Legal

AI Usage Policy

Effective date: 1 September 2025 | Version 1.2

This AI Usage Policy explains how 10X Communities Limited (trading as “10X Managers”, “we”, “us”, “our”) uses Artificial Intelligence (“AI”) across our products and services, and the safeguards we apply to protect privacy, confidentiality, fairness and compliance.

This Policy should be read together with our Privacy Policy, which sets out how we collect, use, store and protect personal data more broadly. All data used in AI workflows is processed in line with our Privacy Policy (including lawful bases, retention periods and international transfer safeguards).

1. Scope

This Policy applies to all AI-powered features and workflows operated by 10X Managers, including:

  • The LeadersLab platform
  • The Manager Strength Index (MSI) assessment and reporting
  • The Tensai AI coaching assistant
  • AI-assisted personalised learning recommendations
  • AI-based workshop transcription and summarisation
  • AI used for internal content creation, analytics and reporting

It covers all users and client organisations engaging with our AI-enabled services.

2. Our AI Principles

We design, deploy and monitor AI systems in line with the following principles:

  • Privacy-first– all AI use must comply with UK GDPR and our Privacy Policy.
  • Zero Data Retention by Model Providers– no client data used to train public models.
  • Client Data Segregation– strict logical separation between clients.
  • Human Oversight– AI is advisory, not a substitute for human judgement.
  • Transparency– users should know when they are interacting with AI.
  • No High-Risk Automated Decisions– no AI-driven employment or legal decisions.
  • EU AI Act Alignment– designed for limited- or minimal-risk use cases, not high-risk worker management.

3. Where We Use AI

3.1 Manager Strength Index (MSI)

MSI is a situational judgement assessment used for leadership development.

AI is used to:

  • Assist in analysing responses against pre-defined behavioural rubrics.
  • Generate narrative feedback and development insights for participants.
  • Identify common patterns and themes at cohort level.

Safeguards:

  • MSI design, scoring rules and interpretation frameworks are created and governed by humans.
  • AI supports analysis; it does not replace human-defined scoring logic.
  • MSI results are intended for developmental use, not formal performance evaluation.

3.2 Personalised Learning Journeys and Recommendations

AI is used to:

  • Recommend relevant content in LeadersLab (courses, videos, articles, exercises).
  • Suggest development plans (e.g. 30-day roadmaps) based on MSI results, stated goals and engagement patterns.
  • Adapt recommendations over time as users interact with the platform.

Safeguards:

  • Recommendations are optional. Users and clients can ignore, customise or override them at any time.
  • Recommendations are designed for learning and coaching, not as competence or performance ratings.

3.3 Tensai – AI Coaching Assistant

Tensai is an AI-based coaching tool that supports managers with everyday leadership challenges.

AI is used to:

  • Interpret user questions and scenarios.
  • Provide coaching prompts, alternative perspectives and reflection questions.
  • Suggest options and frameworks for handling people and performance situations.

Safeguards:

  • Tensai runs on enterprise-grade AI models configured for zero data retention.
  • User conversations are stored only within 10X Managers’ EU-based infrastructure (AWS/Supabase) so users can review their history and we can troubleshoot issues.
  • Raw Tensai chat logs are not shared with clients or used to train public models.
  • Tensai outputs are not legal, HR, or compliance advice and must not be treated as such.

3.4 Workshop Transcription and Insight Extraction

Where workshops or sessions are recorded (with prior notice/consent):

AI is used to:

  • Transcribe audio into text.
  • Identify themes, challenges and key actions.
  • Generate draft summaries and materials for internal playbooks and resources.

Safeguards:

  • Participants are informed when recording and AI-based transcription will be used.
  • Outputs are reviewed and edited by 10X Managers staff before sharing.
  • Content is used for internal development, not for public AI training or resale.

3.5 Internal Operations and Content Creation

AI may be used internally by 10X Managers to:

  • Summarise participant feedback and survey data.
  • Draft internal reports and proposals.
  • Assist in creating new exercises, reflection prompts and learning assets.

Human oversight:

All such outputs are reviewed and validated by 10X Managers staff before being used externally.

4. Data Handling and Security in AI Workflows

4.1 Infrastructure

AI-related processing uses our existing infrastructure:

  • AWS (EU)– hosting and storage
  • Supabase (EU)– structured data store and retrieval-augmented generation (RAG) content source
  • Customer.io (EU)– notifications and service emails
  • Cloudflare– security, performance and content delivery
  • Enterprise AI providers (e.g. Azure OpenAI, OpenAI Enterprise, Anthropic) used only in zero-data-retention enterprise configurations

All data sent to AI providers is encrypted in transit. Any AI inputs/outputs we choose to retain are stored only in our own EU-based infrastructure and are protected under our Security and Privacy Policies.

4.2 Zero Data Retention by Model Providers

We configure AI providers so that:

  • Prompts and responses are processed transiently for the purpose of generating the output.
  • Providers do not retain, reuse or train their models on our clients’ data.
  • Providers may log limited technical metadata for security and operational purposes under their enterprise terms, but not the content of prompts for training.

4.3 Client-Level Data Segregation

We implement strict client-level data separation:

  • Client data is logically separated at the database level.
  • RAG mechanisms for a given client only draw from:
    • that client’s own content (e.g. internal materials we have been authorised to use); and
    • generic 10X Managers training content.
  • We do not design or permit cross-client content retrieval.

4.4 Governance and DPIAs

We perform Data Protection Impact Assessments (DPIAs) where AI processing may present high risk, including:

  • MSI analysis and profiling
  • Tensai persistent coaching
  • Workshop transcription and summarisation
  • RAG-based recommendations involving personal or client data

We maintain internal governance processes to review:

  • New AI features and vendors
  • Changes to configurations
  • Security, privacy and fairness implications of AI use

5. Human Oversight and Limitations

5.1 AI is Advisory, Not Decisive

Across all our AI systems:

  • AI outputs are recommendations, prompts or insights, not instructions.
  • Final decisions – especially those involving people, employment or legal risk – must be taken by humans.
  • Users and clients should treat AI outputs as one input among many.

We do not:

  • Make solely automated decisions with legal or similarly significant effects on individuals.
  • Provide AI that directly determines employment status, promotion, compensation or disciplinary action.

5.2 Quality, Bias and Reliability

AI systems may occasionally produce:

  • Incomplete or incorrect information
  • Outputs that reflect biases in their training data
  • Suggestions that are not appropriate for a specific context

We mitigate this by:

  • Constraining AI using RAG to known, relevant content where feasible
  • Designing prompts and templates to reduce risk of harmful or biased content
  • Applying human review to AI outputs used in formal programme materials
  • Encouraging users to cross-check important decisions and seek human advice

AI outputs are not a replacement for professional HR, legal or compliance advice.

6. Acceptable Use of AI Features

To keep AI usage safe and lawful, users must not:

  • Enter unnecessary special category data (e.g. detailed health information, political opinions, religion, union membership) into Tensai, MSI or other AI tools.
  • Upload or paste confidential information belonging to third parties without appropriate authorisation.
  • Share copyrighted or proprietary content they do not have the right to use.
  • Use AI tools to generate discriminatory, harassing, abusive or unlawful content.
  • Attempt to bypass security measures, probe for vulnerabilities or reverse-engineer AI models.
  • Use AI outputs to harass, discriminate against or unfairly evaluate colleagues or third parties.

We may monitor usage patterns and, in limited and justified cases, review specific interactions where:

  • We suspect misuse, abuse or unlawful activity;
  • It is necessary to investigate a security incident; or
  • A user or client requests support that requires us to inspect content.

Any such access is restricted to authorised staff and is logged.

7. Roles and Responsibilities

7.1 10X Managers’ Responsibilities

We are responsible for:

  • Selecting and configuring AI providers with appropriate privacy and security protections, including zero-data-retention and GDPR-aligned contractual terms.
  • Implementing client-level data separation and access controls.
  • Ensuring AI is used only for learning, coaching and development purposes within our products.
  • Conducting DPIAs where required and maintaining AI governance processes.
  • Providing clear documentation about AI capabilities, limitations and appropriate use.
  • Ensuring that AI usage is aligned with the EU AI Act’s requirements for limited- and minimal-risk systems.

7.2 Client Responsibilities

Clients remain responsible for:

  • How they use MSI results, engagement data, and AI-generated insights within their own HR and business processes.
  • Conducting their own risk assessments and DPIAs where required under applicable law (including the EU AI Act and employment law) when using outputs beyond pure learning and development.
  • Ensuring that AI outputs are not used as the sole or primary basis for performance evaluation, promotion, compensation, disciplinary action or termination.
  • Ensuring AI outputs are not repurposed as a worker-surveillance or monitoring tool (e.g. automated behavioural scoring).
  • Communicating transparently with their employees about how insights will be used internally.
  • Requesting configuration changes (e.g. restricting specific features) where their own policies require it.

If a client chooses to embed our outputs into a use case that may qualify as “high-risk” under the EU AI Act (for example, integrating MSI scores into automated promotion or performance systems), the client is responsible for compliance with all applicable high-risk AI obligations.

8. International Transfers

Where AI processing involves infrastructure or providers outside the UK or EEA:

  • We use appropriate data transfer mechanisms such as the EU Standard Contractual Clauses (SCCs) with the UK International Data Transfer Addendum, or the UK International Data Transfer Agreement (IDTA).
  • We apply additional safeguards including zero-data-retention configurations, encryption and strict access controls.

Details of our key AI processors and transfer mechanisms are available to clients on request.

9. Compliance with the EU AI Act

Although 10X Managers is UK-based, many of our clients and users are in the EU. We therefore design our AI systems to align with the principles and requirements of the EU Artificial Intelligence Act as it is phased in.

9.1 System Classification and Intended Use

Based on our current and intended use cases, our AI systems are designed to fall within the “limited-risk” or “minimal-risk” categories.

We do not design or intend our systems to be used as:

  • Unacceptable-risk AI systems;
  • Worker-surveillance or emotion-recognition tools;
  • High-risk AI systems that make or drive employment, promotion, performance evaluation or termination decisions.

If a client chooses to deploy outputs in a way that brings their use within a high-risk category (for example, by directly integrating outputs into automated HR decision systems), the client is responsible for meeting the EU AI Act obligations applicable to that use.

9.2 No AI Use for Employment or Performance Decisions by 10X Managers

10X Managers does not:

  • Use AI systems to perform formal performance evaluations of employees;
  • Use AI to determine promotions, compensation, or advancement;
  • Use AI to make disciplinary or termination decisions;
  • Use AI to monitor worker behaviour or productivity;
  • Make solely automated decisions with legal or similarly significant effect on individuals.

Our AI systems are designed and intended for learning, coaching and development support only.

9.3 Transparency to Users

In line with the EU AI Act’s transparency requirements:

  • We make it clear in our products when users are interacting with AI (e.g. Tensai, MSI feedback, AI-generated summaries).
  • Where appropriate, AI outputs are labelled or reasonably apparent as machine-generated.
  • Users can seek clarification or human review from 10X Managers (and from their own organisation) where needed.

9.4 Human Oversight and Control

We maintain human oversight by:

  • Governing MSI scoring and interpretation using human-created frameworks;
  • Reviewing AI-generated programme materials before they are used;
  • Allowing users and clients to override, ignore or adapt AI suggestions;
  • Providing routes for escalation if content appears incorrect or inappropriate.

9.5 Safety, Fairness and Mitigation of Risk

We work to:

  • Reduce the risk of bias in AI outputs through prompt design, training content and governance;
  • Avoid harmful or manipulative behaviours;
  • Maintain reasonable levels of accuracy and robustness;
  • Provide clear guidelines for safe and appropriate use;
  • Monitor for issues and adjust or disable AI features if unacceptable risks are identified.

We will continue to update our governance model and documentation as the EU AI Act is fully implemented (2024–2026).

10. Updates to This Policy

We may update this AI Usage Policy as:

  • Our AI systems evolve;
  • We change or add enterprise AI providers;
  • Applicable laws and regulatory guidance develop.

Material changes will be reflected in the “Effective date” above and, where appropriate, notified to clients and users (e.g. via email or in-platform notices).

11. Contact Us

Questions about this AI Usage Policy or our AI practices can be directed to:

Privacy Officer, 10X Managers
10X Communities Limited
notifications@10xmanagers.com

Unit 1310, Solihull Parkway, Birmingham Business Park, Solihull, England, B37 7YB

If you are a client and require more detailed information (e.g. for your own DPIA, vendor risk assessment, or EU AI Act analysis), please contact your 10X Managers representative or the email above.