Our AI policy
AI is part of how we work. It's not part of everything we work on. This page documents where AI shows up in a Hello World engagement, where it doesn't, and what we promise about how your data is handled. Our position is warm-cautious. Useful where it earns its place. Off when it doesn't.
What we use AI for
These are the use cases we rely on internally. Some show up in client work. Some stay on our side of the line.
Coding assistance
Claude, Claude Code, and Copilot in our editors for code suggestions, refactoring, and tests. Engineers review every change before it lands in a branch.
Discovery synthesis
With your consent, we transcribe Discovery calls and summarize themes. Recordings and transcripts use vendors that contract for zero data retention.
Content drafts
Research summaries, FAQ scaffolding, plain-language explanations. Every draft is reviewed and rewritten by a Hello World writer before it ships.
Research and learning
Staying current on libraries, frameworks, accessibility patterns, and security advisories. AI helps us read faster. Engineers still verify what we apply.
What we don't do
These are the patterns we won't ship, regardless of how the request is framed. They are the line we hold.
Client decisions on autopilot
AI can help us think. It doesn't decide for you. Recommendations come from humans, with reasoning we can defend.
Sensitive data into consumer AI
Member records, donor lists, PHI, financial data, and credentials never go into free or consumer AI tools. Only contracted vendors with documented terms.
Autonomous code or system changes
No agent deploys to your production. No model pushes to your main branch. No automated changes to live systems without a human in the loop.
Skipping human review
Nothing AI-generated reaches your project without a Hello World engineer, designer, or writer reading, editing, and signing off on it.
How we handle your data
The vendor list and the contractual terms behind it. We document everything in your engagement rider.
- Vendor list. Default tier: Anthropic (Claude API and Console) and OpenAI Enterprise. Each has a signed DPA and zero data retention configured for grounded API calls.
- Zero retention by contract. Every vendor we use is contractually required not to retain customer data beyond the request lifecycle. When zero-retention isn't available for a feature, we don't use that feature on client data.
- No training on your data. Our contracts explicitly prohibit using customer data to train, fine-tune, or evaluate models. We verify this in writing before sending anything you'd consider sensitive.
- Self-hosted fallback. When a managed vendor can't meet the data-handling bar for your engagement, we deploy self-hosted or open-source models in your environment instead.
- Geographic and regulatory constraints. Engagements bound by HIPAA, FERPA, GDPR data residency, or state privacy laws get a scoped vendor list that meets the standard. We document the constraint and the vendor map in your rider.
What we promise
The commitments behind every engagement. These show up in your rider and bind us in writing.
Disclosure
You'll know which AI tools touch your project, where they're used, and what data they see. The list lives in your rider and updates when it changes.
Opt-out
Any engagement can be scoped without AI. Tell us in Discovery. We'll quote and deliver the work without it. The opt-out goes in your rider.
Audit trail
Engagements that require it get a logged record of prompts, model versions, and outputs. We retain the log for the contracted period and share it on request.
We own what we deliver
AI is a tool. Hello World is the partner. If an AI-assisted artifact misses the mark, the responsibility is ours. We don't shift it to the model.
How this applies to your engagement
Four steps from this page to a working agreement that says exactly what AI does and does not do on your project.
- Discovery scopes AI use. We walk through the use cases that fit your project, the ones that don't, and any constraints your sector imposes.
- MSA rider documents the agreement. Your engagement gets an AI rider listing the vendors, data-handling commitments, audit terms, and any opt-outs you chose.
- Implementation respects the rider. Every team member knows what's in scope. Deviations need your written approval before they happen.
- Quarterly review. We revisit your engagement's AI scope each quarter. New vendors, retired vendors, and scope changes go through you first.
Common questions
Do you train AI on our data?
No. Never. Every vendor we use is contractually prohibited from using customer data for training, fine-tuning, or evaluation. We verify this in writing before any work begins.
What if we don't want AI used on our project at all?
Tell us in Discovery. We'll quote and scope the work without AI involvement, and the opt-out gets documented in your rider so every team member sees it.
What if we want more aggressive AI use than the default?
We'll talk it through. Some patterns we won't ship regardless of client preference. Autonomous production deploys, AI making material decisions without humans, or routing sensitive data through consumer AI tools are off the table.
Who is responsible if AI produces a bad output?
Hello World. AI is a tool we choose to use. We own what we deliver. The same liability terms that cover human-produced work cover AI-assisted work.
Does this policy apply to fractional engagements?
Yes. Fractional CTO, Chief Strategy Officer, and Chief AI Officer engagements follow the same data handling and disclosure rules. The rider applies the same way.
How often does this policy change?
We review quarterly. Material changes go to active clients in writing. The last-updated date at the top of this page reflects the most recent revision.
Keep reading
- AI for mission-driven teams. Our pillar guide to picking the few AI use cases worth shipping.
- Fractional Chief AI Officer. Monthly retainer for ongoing AI strategy and implementation.
- How a Discovery Session works. Where AI scope gets decided for your engagement.
- Talk to us about an engagement. We're happy to walk through this policy in detail.
Questions about AI on your project?
Book a free discovery call. We'll walk through how AI would fit your engagement, what data goes where, and what we'd put in your rider.