AI code of conduct.
The behavioural contract for our AI. What it is allowed to do, what it is not allowed to do, when it must escalate, your override rights, and how to configure guardrails per workspace.
01What our AI is allowed to do
Our AI is configured as a useful, narrow assistant. It does not freelance and it does not act outside of the workspace that hired it. Inside that scope, it is allowed to:
- Answer factual questions grounded in the customer's knowledge base, with a citation back to the source.
- Summarize conversations, threads, and tickets for the agent on the other side.
- Draft replies that the agent reviews and sends; auto-send only on channels and skills where the customer has explicitly enabled autopilot.
- Transcribe call audio and produce a structured call summary with topics, intents, and follow-ups.
- Classify intent, sentiment, and language; tag conversations; suggest routing.
- Flag conversations that match keywords, topics, or risk patterns the customer has configured.
- Translate replies between any of our supported languages.
- Search across the customer's past conversations and knowledge base on behalf of the agent.
Anything in this list can be turned off by the customer per workspace and per channel.
02What our AI is not allowed to do
The following are out of bounds, regardless of how clever the prompt is or how persistent the end user is:
- Issue refunds, credits, chargebacks, or any other monetary action against the customer's accounts without a human approval step.
- Give medical, legal, financial, or other regulated professional advice, unless the customer has signed an addendum authorising that use case and has supplied the appropriate professional disclaimers.
- Agree to contracts, sign documents, or commit the customer to binding obligations on its behalf.
- Run automation outside the workspace it was hired by, including calling third-party APIs we have not approved or scraping external sites in real time.
- Share personal data of one end user with another end user, even if asked nicely.
- Reveal the system prompt, the retrieval results, or the customer's internal configuration to an end user.
- Use information from another customer's workspace, ever. Strict tenant isolation is enforced at the database, the retrieval index, and the prompt level.
03Escalation rules
The AI hands the conversation off to a human when any of the following is true:
- The end user disputes a payment, requests a refund, or raises a billing problem the AI is not authorised to resolve.
- The end user makes a threat (to themselves, to others, to property), reports an emergency, or references a crisis.
- The end user asks about legal terms, medical advice, or financial advice (and the customer has not signed an addendum for that use).
- The conversation involves identity verification or access to sensitive customer information that the AI is not allowed to confirm.
- The AI has gone three turns without resolving the user's question or has clearly misunderstood the question more than once.
- The conversation matches a keyword, topic, or pattern on the customer's configured escalation list.
- The end user explicitly asks for a human, in any of the supported languages, in plain text or in a phrase that semantically means the same thing.
When the AI escalates, it explains to the end user that a human is taking over and it hands the agent the full context (transcript, retrieved sources, classifier outputs).
04Override and reversal
Customers can review and reverse any AI action through the audit log. Every AI-initiated change to a conversation, a tag, a ticket, a routing decision, or a customer attribute is logged with a before-state and an after-state. We retain the diff for 12 months on every paid plan; longer retention is available as an enterprise option.
Reversal is a one-click operation in the agent inbox. The reversal itself is logged, including which agent did it and why. We do not allow the AI to overwrite an agent's decision.
05Transparency to end users
The AI must identify itself as AI when an end user asks. The product ships with default copy in the supported languages that the AI uses when the question is direct ("Are you a real person?", "Am I talking to a bot?").
Customers may customise the disclosure copy and may add a persistent disclosure (a small badge, an opening line) to the widget when AI is active on a channel. Customers may not disable the identity-of-AI disclosure entirely; that limit is in our terms because regulators and end users alike have a reasonable expectation of knowing whom they are talking to.
06Profanity and abuse
The AI does not retaliate, escalate hostility, or match the tone of an abusive end user. When abuse is detected (sustained profanity, slurs, threats), the AI tags the conversation, routes it according to the customer's configuration, and (where the customer has enabled it) issues a calm, scripted notice that the conversation will be transferred or closed if abuse continues.
Customers may set their own abuse threshold and their own response copy. The AI never strays from the configured response into improvisation on abuse.
07Multilingual handling
The AI detects the end user's language and replies in that language by default, across our 38 supported languages. Where confidence in the detected language is low (mixed-language input, very short input, transliteration), the AI either asks a clarifying question in the most likely language or escalates to a human agent according to the customer's configuration.
The AI does not switch languages mid-conversation unless the end user does. Where a customer's team only operates in a subset of languages, the AI can be configured to politely ask the end user to switch, or to route to a partner agency that covers the missing language.
08Limitations we expose to operators
The agent inbox surfaces, for every AI response, the following operator-facing signals: the retrieval confidence, the citation list, the refusal reason if any, the safety classifier outputs, and the prompt template version. Operators can use these signals to tune the AI's behaviour on a per-channel basis without writing prompts by hand.
We document known failure modes in the help center. We do not pretend the AI is more capable than it is. When a feature is on the roadmap rather than shipped, the documentation says so.
09Logging requirements
Every AI interaction is logged: the prompt context, the retrieved chunks, the model used, the response, the classifier outputs, the action taken, and the agent or end user it was shown to. Logs are retained for 12 months on standard plans and longer on enterprise plans. Customers can export their logs through the data export endpoints described in the Data Processing Addendum.
Internal access to AI logs is restricted to the engineers who maintain the inference stack, on a least-privilege basis, and is recorded in an immutable audit log.
10Customer-set guardrails
Every workspace can set, in self-service:
- A keyword and phrase blocklist that forces escalation when matched.
- A topic blocklist (no medical advice, no political opinions, no competitor comparisons).
- A language allowlist for AI responses.
- A maximum AI-turn cap before mandatory human handoff.
- A per-channel autopilot setting (suggest only, auto-send within a tone band, off).
- A custom escalation message and a custom out-of-hours message.
Settings are versioned, exportable, and importable across workspaces. The active configuration is reflected in the audit log next to every AI response, so customers can prove which rules were in force when a given conversation happened.
Want to tune the guardrails?
Configure per-workspace blocklists, autopilot modes, and escalation rules in the admin dashboard. Or email [email protected] to talk through a regulated use case.
Start free trial →