Trust Center
AI handling
Last reviewed: 2026-05-25
Compliance Care uses Anthropic's Claude models for a small number of narrowly-scoped tasks. This page describes what AI is used for, what data is sent, how the model and version are pinned, how a human stays in the loop, and how every call is logged for audit.
Where AI is used
| Capability | Model | What it does |
|---|---|---|
| Document triage | Claude Haiku 3.5 | First-pass classification of an uploaded document (e.g., "this looks like an incident report dated 2026-04-12"). Cheap, fast, used for routing only. |
| Evidence mapping | Claude Sonnet | Given a document and a Practice Standard clause, drafts a candidate mapping with a confidence score. Output is always a draft for human review. |
| Policy drafting assistant | Claude Sonnet | Given a clause and the provider's existing policy register, drafts candidate clause text. Output is always a draft for human review. |
| Hard cases (rare) | Claude Opus | Selectively used where Sonnet output is rejected or low-confidence. Off by default; turned on per-tenant only when justified. |
What is sent and what is not
For each call we send only what the task requires:
- Document triage — the document text or extracted OCR text, and a short instruction.
- Evidence mapping — the document text plus the specific clause text and a small structured schema for the response.
- Policy drafting — the clause text plus the customer's nominated existing policy fragments, and a short instruction.
We do not send:
- The participant identifier register.
- The customer's full client list or staff roster.
- Audit-event history.
- Billing records or other tenant metadata.
Where the task does not need a name, identifier, or other PII, it is removed or replaced before the call.
Prompt caching
The NDIS Practice Standards corpus is large and changes rarely. We use Anthropic's prompt-cache feature to cache that corpus, so each evidence-mapping call sends only the differing document — not the standards. This is both a cost discipline (the cached portion is billed at a lower rate) and a privacy discipline (the document is the smallest portion of the request).
Batch API
Large overnight evidence-mapping runs use Anthropic's Batch API. Batch jobs are scheduled by the customer ("Run mapping") and are visible in the customer's run history. There is no background batch processing of customer data without an explicit run instruction.
Credit metering
Every AI feature is gated behind a per-tenant credit meter. The customer sees the credit cost of a run before they confirm it. Runs that would exceed the budget require explicit confirmation. There is no path by which AI usage silently accumulates against the customer's account.
Version pinning
- Every model is invoked with an explicit version string (for example,
claude-sonnet-4-6rather than a moving alias). - Model upgrades require a documented change. The new version is evaluated against a held-out set of mapping outcomes before it is rolled to production.
- The model and version are recorded on every call in the audit log so an output can always be traced back to the exact model that produced it.
Human in the loop
- Every AI output that becomes a customer-facing artefact (a mapping, a drafted clause, a triage label) requires explicit human affirmation before it is treated as the customer's content.
- Until affirmed, AI output is marked in the UI as a draft and is excluded from compliance-claim surfaces.
- Affirmations are recorded in the audit log alongside the original AI output.
Audit log
For every AI call, the following are written to the append-only audit_events table (mirrored nightly to S3 Sydney with Object Lock, 7-year retention):
- Timestamp.
- Tenant and user.
- Capability (triage, mapping, drafting).
- Model and exact version.
- Prompt-cache hit indicator.
- Input token count.
- Output token count.
- Cost in credits and AUD.
- Reference to the customer object the call was about.
- Affirmation record (who affirmed, when) once one exists.
Customers can export this log at any time from "Audit Export."
Anthropic data handling
- Anthropic's policy is that API inputs and outputs are not used to train its models.
- Our account is configured with the published retention setting that matches our DPA. The current configuration is documented internally and surfaced here on change.
- A signed Data Processing Agreement with Anthropic is on file as a condition of production use.
What AI is not used for
- Triage or recommendation of Quality Auditors. We do not refer specific auditors. The customer selects from the JAS-ANZ list. See the Impartiality Statement.
- Autonomous changes to customer records. No AI output is written to a customer-visible record without an explicit human affirmation.
- Inference on data without a corresponding customer run instruction. AI features are explicit, not ambient.
Change log
| Date | Change |
|---|---|
| 2026-05-25 | Initial publication. |
