AI & Automation Policy

1. Purpose and Scope

This AI & Automation Policy ("Policy") sets out the specific obligations, responsibilities, and restrictions that apply when you build, configure, and operate AI agents and automated workflows using Agentivity. It supplements our Terms of Use and Disclaimer.

This Policy applies to all users of the Platform — whether using the open-source self-hosted version or the hosted cloud service.

Agentivity supports two fundamental operating modes:

• Agentic mode — AI agent teams that collaborate autonomously, exercise judgment, and adapt to dynamic inputs and situations.
• Deterministic workflow mode — Structured, rule-based workflows in Workflow Studio that execute a defined sequence of steps with predictable, repeatable outputs.

Both modes carry responsibilities. This Policy applies to both.

2. Definitions

• Agent: An AI entity configured in Agent Studio with a defined role, instructions, tools, and personality, powered by an LLM.
• Team: A collection of agents organised with a topology in Team Studio to collaborate on a shared objective.
• Workflow: A deterministic sequence of steps defined in Workflow Studio that executes in a predictable, repeatable manner.
• Topology: The collaboration structure of an agent team (Group Chat, Manager-Led, Hierarchical, Sequential), defining authority, delegation, and interaction patterns.
• Tool: A capability granted to an agent that allows it to take actions in external systems (e.g. send email, query a database, post a message).
• Operator: A user who deploys and receives results from agents or workflows, with or without active involvement in their configuration.
• Architect: A user who designs, configures, and maintains agent teams and workflows.

3. Your Role as Agent Operator

When you build an AI agent or workflow on Agentivity and deploy it — whether for your own use, your organisation's use, or your clients' use — you become the operator of that agent. As operator, you bear full legal and ethical responsibility for:

• The instructions, roles, and objectives you assign to your agents.
• The tools and permissions you grant to your agents.
• The data you provide to your agents as context or input.
• All actions taken by your agents on connected external services.
• All outputs produced by your agents and how those outputs are used.
• Ensuring that your agents operate in compliance with applicable law.
• Informing any third parties who interact with your agents that they are interacting with an AI system.

Agentivity provides the infrastructure and tooling. You are responsible for what you build and deploy on it.

4. Human Oversight Obligation

You acknowledge that AI agents operating autonomously — particularly in agentic mode with broad tool access — can take consequential actions quickly and without human review. You agree to:

• Implement appropriate review or approval steps before your agents publish content, send external communications, execute financial transactions, or modify critical data.
• Monitor the outputs and actions of deployed agents on a regular basis.
• Establish clear escalation procedures for edge cases, errors, and unexpected agent behaviour.
• Restrict agents from taking irreversible or high-impact actions without explicit human confirmation, unless you have independently assessed and accepted the associated risks.
• Conduct regular audits of scheduled and triggered workflows to ensure they continue to function as intended.

Agentivity is not responsible for any harm arising from your failure to implement adequate human oversight.

5. Prohibited Agent Uses

You must not use Agentivity agents or workflows to:

• Conduct automated social engineering, phishing, or impersonation attacks.
• Generate, distribute, or amplify disinformation, propaganda, or misleading content at scale.
• Conduct non-consensual surveillance or monitoring of individuals.
• Automate stalking, harassment, or intimidation of any person.
• Perform automated scraping, data collection, or competitive intelligence gathering in violation of the target service's terms of service.
• Send bulk unsolicited communications (spam) of any kind — email, SMS, social media, or otherwise.
• Manipulate search engine rankings, review platforms, or social media metrics through automated activity.
• Create deepfakes, synthetic media, or impersonations of real individuals without explicit consent.
• Automate the creation or distribution of content that infringes intellectual property rights.
• Automate decisions affecting individuals in ways that violate anti-discrimination laws (e.g. automated hiring rejection, credit scoring, or benefits determination without appropriate human oversight and legal basis).
• Build agents that autonomously modify their own instructions, objectives, or permissions in ways that were not explicitly authorised by you.
• Use the Platform to circumvent safety measures or usage policies of any LLM provider.

6. Sensitive Domains

The following domains require heightened care, explicit human oversight, and — in most cases — qualified professional review before any AI-generated output is acted upon:

• Healthcare and medical: Agents that interact with patient data, generate health recommendations, or support clinical decisions. Compliance with applicable medical device regulations and data protection law (including GDPR special category data rules) is mandatory.
• Financial services: Agents that generate investment recommendations, process financial transactions, or interact with regulated financial data. MiFID II, MiCA, and similar frameworks may apply.
• Legal services: Agents that draft contracts, provide legal interpretations, or assist in regulatory compliance. Outputs must be reviewed by a qualified lawyer before being relied upon.
• Human resources: Agents used in candidate screening, performance evaluation, or termination decisions. Anti-discrimination law and GDPR requirements for automated decision-making (Article 22) must be respected.
• Education: Agents interacting with minors or generating educational content. Child protection and data protection obligations apply.
• Critical infrastructure: Any use that could affect the safety or availability of essential services.

If you operate agents in any of these domains, you are solely responsible for ensuring compliance with all applicable sector-specific regulations and for obtaining any necessary professional oversight.

7. Data Shared with AI Agents

When you provide data to your agents — as system prompts, user inputs, context documents, or integration data — you represent and warrant that:

• You have the legal right to use, share, and process that data.
• If the data includes personal data of third parties, you have a lawful basis under applicable data protection law for processing that data with AI systems.
• You have provided appropriate notice to individuals whose personal data may be processed by AI agents.
• You will not submit data that you are prohibited from sharing under confidentiality agreements, legal privilege, or regulatory restrictions (e.g. attorney-client privilege, medical confidentiality).

Agentivity strongly recommends minimising the personal data provided to AI agents to what is strictly necessary for the task at hand.

8. Data Processed by LLM Providers

When your agents call an LLM API, the content of your agent's context — including system prompts, conversation history, tool definitions, and user inputs — is transmitted to and processed exclusively by the LLM provider you have chosen. Agentivity has no visibility into this data and no ability to intervene in or control this processing.

You are solely responsible for:

• Selecting an LLM provider whose terms, data processing agreements, and privacy practices are compatible with your legal and compliance requirements.
• Ensuring that personal data processed by LLM providers is handled in accordance with applicable data protection law, including GDPR requirements for international data transfers (LLM providers are typically based outside the EU).
• Reviewing and configuring any data retention, training opt-out, or zero-data-retention settings offered by your LLM provider.
• Not submitting to LLM APIs any data that is classified, legally privileged, subject to specific confidentiality restrictions, or that your LLM provider's acceptable use policy prohibits.
• All costs generated by LLM API calls made through your agent configurations.

Agentivity's responsibility is strictly limited to providing the orchestration layer that routes requests to the LLM provider you have configured. We bear no responsibility whatsoever for what happens once that request leaves the Agentivity orchestration layer and reaches the LLM provider.

9. Scheduled and Triggered Workflows

Agentivity's Workflow Studio enables workflows that run automatically on a schedule (e.g. every Monday at 6am) or in response to external triggers (e.g. webhooks, file uploads, API calls). Such workflows may execute without any human interaction at runtime.

You acknowledge that:

• Scheduled workflows will continue to run until you explicitly disable or delete them.
• Changes in external data sources, connected APIs, or LLM behaviour may cause previously reliable workflows to produce unexpected results.
• You are responsible for monitoring scheduled workflows and reviewing their outputs on a regular basis.
• Agentivity is not liable for any consequence arising from a scheduled workflow that runs while you are unavailable, unaware, or not actively monitoring it.

We recommend building output review and notification steps into any workflow that takes consequential actions.

10. Transparency Towards End Users

If your agents interact directly with end users — for example, as a chatbot, assistant, or automated email respondent — you must comply with applicable laws regarding disclosure of AI-generated communication. In particular, under the EU AI Act and similar regulations, users have the right to know when they are interacting with an AI system.

You must not use Agentivity to build agents that deceive users into believing they are communicating with a human, unless the context makes it obvious that the interaction is automated.

11. Open-Source Self-Hosted Deployments

If you deploy the Agentivity open-source software on your own infrastructure, you are solely responsible for the security, privacy, and legal compliance of that deployment. Agentivity provides no security guarantees, support obligations, or compliance assistance for self-hosted deployments.

The Agentivity Sustainable Use Licence governs the rights and restrictions applicable to self-hosted use. Commercial use beyond the scope of that licence requires a separate written agreement.

12. Reporting Misuse

If you become aware of any use of Agentivity that violates this Policy, our Terms of Use, or applicable law, please report it to us at hello@agentivity.io. We investigate all credible reports and reserve the right to take appropriate action, including account suspension, data deletion, and referral to competent authorities.

13. Policy Enforcement

Agentivity reserves the right to:

• Suspend or terminate access to the Platform for any user found to be in violation of this Policy.
• Remove or disable agent configurations that violate this Policy.
• Cooperate with law enforcement authorities in connection with any investigation of illegal activity facilitated through the Platform.

14. Updates to This Policy

As AI capabilities, regulations, and best practices evolve rapidly, this Policy will be updated accordingly. We will notify users of material changes via the website and, where appropriate, by email. Continued use of the Platform after changes are published constitutes acceptance of the updated Policy.

We recommend reviewing this Policy periodically, particularly as new features are released or as AI regulation in your jurisdiction evolves.

15. Contact

For questions, concerns, or reports relating to this Policy:

Agentivity
Email: hello@agentivity.io