Skip to content
English
Raise a Support Ticket Customer portal
  • There are no suggestions because the search field is empty.

AI USAGE POLICY

Describes How We Use AI And The Controls You Have

1. Purpose

This policy outlines the principles and controls for the responsible use of Artificial Intelligence (AI) tools within the Expansive FM platform. It is designed to reassure our clients (many of whom are subject to ISO 27001, UK SOC, and GDPR standards) that AI usage supports productivity and efficiency while maintaining robust data protection and governance.

2. Scope

This policy applies to all AI functionalities integrated into our platform. It includes but is not limited to features that:

  • Automate repetitive or manual workflows

  • Assist users by flagging anomalies

  • Provide intelligent suggestions or content generation

  • Natural language reporting and analytics

AI tools are deployed in a supportive capacity and are never intended to replace human judgment or accountability.

3. AI Usage Principles

3.1. Productivity and Process Enhancement

Our AI features are purpose-built to:

  • Streamline facility management workflows

  • Eliminate redundant manual tasks

  • Highlight anomalies in data or processes that may require human review

These tools are intended to enhance (not replace) human expertise.

3.2. Human Oversight and Verification

  • All outputs generated by AI must be reviewed and verified by a competent person before action is taken.

  • Users should not act on AI-generated suggestions or outputs if they feel unsafe, uncertain or lack the contextual knowledge to make an informed decision.

3.3. Optionality and Control

  • AI functionality can be disabled at the organisation level or turned off on a per-tool basis.

  • Clients maintain full control over AI services and can opt out of AI-powered features at any time without disruption to core platform functionality.

4. Data Protection and Privacy

4.1. No Data Retention or Training

  • Our current AI tools use models provided by OpenAI and other vetted providers.

  • No client data is stored, retained, or used to train any AI models.

  • All data sent to AI services is transient, processed in real-time, and discarded after the response is generated.

  • Expansive maintain secure logs of the requests in line with our current infrastructure monitoring and improvement processes.

4.2. UK GDPR and ISO27001 Compliance

  • The use of AI services complies with UK GDPR and aligns with ISO 27001:2022 and UK SOC requirements.

  • Data minimisation principles are observed: only the necessary information is used for generating AI outputs, and no personally identifiable information (PII) is required for our AI-assisted features.

  • As with all AI, users advised not to share secret information with the services (encryption keys, passwords etc)

4.3. Future AI Providers

  • We may incorporate additional AI providers in the future. All third-party services will undergo rigorous due diligence to ensure compliance with our security, privacy, and compliance standards.

  • Any new providers will be documented here: https://support.expansivefm.com/knowledge/our-partners

  • Clients will be informed of new providers in our release notices.

5. User Responsibilities

All users of the AI features are expected to:

  • Understand that AI outputs are suggestions, not instructions.

  • Apply critical thinking and professional judgment when interpreting AI-generated content.

  • Report any concerns or anomalies found in AI outputs to their designated system administrator or support contact.

6. Review and Updates

This policy is subject to regular review to ensure alignment with:

  • Evolving compliance obligations (e.g. updates to ISO standards or UK data laws)

  • Advances in AI technology and its capabilities

  • Client feedback and usage patterns

We remain committed to transparency and responsible AI deployment, ensuring our clients maintain trust in the systems they rely on.