AI Policy

Version: v1.1 February 2026

1. Overview

Doozy provides optional AI-powered features designed to assist customers in generating custom engagement content, including icebreakers, prompts, and quizzes. All AI functionality is user-initiated and operates under a "Human-in-the-Loop" model, where outputs require explicit human review and approval.

2. Scope of AI Features

AI capabilities within Doozy are used to:

  • Generate custom icebreaker questions and conversation starters.
  • Draft quiz content, activity templates, and engagement prompts.
  • Refine or iterate on existing platform content based on user feedback.
  • Approval Gate: AI-generated outputs are never automatically published. They are presented to the user for review and must be explicitly saved or approved before being distributed to other workspace members.

3. AI Inputs & Contextual Processing

Doozy processes only the data explicitly submitted by a user for an AI request.

  • Manual Submissions: Includes text prompts, uploaded documents, or specific activity parameters provided by the user.
  • No Passive Scanning: Doozy does not automatically scan Slack messages, HRIS data, or general workspace communication for AI processing.
  • Context Isolation: AI requests are processed as discrete events. Data from one customer is never accessible to the AI when processing requests for another customer.

4. AI Service Providers

Doozy’s AI functionality is powered by enterprise-grade infrastructure.

  • Primary Provider: Google Gemini via Google Cloud Vertex AI.
  • Compliance: Our usage of Vertex AI falls under Google’s Cloud Data Processing Addendum (CDPA), ensuring that AI processing meets the same SOC 2 and GDPR standards as our core hosting environment.
  • Subprocessors: A full list of AI subprocessors is maintained in Doozy’s official Subprocessor Documentation.

5. Data Usage & "Zero Training" Policy

Doozy adheres to a strict Zero Training policy regarding customer data:

  • No Foundation Training: Customer data submitted to AI features is not used by Doozy or Google to train, fine-tune, or improve foundational Large Language Models (LLMs).
  • Data Ownership: Customers retain all intellectual property rights to both the inputs provided and the outputs generated and saved.
  • Purpose Limitation: Data is used solely to generate the specific output requested by the user in real-time.

6. Data Retention & Monitoring

  • Transient Processing: Unsaved AI outputs are held in volatile memory for the duration of the session and are not stored as persistent records by Doozy.
  • Abuse Monitoring: In accordance with standard enterprise AI safety protocols, Google may temporarily log prompts and outputs for up to 30 days solely for the purpose of detecting abuse and violations of its Acceptable Use Policy. This data is not used for model training.
  • Saved Content: If a user chooses to "Save" an AI output, it is treated as standard Customer Data, stored in Doozy’s encrypted database, and subject to our standard Data Retention Policy.

7. Security Controls

AI features operate within Doozy’s secured infrastructure, inheriting the following controls:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • IAM & Access: Role-based access controls ensure only authorized users within a customer’s workspace can trigger AI features.
  • Safety Filtering: Doozy utilizes Vertex AI Safety Filters to automatically detect and block the generation of inappropriate, toxic, or harmful content.

8. Regionality & Compliance

Doozy remains the Data Processor for all AI-related tasks and ensures compliance with GDPR, the UK Data Protection Act, and other applicable data protection laws.

  • Regional Processing: While core data storage remains in our primary database, all AI processing and inference tasks are restricted to Google Cloud regions located within the United Kingdom or the European Union.
  • Data Residency: This regional restriction ensures that data remains within UK/EU jurisdictions during the processing lifecycle.
  • Human Oversight: Every AI-generated output requires mandatory review and approval by the requesting user prior to platform distribution.