Legal

AI Use Policy

11/06/2026

RoleKick Platform AI Use Policy

Last updated: 2nd June 2026

1. Purpose of this Policy

This AI Use Policy ("Policy") explains how Kick Technology Ltd ("we", "us") uses artificial intelligence ("AI") technologies within its RoleKick software platform to support users through conversational interactions and to analyse data in order to generate summaries, recommendations, and insights.

This Policy is intended to provide transparency to customers and users, support responsible AI use, and support compliance with applicable data protection, privacy, and AI-specific laws, including Regulation (EU) 2024/1689 (the "EU AI Act") where it applies.

2. Scope

This Policy applies to:

  • the RoleKick software platform;

  • AI-powered features, including chat-based interactions, summaries, recommendations, and insights;

  • the processing of data submitted to the platform by or on behalf of customers; and

  • customers, administrators, managers, employees, and other authorised users who use or are affected by RoleKick AI-powered features.

3. How We Use AI

AI-powered features are made available to different users, including administrators, managers, and employees, based on their role, permissions, and level of authorised access within the platform. AI outputs are only generated and displayed in relation to data that a user is permitted to access.

Kick Technology Ltd uses AI technologies, including large language models provided by Claude (Anthropic), to:

  • interact with users via chat-based features;

  • analyse user-provided and system-generated data;

  • generate summaries, insights, and recommendations designed to support understanding, reflection, and decision-making;

  • support customer administration and user engagement; and

  • improve the functionality, accuracy, safety, and relevance of the platform.

AI outputs are designed to be decision-support tools and do not constitute professional, medical, legal, employment, or other regulated advice.

4. EU AI Act Compliance Approach

The EU AI Act may apply to RoleKick where AI systems are placed on the EU market, put into service in the EU, used by EU-based deployers, or where outputs generated by the AI system are used in the EU. We will apply the EU AI Act to RoleKick to the extent it applies to the relevant feature, territory, customer configuration, and intended use.

Our approach includes the following controls:

  • AI inventory and classification: we maintain an inventory of AI-powered RoleKick features and assess their intended purpose and risk classification under the EU AI Act.

  • Intended purpose controls: RoleKick AI features are intended to support conversational assistance, summaries, recommendations, insights, and human decision-support, not final or autonomous decisions about individuals.

  • Prohibited use controls: RoleKick is not designed, marketed, or intended for prohibited AI practices under the EU AI Act, including harmful manipulation, exploitation of vulnerabilities, social scoring, unlawful biometric categorisation, prohibited workplace emotion recognition, untargeted biometric scraping, or criminal offence risk prediction based solely on profiling or personality traits.

  • High-risk assessment: if a RoleKick feature or customer configuration is intended for a use case that may be high-risk under the EU AI Act, we will assess that use case before making the feature available for that purpose.

  • Transparency: where required, we inform users when they are interacting with AI and identify AI-generated outputs so users understand when content has been produced or assisted by AI.

  • Human oversight: RoleKick is designed to support human review. Users and customers are expected to review, validate, disregard, override, or independently verify AI-generated outputs before relying on them.

  • Risk management and monitoring: we use prompt design, output controls, access controls, security controls, testing, monitoring, and review processes to reduce risks such as inappropriate outputs, bias, unauthorised disclosure, and over-reliance.

  • Documentation and customer support: we maintain documentation proportionate to the relevant AI feature and provide reasonable information to customers to support their own compliance obligations.

  • Third-party AI models: where we use third-party general-purpose AI models, we use contractual and technical controls designed to ensure customer data is processed only to provide the RoleKick service and is not used to train general-purpose or cross-customer AI models.

5. High-Risk AI Use Cases

RoleKick AI features are not intended to be used as the sole or autonomous basis for decisions about recruitment, selection, promotion, termination, work allocation based on individual behaviour or personal traits, or monitoring and evaluation of individual performance or behaviour where such use would be classified as high-risk under the EU AI Act, unless that use has been expressly agreed and assessed in advance.

If a RoleKick AI feature is classified as high-risk under the EU AI Act for an agreed intended purpose, we will implement the applicable provider obligations before making that feature available for that purpose, including where applicable risk management, data governance, technical documentation, logging, instructions for use, human oversight measures, accuracy, robustness and cybersecurity measures, quality management, post-market monitoring, serious incident procedures, conformity assessment, EU declaration of conformity, CE marking, and registration.

Customers acting as deployers of a high-risk AI system are responsible for their own deployer obligations, including using the system in accordance with instructions, assigning competent human oversight, ensuring relevant and representative input data where they control it, monitoring use, keeping required logs, notifying workers or worker representatives where required, and carrying out any required impact assessment. We will provide reasonable information and cooperation to support those obligations where they apply.

6. Role of the Parties and Sub-Processing

For data protection purposes:

  • Kick Technology Ltd acts as a data processor when processing personal data on behalf of its customers.

  • Customers act as data controllers and determine how and why personal data is processed.

For EU AI Act purposes, data protection roles do not automatically determine AI Act roles. Depending on the relevant feature, territory, and intended use, Kick Technology Ltd may be a provider or other AI operator and customers may be deployers of RoleKick AI systems.

Claude (Anthropic) exclusively via Amazon Bedrock is engaged by Kick Technology Ltd as a sub-processor to provide AI model capabilities. Claude (Anthropic) processes data on Kick Technology Ltd's instructions and subject to contractual data protection obligations. Where other AI providers are used, they will be subject to appropriate contractual controls.

7. Data Used by AI

AI features may process the following categories of data, depending on how the platform is used:

  • user-generated content, such as text entered into chat, assessments, reflections, or feedback;

  • platform usage data;

  • contextual or metadata required to generate relevant outputs;

  • customer-configured organisational data, such as role, team, or permissions, where relevant to authorised outputs;

  • AI prompts, responses, summaries, recommendations, and related logs where required to provide, secure, monitor, or troubleshoot the service; and

  • where enabled by the customer, wellbeing- or health-related information.

Kick Technology Ltd does not intentionally require customers to provide special category or sensitive personal data unless this is inherent to the agreed use of the platform or submitted by users or customers as part of their chosen use of RoleKick.

8. No Training of General AI Models

Personal data processed through the RoleKick platform is not used to train or improve Claude (Anthropic)'s general-purpose or cross-customer AI models.

Data is processed solely to deliver, secure, support, and improve the services for the relevant customer, unless Kick Technology Ltd is otherwise instructed by the customer or required by law.

9. Automated Processing, Visibility, and Human Oversight

AI-generated outputs may be visible to administrators, managers, and employee users depending on their role, permissions, and the data they are authorised to view. Users will only see AI outputs derived from data they have permission to access.

AI-generated outputs:

  • are produced using automated processing techniques;

  • are intended to support users with insights and recommendations;

  • should be reviewed before being relied upon;

  • may be disregarded, overridden, or independently verified by users and customers; and

  • are subject to internal safeguards, monitoring, and review proportionate to the feature and risk.

The platform does not use AI to make automated decisions that produce legal or similarly significant effects on individuals without meaningful human involvement. Customers remain responsible for configuring access controls appropriately and for decisions taken based on AI-generated outputs.

10. What AI Does Not Do

To avoid doubt, AI used within the platform:

  • does not make final or binding decisions about individuals;

  • does not replace human judgement, professional advice, or managerial decision-making;

  • does not operate independently of customer-configured permissions or access controls;

  • does not have unrestricted access to all data within the platform;

  • does not determine employment outcomes, medical diagnoses, legal conclusions, or disciplinary decisions; and

  • does not intentionally perform prohibited AI practices under the EU AI Act.

11. Accuracy, Limitations, and Use of Outputs

While Kick Technology Ltd takes reasonable steps to ensure AI outputs are helpful and appropriate:

  • AI-generated content may be incomplete, inaccurate, or based on limited context;

  • outputs should be reviewed before being relied upon;

  • users should not treat AI-generated outputs as definitive or authoritative;

  • users should consider the possibility of bias, hallucination, outdated information, or missing context; and

  • customers should ensure human review before using outputs to support decisions about individuals.

Kick Technology Ltd does not guarantee the accuracy or completeness of AI-generated outputs.

12. Fairness, Bias, and Risk Mitigation

Kick Technology Ltd implements measures designed to:

  • reduce the risk of bias or inappropriate outputs;

  • monitor AI performance and behaviour;

  • restrict the use of AI features in ways inconsistent with this Policy or the agreed intended purpose;

  • identify and investigate material issues reported by customers or users; and

  • support continuous improvement of safety, reliability, and fairness controls.

These measures include prompt design, output controls, role-based access controls, testing, monitoring, incident review, and regular review of AI functionality.

13. Security and Confidentiality

Kick Technology Ltd applies appropriate technical and organisational measures to protect data processed using AI technologies, including:

  • access controls and permission-scoped outputs;

  • encryption in transit and at rest where appropriate;

  • data minimisation and retention controls;

  • supplier due diligence and contractual restrictions for AI providers;

  • logging and monitoring where appropriate for security, troubleshooting, and compliance;

  • incident response procedures; and

  • controls designed to prevent customer data being used for unauthorised model training.

AI providers are contractually required to apply equivalent security and confidentiality standards.

14. Transparency and Customer Rights

Customers may request reasonable information about:

  • how AI is used within the platform;

  • the role of AI sub-processors;

  • the intended purpose and limitations of AI-powered features;

  • safeguards applied to AI processing;

  • information reasonably required for data protection impact assessments or AI-related impact assessments where applicable; and

  • material changes to AI features or AI sub-processors that materially affect customer use or compliance obligations.

Requests relating to personal data rights should be directed to the relevant customer as data controller. Where we receive a rights request directly, we will handle it in accordance with our contractual and legal obligations.

15. Customer Responsibilities and Appropriate Use

Customers are responsible for deciding how RoleKick is deployed in their organisation and for ensuring their use of AI-powered features is lawful, fair, transparent, and consistent with their own policies and notices.

Customers should:

  • configure access controls and permissions appropriately;

  • provide users and workers with appropriate notices and instructions;

  • ensure appropriate AI literacy and training for users who operate or rely on AI-powered features;

  • avoid using AI outputs as the sole basis for decisions about individuals;

  • ensure meaningful human review of AI-generated outputs;

  • not use RoleKick for prohibited AI practices or unassessed high-risk use cases;

  • notify us promptly of suspected material errors, inappropriate outputs, misuse, or AI-related incidents; and

  • seek appropriate legal, HR, medical, or other professional advice before using AI outputs for sensitive or significant decisions.

16. Changes to this Policy

Kick Technology Ltd may update this Policy from time to time to reflect changes in technology, law, regulatory guidance, AI providers, or our services. Material changes will be communicated to customers where appropriate.

17. Contact

Questions about this Policy or Kick Technology Ltd's use of AI can be directed to:

Email: support@rolekick.com