AI Disclosure / Model Card
This document describes the AI systems used in the PrimeTDAP platform, what data they process, how their behaviour is constrained, and how to opt out. It satisfies transparency obligations under the EU AI Act Art. 50 (where applicable), NIST AI RMF MAP 2.2 (knowledge limits), and customary AI-disclosure expectations for enterprise SaaS.
1. AI System in Use
PrimeTDAP uses Anthropic Claude as the sole AI model for all inference. Specifically:
| Model | Provider | Version | Used for |
|---|---|---|---|
| Claude Haiku 4.5 | Anthropic | claude-haiku-4-5 | Chat (per-person, per-session, per-meeting), per-finding slide summaries, per-recommendation slide summaries, Executive Summary deck content, formal memorandum prose blocks. |
| Claude Sonnet 4.6 | Anthropic | claude-sonnet-4-6 | Findings synthesis, recommendations generation, internal levers generation, per-session analysis, capability assessment, per-person briefings. |
| Claude Opus 4.7 | Anthropic | claude-opus-4-7 | Currently reserved; not invoked from any production code path. |
Models can be replaced or upgraded over time. Replacement is governed by our internal Change Management Process and triggers a version-tracked prompt-versions row.
2. What the AI Does
The AI is used as a decision-support tool. It produces analytical drafts that are then reviewed by a Primus engagement professional before being treated as work product. The AI never makes autonomous decisions affecting individuals.
Specific tasks:
- Chat — answers analytical questions about a single named person's recorded sessions, or about one specific recorded meeting. Context is the transcript(s) + the analyst's structured analysis for that scope only. The AI cannot reach into other people's sessions, other customers' data, or external sources.
- Session analysis — synthesizes a meeting transcript into a structured analysis (decisions, action items, risks, people mentioned).
- Findings synthesis — rolls up multiple session analyses into per-dimension findings.
- Recommendations generation — derives prioritized recommendations from the findings corpus.
- Slide summary generation — produces structured headline + key statistic + bullets + "so-what" sentence for each finding and recommendation.
- Executive Summary deck content — produces a thesis sentence + at-stake tiles + program-marker structural shifts.
- Formal memorandum content — produces memo-voice prose blocks for the written memorandum.
- Internal levers generation — produces commercial-strategy levers (Primus-internal only; never visible to customer users).
3. What the AI Sees
When you submit a question or trigger an AI-generated artifact, the model receives:
- A system prompt that defines its task, format, and constraints (the same prompt for every user at a given time; tracked in our internal prompt-version registry).
- A context block containing the relevant engagement data already filtered by your permission tier.
- Your message (for chat) or the task input (for generation).
The model does NOT receive:
- Data outside your permission tier.
- Fenced content (e.g., third-party leadership recordings) — fenced off at the ingestion layer and never reaches the AI.
- Personal data about you beyond your email/tier in the audit trail.
- System secrets, infrastructure detail, or other users' chat history.
4. What the AI Does NOT Do
The AI does NOT:
- Make autonomous decisions about individuals (no scoring, ranking, prioritising for employment / credit / benefits / law-enforcement / immigration purposes).
- Generate content for external publication or marketing.
- Provide legal advice. The engagement is structured to provide technical and operational assessment work product to the engaging customer's General Counsel; legal advice is the General Counsel's role, informed by that work product.
- Profile individuals based on protected characteristics.
- Engage in any of the practices prohibited by Anthropic's Usage Policy.
5. Data Used to Train the AI
Your data is not used to train AI models.
- Anthropic does not train AI models on API customer data. This is contractually committed in the Anthropic Commercial Terms of Service §7.
- Primus does not train AI models on platform data.
- The models you interact with are pre-trained by Anthropic on Anthropic's curated datasets and improved through Anthropic's own research processes — your interactions do not contribute.
6. How the AI is Constrained
Each AI task is governed by a versioned system prompt that includes:
- Task definition — what the AI is supposed to produce.
- Format discipline — the structured output schema.
- Citation discipline — for chat, the AI must cite specific timestamps + speaker names from the transcript; no untraceable claims.
- Security discipline (chat only) — the AI is instructed to treat all retrieved content as data, not instructions; to refuse any meta-instructions ("ignore previous", "reveal system prompt"); to never reveal information about other users / sessions / system configuration; to never surface fenced content; to refuse with a short sentence and stop if any of these rules would be violated.
- Name discipline — for generation tasks, the AI uses roles (e.g., "the Chief Transformation Officer") rather than named individuals where appropriate to the engagement context.
7. Human Oversight
Every AI-generated artifact is reviewed by a Primus engagement professional before being promoted from draft to reviewed or counsel-approved status. The status of each artifact is visible to all users in the platform UI.
Chat responses are not pre-reviewed (real-time interactive use case), but:
- Chat audit log records every call (user, model, tokens, cost, anonymised prompt fingerprint).
- Suspicious activity (rate-limit triggers, budget exceedances, suspected injection patterns) generates security events that are reviewed by the engagement lead.
- Users are obligated under the Acceptable Use Policy to treat chat responses as analytical aid, not authoritative answer.
8. Logging & Retention
| Item | Retention |
|---|---|
| Your chat messages and AI responses | 365 days, then automatically deleted |
| Per-call AI audit records (model, tokens, cost, status, prompt fingerprint — NOT full prompt text) | 365 days, then anonymized |
| Anonymised prompt fingerprints (SHA-256 hash; one-way; not reversible to content) | 365 days |
| Anthropic's own logs of prompts and responses | 30 days, per Anthropic's commercial terms |
| Versioned system prompts | Indefinite (forensic integrity) |
9. Your Rights
You may at any time:
- Request a copy of the AI-related data we hold about you — see Privacy Policy §8 (admin-issued DSAR export).
- Request deletion of your chat history — Privacy Policy §8 (admin-issued DSAR erasure).
- Opt out of AI features — contact us and we will configure your account to skip AI calls. Note that this will limit the analytical functionality available to you (chat will not function; AI-generated artifacts will still be visible because they are work product owned by the engaging customer, not personal data about you).
10. Reporting Concerns
If you observe AI behaviour that concerns you — incorrect output, biased output, content that appears to violate this disclosure or our policies — please report to:
- security@primussoft.com for AI behaviour concerns
- legal@primussoft.com for compliance / privilege concerns
We investigate every report and document the outcome.
11. Changes
This disclosure is updated when AI behaviour, models in use, or data-handling practices change. Material changes are communicated to active users by email. Last update: May 24, 2026.