SiteTrust AI Policy

Effective Date: April 1, 2026 | Version: 2.0

Last Updated: April 2026 | Supersedes: Version 1.0 (December 2025)

1. Our Commitment to Responsible AI

At SiteTrust, we recognize that building trust in AI begins with our own practices. As the creator of the SiteTrust AI Transparency Standard, we hold ourselves to the same standard of compliance and lead by example in transparent, responsible AI deployment.

This policy establishes our commitment to honest, accountable AI practices and describes our governance framework for all AI systems we use. It explains how we protect consumer interests, maintain human oversight, and ensure transparency in our operations. We proactively disclose our AI usage because transparency builds trust and responsible governance reduces risk for everyone.

Our AI Governance Principles:

  • Transparency First: We disclose all AI usage clearly and honestly, to the best of our abilities.

  • Human-Centered: AI assists our team; humans make final decisions that materially affect people.

  • Accountability: We take responsibility for AI outputs and their impacts as used by us.

  • Continuous Improvement: We regularly review and enhance our AI practices and update this policy to reflect changes.

  • Consumer Protection: We prioritize the interests and rights of our users, certified companies, and CTAs.

2. Scope of AI Usage

2.1 Where We Use AI

SiteTrust employs artificial intelligence technology in the following categories of our business:

Customer Support and Communications

  • AI-powered chatbots for frequently asked questions and certification inquiries

  • Automated routing and triage of customer and CTA inquiries

  • Support documentation and knowledge base assistance

  • Automated email responses and follow-up communications

Marketing and Content Creation

  • Drafting and editing marketing materials

  • Creating multimedia content including text, images, and video

  • Social media content development and scheduling

  • Email marketing communications and campaign optimization

  • Educational materials, training content, and CTA program resources

  • Search engine optimization and analytics

Internal Operations

  • Research, competitive analysis, and regulatory monitoring

  • Document drafting, editing, and review

  • Administrative task automation

  • Data analysis, reporting, and business intelligence

  • Project management and workflow optimization

  • Meeting transcription and summarization

Platform Development

  • Creating Trust Center templates, model language, and implementation guides

  • Developing tools and resources for certified companies and CTAs

  • Testing and quality assurance for certification platform features

  • AI-assisted regulatory intelligence for template updates

Information Technology and Development

  • Code generation, review, and testing

  • Quality assurance and automated testing

  • System monitoring and cybersecurity

  • Infrastructure management and optimization

Legal and Compliance

  • Legal research assistance and regulatory monitoring

  • Document review and analysis

  • Compliance tracking and policy development

For detailed, system-by-system disclosure of specific AI tools we use, please see our AI Disclosure Document at sitetrust.com/ai-disclosures.

2.2 Where We Do NOT Use AI

To ensure fairness, accountability, and appropriate human judgment, we do NOT use AI systems for final decisions in the following areas:

  • Certification Decisions: Final approval or denial of certification applications

  • Appeals and Disputes: Review of appeals, grievances, or formal dispute resolution

  • Pricing Decisions: Determining fees, pricing, or financial terms for individual organizations

  • Legal Guidance: Providing legal interpretation or compliance advice (AI may assist research, but qualified professionals provide all guidance)

  • Contract Negotiations: Making binding decisions in contractual matters or negotiations

  • Financial Transactions: Processing payments or handling financial transactions (financial transactions are handled through PCI-compliant third-party processors)

  • Employment Decisions: Hiring, firing, promotion, or performance evaluation decisions (AI may assist with pre-screening where disclosed)

These decisions require human judgment, expertise, and accountability that AI cannot replace.

3. AI Systems That Adapt or Evolve

AI technologies continue to develop rapidly. The AI systems we use may adapt, learn, or improve over time based on new data, usage patterns, or updates from their providers. This is a normal characteristic of modern AI and is part of how these systems become more useful and accurate.

  • AI systems we use may produce different or improved results over time as underlying models are updated by their providers.

  • The behavior of AI-powered features may change as providers release new versions or as we adjust our implementation.

  • We do not train AI models on your personal data unless separately disclosed in our Privacy Policy and with your consent.

  • We will update this policy if there are material changes to the categories of AI we use or how our AI governance operates.

  • We periodically review the AI systems we use to ensure they continue to operate consistent with this policy and our governance standards.

Specific information about which of our AI systems have adaptive characteristics is maintained in our AI Disclosure Document.

4. Governance and Oversight

4.1 Human Oversight Framework

All AI usage at SiteTrust operates under our human oversight governance model. We have an internal motto that says we deploy AI with the "SiteTrust Way." It's our way of always ensuring human oversight on deployment. We categorize AI involvement into four levels:

Level 1 — AI as Productivity Tool

Humans use AI to increase efficiency while maintaining complete control.

  • Examples: Grammar checking, search assistance, formatting, spell-check

  • Oversight: Individual user judgment

Level 2 — AI as Assistant

AI provides drafts, recommendations, or suggestions that humans review, edit, and approve.

  • Examples: Content drafting, customer support responses, research summaries, regulatory analysis

  • Oversight: Mandatory human review before any output is used or published

Level 3 — AI with Monitoring

AI performs routine tasks with human spot-checks and override capability.

  • Examples: Automated workflows, system monitoring, platform features

  • Oversight: Regular audits and immediate human intervention capability

Level 4 — Human Only (No AI)

Critical decisions made entirely by qualified humans without AI assistance.

  • Examples: Certification decisions, legal advice, appeals, disputes, employment decisions

  • Oversight: N/A — humans only

4.2 Responsible Parties and Accountability

AI governance at SiteTrust is distributed across our leadership team:

  • Chief Executive Officer: Overall AI strategy, policy, and accountability

  • Chief Technology Officer: Technical implementation, security, and system performance

  • Head of Customer Experience: Customer-facing AI systems and support quality

  • Content Team Lead: AI-assisted content creation, editing, and labeling

  • Chief Compliance Officer: Policy compliance, monitoring, and reporting

  • Director of Certification: Ensuring certification processes remain human-driven

SiteTrust takes full responsibility for all AI outputs used in our operations, decisions made using AI recommendations, and any errors or issues that arise from AI usage. We do not disclaim responsibility for AI-related outcomes by attributing them solely to the AI system. We do not take responsibility for third-party attacks or unauthorized use outside of our control.

4.3 Employee Training and Standards

All SiteTrust team members who work with AI systems receive training on understanding AI capabilities and limitations, appropriate use cases, identifying and mitigating bias in AI outputs, data privacy and security requirements, disclosure and labeling obligations, and when to escalate concerns or defer to human-only processes. Training occurs at hire, annually, and whenever new AI systems are deployed or policies change.

5. Truthful AI Claims

We are committed to making only truthful and substantiated claims about our AI systems:

  • Any public claims about our AI systems' accuracy, performance, or capabilities are based on testing, evidence, or documented provider specifications.

  • We do not represent AI-generated content as exclusively human-created where such representation would be material or deceptive.

  • We disclose known limitations of our AI systems in the relevant context.

  • Marketing and promotional materials involving AI capabilities are reviewed for accuracy before publication.

This commitment aligns with FTC Act Section 5 expectations and reflects lessons from FTC Operation AI Comply enforcement actions.

6. Transparency and Disclosure Practices

6.1 Content Labeling Standards

We label AI-involved content based on the level of AI contribution:

AI-Generated Content: AI created the substantial majority of the content. Label: "This content was generated using artificial intelligence and reviewed by SiteTrust staff" or "Enhanced by AI."

AI-Assisted Content: AI provided meaningful assistance, but humans created and controlled the content. Label: "This content was created with AI assistance" or "Enhanced by AI."

AI as Productivity Tool: AI used like spell-check or search. Not labeled separately.

All customer-facing AI systems (such as chatbots) clearly identify themselves as AI at the point of interaction, when possible. We also make best efforts to have third-party tools use identifying labels.

6.2 Point-of-Use Disclosure

Where AI is used in customer-facing applications, users are informed they are interacting with AI, can request human assistance at any time, are informed of relevant AI limitations, and have access to non-AI alternatives where appropriate.

6.3 Comprehensive AI Disclosures

Our AI Disclosure Document at sitetrust.com/ai-disclosures provides specific AI systems and providers we use, detailed use cases for each AI application, data processing information, third-party provider relationships, oversight levels assigned to each system, adaptive characteristics, and technical specifications where relevant. The Disclosure Document is maintained as a living governance record and updated as our AI usage evolves.

7. Data Privacy and Protection

7.1 Our Data Principles

  • Data Minimization: We only share necessary information with AI systems and avoid processing sensitive personal data through AI when possible.

  • Purpose Limitation: Data processed by AI is used only for the specific purpose disclosed and not repurposed without notice.

  • Security: All data processed by AI systems is encrypted in transit and at rest, with appropriate access controls and monitoring.

  • Transparency: We disclose what categories of data are processed by AI systems in our AI Disclosure Document.

  • Retention Limits: We do not retain data in AI systems longer than necessary for the disclosed purpose.

7.2 Third-Party AI Provider Standards

We carefully vet all third-party AI service providers and require that providers may not use our data to train or improve their models without explicit consent, must maintain security measures equivalent to or exceeding our own, must comply with applicable data protection laws (GDPR, CCPA, etc.), and must sign data processing agreements prohibiting unauthorized data use, requiring breach notification, including audit rights, and specifying retention and deletion requirements.

7.3 Your Data Rights

You have rights regarding data processed by our AI systems, including the right to access, correction, deletion, portability, opt-out of AI processing where feasible, and objection to certain types of processing. See our Privacy Policy at sitetrust.com/privacy for full details.

7.4 Special Category Data

We do not process special category data (sensitive personal information such as health, biometric, or financial data) through AI systems except where legally required, with explicit consent, and under appropriate additional safeguards.

8. AI Limitations and Risk Management

8.1 Known AI Limitations

  • Accuracy and Reliability: AI systems can generate incorrect, incomplete, or misleading information ("hallucinations"). We apply mandatory human review before publication or use in significant decisions.

  • Bias and Fairness: AI may reflect biases in training data. We do not use AI for decisions affecting protected classes without human review.

  • Context and Nuance: AI may misinterpret context or nuance. Complex matters are handled by qualified humans.

  • Technical Reliability: AI systems may experience downtime, errors, or performance changes. We maintain alternative processes.

  • Privacy and Security: AI processing creates potential privacy and security risks. We maintain strict protections.

8.2 Continuous Monitoring and Improvement

We actively monitor AI performance through quality reviews, user feedback, performance metrics, incident tracking, and technology updates. When issues are identified, we investigate root causes and implement improvements.

8.3 Incident Response

If an AI system produces harmful, inaccurate, or problematic outputs, we acknowledge the issue promptly, take immediate corrective action, investigate the root cause, adjust processes, and communicate transparently with affected parties. We take full responsibility and do not hide behind "AI made a mistake" as an excuse.

9. Your Rights and Recourse

  • Right to Know: You have the right to know when and how AI is being used in your interactions with SiteTrust.

  • Right to Human Review: You may request human review of any decision, recommendation, content, or communication that involved AI.

  • Right to Explanation: You may request an explanation of how AI was used in any matter affecting you.

  • Right to Opt-Out: Where technically feasible, you may request human-only alternatives.

  • Right to File Complaints: Contact us at wecare@sitetrust.com. You may also file complaints with the FTC, your state attorney general, or applicable data protection authorities.

We respond to all inquiries within 24–48 hours. Escalated complaints receive substantive response within 5 business days.

10. Verification and Accountability

SiteTrust is certified under its own AI Transparency Standard at Tier 1. This means we meet all requirements we expect of certified companies, undergo the same self-assessment process, our certification is publicly verifiable at sitetrust.com/registry/sitetrust-inc, and we renew annually with continuous compliance. We maintain compliance with applicable AI, privacy, and consumer protection regulations.

11. Policy Maintenance and Updates

This policy is reviewed quarterly. We update it when we deploy AI in materially new ways, change governance practices, identify material risks, when laws change, or when feedback indicates clarification is needed. Material changes are communicated through prominent notice on sitetrust.com (30 days) and email notification to customers and certified organizations.

VersionDateSummaryType
2.0April 2026Major update: adaptive AI, jurisdiction protections, accountability, truthful claims, four-pillar alignmentMajor
1.0December 1, 2025Initial policy publicationNew Policy

12. Jurisdiction-Specific Protections

SiteTrust's AI governance practices provide protection under current and emerging AI regulations:

12.1 California

Protection: This policy satisfies disclosure obligations under AB 2013, SB 942 (penalties up to $5,000/violation/day), and SB 243 (private right of action, $1,000+ per violation).

12.2 Colorado

Protection: This policy establishes the governance framework supporting a "reasonable care" defense under SB 24-205 (effective June 30, 2026) — the most significant AI liability standard currently enacted.

12.3 Illinois

Protection: This policy satisfies the Employment AI Disclosure Law (effective January 1, 2026).

12.4 Texas

Protection: This policy addresses TRAIGA disclosure requirements (effective January 1, 2026).

12.5 Utah

Protection: Our accountability provisions are consistent with Utah's AI Policy Act prohibiting AI blame-shifting.

12.6 European Union

Protection: Our transparency and governance practices address the EU AI Act's disclosure and documentation obligations (GPAI provisions effective March 2026).

12.7 Federal

Protection: This policy is aligned with FTC Act Section 5 expectations and reflects lessons from Operation AI Comply ($17M+ in settlements).

13. Legal Provisions

13.1 Accountability for AI Outcomes

SiteTrust takes responsibility for AI outputs used in our operations. Ultimate accountability rests with our organization and the humans who oversee them. We do not disclaim responsibility by attributing outcomes to the AI system alone, consistent with state accountability laws.

13.2 No Guarantee of Perfection

While we implement rigorous quality controls and human oversight, we do not guarantee the accuracy of all AI outputs. Users should exercise independent judgment and verify important information.

13.3 Limitation of Liability

Liability for AI-related issues is subject to the limitations in our Terms and Conditions, provided we have exercised the governance practices in this policy.

13.4 Governing Law

This policy is governed by the laws of the State of Florida without regard to conflicts of law principles.

13.5 Severability

If any provision is found invalid, the remaining provisions continue in full effect.

14. Contact and Transparency

For questions, concerns, or requests about our AI practices:

We are committed to transparency and welcome inquiries about our AI practices.

15. Additional Information

15.1 Related Policies

15.2 Industry Resources

  • National Institute of Standards and Technology (NIST) AI Risk Management Framework

  • Federal Trade Commission (FTC) AI Guidance

  • EU AI Act and Implementation Guidance

DOCUMENT CONTROL

Version: 2.0

Effective Date: April 1, 2026

Last Updated: April 2026

Next Review: July 2026 (Quarterly)

Policy Owner: Chief Compliance Officer

Approved By: SiteTrust Executive Team

SiteTrust Certified — Tier 1
This policy demonstrates compliance with the SiteTrust AI Transparency Standard v2.0

Verify our certification: sitetrust.com/registry/sitetrust-inc

© 2026 SiteTrust, All rights reserved.