Cyntech — Holistic Engineering Solutions
Legal

AI Policy

Effective 15 June 2026. Plain-language commitments about how Cyntech uses AI, aligned to the EU AI Act, the NIST AI Risk Management Framework, and ISO/IEC 42001.

1. Scope

This policy applies to AI features inside Cyntech products (the client portal, telemetry platform and admin tools) and to AI tools Cyntech employees use to support clients.

2. Where we use AI today

  • Search & summarisation over documents you have already uploaded to your workspace.
  • Anomaly detection on IIoT telemetry to flag asset issues earlier.
  • Drafting assistance for support replies, used by our team with human review before sending.

All AI features are clearly labelled at the point of interaction so you know when an output was produced or assisted by a model.

3. What we will never do

  • Use your data, prompts or outputs to train any third-party model — full stop.
  • Make consequential decisions about you fully automatically without a human in the loop.
  • Profile you, infer sensitive attributes (health, beliefs, biometrics) or score you against undisclosed criteria.
  • Deploy AI in any of the EU AI Act's prohibited practice categories (Art. 5).

4. Models and providers

We use foundation models accessed through the Lovable AI Gateway and equivalent enterprise endpoints with zero-retention agreements. Prompts and completions for our hosted features are routed through providers that contractually commit to not retain content for training.

5. Human oversight

Every AI feature has a documented owner, a defined intended use, an out-of-scope statement, and a feedback channel. Users can flag any output for review at ai-feedback@cyntech.co.za.

6. Records & logs

We log AI requests for security and quality assurance — what feature was used, when, and a redacted view of inputs and outputs. Logs are retained for 90 days unless required longer for a legal hold and are accessible to you on request via our data requests process.

7. EU AI Act readiness

We map our features against the EU AI Act risk tiers. None of our current features fall into the high-risk Annex III categories, but we track the timeline so that future features will meet the relevant transparency, documentation and post-market monitoring obligations before the August 2026 enforcement window.

8. Suppliers & due diligence

AI providers are vetted using our vendor due-diligence checklist (model retention, data location, SOC 2 / ISO 27001 status, IP indemnity, prohibited-use commitments). The list of providers acting as sub-processors is maintained in our sub-processors register.

9. Contact

Questions, suggestions or concerns about our AI use: privacy@cyntech.co.za.