AI Policy

• Reply drafting — generating suggested responses to incoming reviews and inbox messages in your brand voice.
• Recommendation Engine — surfacing operational fixes (e.g. coaching, copy changes, template tweaks) by reading patterns across your own reviews and feedback.
• Vouch Score — computing a single transparent reputation score per location from rating, velocity, sentiment, and response-health signals.
• Sentiment and theme extraction — classifying reviews and feedback to power dashboards and alerts.
• Content assistance — helping you write campaign templates, surveys, and replies in supported locales.
• Translation — between supported locales (currently en-US and es-MX) for templates and AI drafts.

All of these features operate on your workspace’s own data. None of them pull in or learn from another customer’s workspace.

We use enterprise-grade foundation models from established providers, accessed via their commercial APIs under no-training and zero-day-retention terms. Today this is Anthropic Claude. Where we add or change a model provider that materially affects how customer data is processed, we update this page and notify customers under a Data Processing Agreement in advance.

The current list of AI sub-processors is maintained at tryvouch.io/subprocessors/.

• API calls go to enterprise commercial endpoints under terms that prohibit training on our prompts or outputs.
• Provider-side retention is short and abuse-review only — at Anthropic, inputs and outputs are retained for no more than 30 days for trust-and-safety review and are not used to train models. Where a provider offers zero-data-retention as an option, we evaluate it for customers with that requirement.
• Prompts include only the workspace data necessary for the task — for example, a reply draft includes the review text and your brand-voice settings, not your full customer list.
• Prompts and responses are logged for debugging only on an opt-in basis, scoped to the workspace, redacted of contact details where possible, and access-controlled the same as production data.
• Sub-processor traffic is TLS 1.2+; API keys and integration secrets are encrypted with AES-256-GCM at rest and rotated; access is enforced by managed identity.

We do not use customer data to train, fine-tune, or evaluate any general-purpose AI model, and our model providers are contractually prohibited from doing so with our traffic. This includes review content, customer lists, replies, feedback, audio, images, and anything else uploaded to or generated in a workspace.

We may use de-identified, aggregated signals about how Vouch features are used — for example, “78% of drafts in this template family were accepted without edits” — to improve prompts, evaluations, and product design. These signals cannot be reasonably tied back to a customer record. We do not use these signals to train external models.

AI features in Vouch produce drafts, suggestions, scores, and recommendations. People — your team — decide what is sent, posted, or acted on. Specifically:

• Public review replies are never auto-posted by default. Drafts are queued for human review and require an explicit publish action.
• Solicitation messages run from templates approved by a human in your workspace; AI assists with drafting and translation, but the campaign is configured and started by your team.
• The Recommendation Engine can auto-apply only low-risk changes that the workspace has explicitly opted into; everything else requires review.
• Vouch Score is decisional input, not a decision. We do not use it to take action against any consumer.

Vouch exposes a Model Context Protocol (MCP) server that lets an authorised LLM client — typically used by your own team via Claude Desktop, an internal copilot, or a vendor agent you have approved — read and act on workspace data through a scoped set of skills (inbox, reviews, contacts, recommendations, surveys, competitor analytics, and Vouch Score).

• Every MCP session authenticates with a Vouch OAuth 2.1 access token tied to a specific workspace, a specific human user, and a specific set of OAuth scopes you approve.
• Sessions are read-only by default. Write skills (e.g. posting a reply, suppressing a contact, applying a recommendation) require explicit scopes and an explicit, audit-logged action by the connected user.
• The LLM client you connect — including any data it stores or processes locally — is governed by that client's own terms. Vouch does not control what a third-party MCP client does with the data once it leaves our API; only authorise clients you trust.
• All MCP traffic is rate-limited, scoped to the calling workspace, and recorded in the audit log alongside the rest of your tenancy.
• You can revoke any MCP integration's tokens at any time from the workspace admin console; we revoke server-side on the next request.

The MCP server is opt-in per workspace. If you do not enable MCP, no data leaves your workspace via that surface.

Vouch’s AI features do not make decisions that produce legal effects or similarly significant effects on consumers. Routing happy customers toward Google, Yelp, or Facebook is a routing optimisation, not a decision about the consumer; sentiment scoring is operational analytics for the business that owns the relationship, not a profile assigned to the consumer.

If you receive a Vouch-powered request and want a human to review any decision the system made in relation to you, contact the business that sent the request, or email support@aartha.ai and we will route the request.

Foundation models can produce outputs that are fluent but wrong. Vouch is designed to put a human between every AI output and the customer or public platform that receives it. You are responsible for reviewing AI-generated drafts before sending, and for verifying any factual claims those drafts make about your products, policies, or pricing.

We continuously evaluate model output against curated test sets covering tone, factuality, refusal behaviour, and locale appropriateness. When we change a model or a prompt that affects customer-visible output, the change goes through review.

• We test AI features for differential behaviour across locales and demographic-adjacent signals where lawful and feasible.
• We do not use protected characteristics (race, religion, sexual orientation, health status, etc.) as inputs to AI features, and we instruct providers not to infer them.
• Where AI surfaces recommendations about staff or operations, those recommendations are advisory and explainable — we show the underlying reviews that drove the suggestion.
• We welcome reports of biased or harmful output at support@aartha.ai. We will investigate and respond within 10 business days.

You agree to use Vouch’s AI features lawfully and in good faith. In particular, you must not:

• Use AI to generate, solicit, or post fake or fabricated reviews, in violation of the FTC's Rule on the Use of Consumer Reviews and Testimonials (16 CFR Part 465) or the policies of any connected review platform.
• Use AI to impersonate a customer, a real person who has not given you permission, or any public official.
• Use AI to draft messages that are deceptive, harassing, discriminatory, or otherwise unlawful.
• Attempt to extract the underlying model, weights, or training data, or use Vouch to train a competing AI system.
• Disable the human-review step on outbound channels in a way that bypasses the safeguards described in §5.

Detailed acceptable-use rules are in our Acceptable Use Policy.

Where AI assistance is used to generate text that ultimately reaches a customer, you are responsible — as the sender — for any disclosure required by law (for example, the EU AI Act’s transparency provisions for AI-generated content, or FTC guidance on testimonials and endorsements). Vouch provides tooling to surface that an output is AI-assisted; the publication decision and the labelling decision are yours.

When we change a model provider, materially expand what AI features can do, or introduce a new AI feature, we update this page and the sub-processor list. Customers under a Data Processing Agreement receive advance notice and an opportunity to object before processing begins.

AI policy questions, bias reports, model concerns: support@aartha.ai
Privacy: support@aartha.ai
Security: support@aartha.ai