Our commitment to responsible AI
AgentGuard uses AI to scan compliance disclosures, classify estate-agent firm types, read identity documents, and draft compliance documents. Sanctions / PEP screening and SAR briefs are produced deterministically, not by AI. We use AI responsibly — transparently, with human oversight on every consequential output, and with a clear right to appeal. AI augments the agent and the MLRO; it does not replace their judgment.
1. Purpose
This policy outlines how we use AI, our commitment to transparency about AI-assisted findings, and the safeguards we have in place to ensure fair treatment of agent customers and the end-customers they screen.
2. How we use AI
We use AI in the following parts of the product:
2.1 Compliance scan classification
When you run a free scan or a monthly subscriber scan, AI assists in classifying what we found.
What AI does
- Reads the public-facing pages of your website and quotes the exact text we relied on
- Classifies whether each disclosure (fees, redress scheme, CMP, complaints, privacy notice, material information under the DMCC Act 2024, etc.) appears to be present
- Assigns a confidence level to each finding
What AI does not do
- Make a regulatory finding — HMRC, Trading Standards, and the redress schemes are the regulators
- Publish a failure on a public surface — we never surface compliance gaps publicly; they remain in your private dashboard
- Score people on protected characteristics
2.2 Agency-type classification
AI infers whether a firm is doing lettings, sales, or both, based on public website text and HMRC register entries. This drives which compliance template variations apply to the firm.
Classification is provisional and is overridden by the firm’s own profile data when the firm subscribes.
2.3 Customer due-diligence screening
When you run a CDD check on an end-customer, we do not use AI to make the screening decision. The screening matches sanctions and PEP names against authoritative public lists (OFSI, UN, EU, US OFAC, HMT, UK PEP) using deterministic name-matching rules.
AI is not used to decide a match, to compare corroborating attributes, or to write the audit pack — the matching, the attribute comparison, and the audit-pack narrative are produced deterministically from the screening data and the operator’s recorded decision.
The one place AI assists a CDD check is reading the identity document — extracting fields such as the customer’s address, and, only where automated extraction fails, performing OCR on the document image (which may send that image to our AI sub-processor; see §7 and §8). The screening decision itself stays deterministic and the operator’s.
2.4 Document drafting
AI assists in drafting your compliance documents (AML policy, FWRA, CDD procedure, complaints procedure, privacy notice, etc.) by inserting your firm’s details into reviewed legal templates and adapting wording to your customer types. The Subscriber adopts the document by signing it; the signed snapshot is the legally-effective version, not the AI draft.
2.5 SAR brief preparation
When the MLRO confirms a suspicion under POCA 2002, we assemble a section-by-section paste-ready brief from the case data the MLRO recorded, for the National Crime Agency portal. The MLRO reviews, edits, and submits the brief through the NCA portal with their own 2FA. AgentGuard does not submit SARs.
2.6 Communications and admin
We use AI-assisted tools for routine communications and content (for example, drafting outbound email templates, generating training explainers). Content is reviewed before sending. Automated emails and SMS clearly identify themselves as such.
3. Transparency guarantees
3.1 Disclosure
When AI is used in any part of a finding affecting you, we will:
- Clearly disclose that AI was involved
- Explain what factors the AI considered
- Provide the AI-generated outputs you have a legitimate interest in seeing
- Explain how the AI’s output was used in the finding
3.2 Access to your information
As an agent subscriber, you have the right to:
- See the raw scan output and the exact website text we quoted
- See the AI’s confidence levels and reasoning
- Request the structured criteria used in the scan
- Request human review of any scan finding
As an end-customer screened by a Subscriber, you have the right to:
- Know that AgentGuard processed your data on the Subscriber’s behalf (the Subscriber is the controller; ask them)
- Receive a copy of the audit pack relating to the check, via the Subscriber
- Request correction of inaccurate data
- Request human review of an automated finding
4. Human oversight and right to appeal
We maintain strict human oversight of all consequential outputs.
4.1 Human review requirement
- No regulatory decision is made by AI alone — HMRC and the redress schemes are the deciders, not us
- Sanctions matches require operator confirmation before the customer is declined
- SAR submissions are made by the MLRO, not by AI
- Compliance documents are adopted by the Subscriber’s signature, not by AI generation
4.2 Right to appeal AI-assisted findings
If you believe an AI-assisted finding is unfair, inaccurate, or biased, you have the right to:
- Request an explanation — receive a detailed breakdown of how the AI reached its conclusion, including the specific text or attributes it relied on
- Request human review — have your case reviewed by a senior member of our team
- Challenge the finding — formally dispute any output, request re-assessment, escalate via our complaints procedure if not satisfied
Email legal@everyguard.uk with “AI Decision Appeal” in the subject line. We acknowledge within 2 working days and provide a substantive response within 5 working days (10 for complex cases).
5. Bias prevention and fairness
5.1 Protected characteristics
Our AI systems are designed to avoid discriminating on the basis of protected characteristics under the Equality Act 2010. Our compliance scanner reads website text; it does not read photographs of people, audio, or video. Our customer-verify flow performs a one-to-one face match to confirm the document holder and checks document validity and liveness; it does not classify the subject by gender, age, or ethnicity, it never performs one-to-many facial identification, and it never uses emotion detection.
5.2 Governance
We govern our AI systems by:
- Reconciling each AI scan verdict against a deterministic evidence-verification step before it is relied on or published
- Reviewing and improving our prompts and structured-output schemas
- Acting promptly on any error a subscriber or operator reports
6. Legal compliance
Our use of AI complies with:
- UK GDPR Article 22 — right to information about automated decision-making and right to human review
- Data Protection Act 2018
- ICO guidance on AI and data protection
- Equality Act 2010 — our AI systems are designed not to assess people on protected characteristics
- MLR 2017 record-keeping rules for any AI-assisted CDD output
We conduct Data Protection Impact Assessments for high-risk AI processing activities — in particular, the customer-verify biometric flow and sanctions screening — and maintain records of AI processing activities.
7. Data and privacy
- Data minimisation: AI analysis uses only data you have provided to us directly or that is publicly available on the registers we cover
- No external enrichment: we do not purchase external data about your customers for AI analysis
- Data security: all AI processing occurs on secure, encrypted systems; access is restricted to authorised personnel
- Sub-processor due diligence: our AI sub-processor (Anthropic) operates under our Data Processing Agreement and the UK International Data Transfer Addendum
- No model training on your data: our AI sub-processor does not use your data to train its general models
8. Sub-processors used for AI
We currently use the following AI sub-processor:
| Provider | Purpose | Data processed | Region |
|---|---|---|---|
| Anthropic (Claude) | Compliance-scan classification, agency-type preflight, document drafting, and CDD identity-document reading (address extraction + OCR fallback) | Website text we’ve quoted, firm details, and — for CDD document reading — a customer identity-document image (OCR fallback) and the fields extracted from it | US (UK IDTA safeguards in place) |
9. Limitations of AI
We acknowledge AI has limitations:
- AI cannot understand complex human context as well as humans
- AI cannot account for circumstances outside the data it receives
- AI cannot make ethical judgments about fairness in individual cases
- AI cannot replace human empathy and relationship-building
- AI cannot predict regulatory action with certainty
That is why we never rely solely on AI for consequential outputs, why we empower our team and our subscribers to override AI findings, and why we maintain appeal processes for everything.
10. Your responsibilities
- Provide accurate firm and customer information
- Don’t attempt to manipulate or game our scoring or screening systems
- Don’t reverse-engineer our prompts or classifier outputs
- Report any suspected errors or biases you observe — your input helps us improve fairness and effectiveness
11. Questions and complaints
For questions about our use of AI:
- Email: legal@everyguard.uk (subject: “AI Enquiry”)
- We aim to respond within 5 working days; complex questions may take up to 10 working days
If you’re not satisfied with our response, you have the right to complain to the Information Commissioner’s Office at ico.org.uk.
12. Policy updates
This policy will be reviewed and updated:
- Annually as a minimum
- When we introduce new AI capabilities
- When relevant legislation or guidance changes
- In response to feedback from subscribers and end-customers
Material changes are communicated via email and on this page with an updated effective date.