the project

The esinergia client has the following rights regarding AI use in the project:

  • To know which AI tools are applied to the delivery.
  • To request specific restrictions on use of public models in the project, subject to contractual agreement.
  • To request periodic reports on performance and outcomes of delivered AI components.
  • To review and approve AI components before deployment to production.
  • To escalate AI incidents with operational impact to the esinergia applied AI team for diagnosis and response.

 

10. Reporting and escalation mechanisms

To report questions, concerns, or incidents related to AI use at esinergia, write to ia@esinergia.co.

Response times:

  • General inquiries: up to five business days.
  • Incidents with operational impact on the client: initial response in under twenty-four hours plus response plan in five business days.
  • Reports of improper use or material bias detected: formal investigation with response in ten business days.

 

11. Changes to this policy

This policy is updated when our internal AI architecture changes, when industry standards we formally adopt emerge, or when an incident or material learning justifies revising the document.

When a change is substantial, we publish the new version with its effective date on this same page.

 

12. AI use contact

For matters related to artificial intelligence use at esinergia, contact:

  • Email: ia@esinergia.co
  • Suggested subject: "AI Use, [type of inquiry]"
  • Responsible team: esinergia applied AI team.