AI Disclosure Addendum

Last Updated: December 2, 2025

1. Purpose

This AI Disclosure Addendum ("Addendum") explains how Rapid Risk Review ("RRR," "we," "our," "us") uses artificial intelligence and machine learning technologies in connection with the Service. This Addendum is incorporated by reference into our Terms of Service and should be read in conjunction with our Privacy Policy.

2. AI Processing Overview

RRR employs advanced automated algorithms and integrates with third-party AI models (including but not limited to OpenAI's GPT models and Google's Gemini models) to analyze publicly available vendor information. This information is either supplied directly by you or discovered through authorized open sources such as company websites, public registries, and regulatory databases.

Our AI processing includes:

• Natural language processing to extract and summarize vendor information
• Pattern recognition to identify potential risk indicators
• Probabilistic analysis to generate risk scores and assessments
• Automated categorization of vendors by industry, size, and risk profile

AI outputs consist of probabilistic evaluations, summaries, recommendations, and risk scores generated from the analyzed data. These outputs are designed to assist, not replace, human decision-making.

3. Data Privacy and AI Training

RRR does not use customer personal data or proprietary business information to train external AI models. We maintain strict data separation protocols to ensure your sensitive information remains confidential.

We retain AI-generated outputs only as necessary to:

• Deliver the Service and maintain assessment history
• Debug technical issues and improve system reliability
• Enhance model accuracy and performance metrics
• Comply with legal, regulatory, or contractual obligations

Data is retained in accordance with our Privacy Policy and applicable data protection laws.

4. Nature of AI Outputs

Important: AI outputs are informational in nature and are based on probabilistic models that analyze available data. They may contain inaccuracies, omissions, outdated information, or incomplete analyses due to:

• Limitations in publicly available data sources
• Inherent uncertainty in machine learning predictions
• Rapid changes in vendor circumstances not yet reflected in public records
• Model biases or training data limitations

AI outputs are NOT:

• A substitute for professional due diligence, legal advice, or compliance consulting
• Guaranteed to be accurate, complete, or current
• Suitable as the sole basis for critical business decisions
• Financial, investment, or legal recommendations

You remain solely responsible for all decisions made based on or informed by AI outputs. We strongly recommend validating AI-generated assessments through independent verification and professional consultation where appropriate.

5. Human Oversight and Quality Assurance

RRR maintains active human oversight of our AI systems through:

• Periodic review of AI performance metrics and accuracy benchmarks
• Statistical sampling of outputs to validate quality and identify anomalies
• Bias detection and mitigation protocols to ensure fair assessments
• Continuous monitoring of model drift and recalibration as needed
• User feedback integration to improve system reliability

No fully automated decisions producing legal effects or similarly significant consequences are made about individuals without human review and intervention capability.

6. Third-Party AI Providers and Subprocessors

RRR currently relies on the following trusted subprocessors for AI functions and related infrastructure:

• OpenAI (OpCo, LLC): Natural language processing, risk summarization, and content analysis
• Google (Alphabet Inc.): AI model processing via Gemini API for advanced reasoning and analysis
• Supabase Inc.: Secure hosting and storage of structured assessment data and metadata
• Lovable.dev (GPT Engineer, Inc.): Development platform and AI infrastructure services
• Resend.com (Resend, Inc.): Transactional email delivery and notification services
• Firecrawl (Mendable AI, Inc.): Web scraping and data extraction from public vendor websites
• PDFShift: PDF report generation for downloadable risk assessments
• Trigger.dev (Trigger.dev, Inc.): Background job orchestration for asynchronous AI analysis tasks

Each provider processes data under written agreements that require:

• Confidentiality and data protection obligations
• Industry-standard security measures (encryption, access controls, monitoring)
• Compliance with applicable privacy laws (GDPR, CCPA, etc.)
• Restrictions on unauthorized data use or disclosure
• Incident notification and breach response procedures

7. Transparency and Explainability

We strive to provide transparency about how our AI systems reach their conclusions:

• Risk assessments include source references where available
• Scoring methodologies are documented and accessible to users
• Users can review the data inputs that informed each assessment
• We provide context about confidence levels and data quality indicators

However, due to the complexity of neural networks and proprietary third-party models, we cannot always provide complete explanations for every output or prediction.

8. User Rights and Control

You maintain control over your use of AI-generated content:

• You may request deletion of your assessment data at any time
• You can export your data for independent review or archival
• You may challenge or dispute any AI-generated output
• You retain ownership of any data you provide to the Service

For questions about specific AI outputs or to exercise these rights, please contact us using the information below.

9. Limitation of Liability for AI Outputs

AI outputs are provided "AS IS" without warranties of any kind, either express or implied. RRR disclaims all warranties regarding the accuracy, completeness, timeliness, reliability, or fitness for a particular purpose of any AI-generated material.

To the maximum extent permitted by applicable law, RRR's total liability for any claims arising from or related to AI outputs is limited in accordance with the Limitation of Liability provisions in our Terms of Service (currently $100 or amounts paid by you in the 12 months preceding the claim, whichever is greater).

This limitation applies to all claims, whether based in contract, tort, negligence, strict liability, or otherwise, even if we have been advised of the possibility of such damages.

10. Changes to AI Systems and This Addendum

We may update our AI systems, models, or providers from time to time to improve performance, accuracy, or reliability. Material changes to this Addendum will be posted on our website with an updated "Last Updated" date.

Your continued use of the Service after such changes constitutes acceptance of the updated Addendum.

11. Contact Information

Questions, concerns, or requests regarding our use of AI technologies may be directed to:

AI Compliance Team
Rapid Risk Review
Email: ai-compliance@rrr.dev

For general privacy inquiries, please contact: privacy@rrr.dev

We will respond to all inquiries within a reasonable timeframe, typically within 30 days.

This AI Disclosure Addendum is incorporated by reference into our Terms of Service and should be read in conjunction with our Privacy Policy.