AI Processing Addendum

1. What counts as an AI feature

AI features in Pulse are the ones that call a large-language-model (LLM) provider to generate suggestions on your behalf. Today that includes, but is not limited to: draft check-ins, review briefs, performance-review prefill, the Ask-Pulse assistant, candidate resume scoring and screening assistance, meeting prep briefs, home and team insights, feedback synthesis, and leave-decision recommendations.

2. What data is sent to the model

For each AI feature we send the minimum context needed to produce a useful output. Before anything leaves our systems we apply a redaction layer that replaces obvious identifiers with tokens: email addresses, phone numbers, API keys, JWTs, credit-card numbers, SSNs, Aadhaar numbers, PAN numbers, and IP addresses. Free-text fields can still contain names and job context because the AI needs that to be useful; we do not send bank account details, government IDs, or compensation figures.

User-supplied prompts are wrapped in a tagged section so the model treats them as data rather than instructions, and we run a prompt-injection detector that logs suspicious patterns to our audit log.

3. Who we share it with

Today our LLM provider is OpenAI, L.L.C. (United States). OpenAI processes inputs solely to return an output; under its API terms it does not train its general-purpose models on API inputs. We may move to other providers with equivalent or stronger protections; any change is reflected in the sub-processor list in the Privacy Notice.

4. Human in the loop

Every AI suggestion that could affect employment — review ratings, interview recommendations, performance summaries — is presented as a draft for a human to review and edit. Pulse does not execute employment decisions on the basis of AI output alone. Actions that write to the system (submit leave, mark an OKR at risk, send a nudge) always require a second, explicit confirmation from you before they run.

5. Audit log

We record every AI invocation in our internal audit log with the agent type, the permission level, the actor, a redacted summary of the input, a redacted summary of the output, and the time taken. That log is retained for thirteen months. Administrators can query their organization’s portion of the log on request.

6. Opting out

AI processing under this addendum is based on your consent. You can withdraw that consent at any time from Profile → Preferences. After you opt out, AI features are disabled for your account; other features of Pulse continue to work normally. Withdrawal does not affect the lawfulness of processing done before withdrawal.

7. Known limitations

AI output is probabilistic. It can be wrong, outdated, biased, or fabricated. Do not rely on it for legal, medical, or safety-critical judgments. Independent verification is your responsibility.

8. Contact

Questions or complaints about AI processing: dpo@nurix.ai.