AI and data
Our position
Imageplus uses AI tools in the delivery of its services. The use of those tools does not change our data protection commitments. Client personal data and client confidential data are never submitted to cloud AI services by Imageplus in the course of its own operations.
How we handle data across AI tooling
Imageplus operates a strict data boundary across all AI tooling.
For work that involves no personal data or client confidential data, approved cloud AI services may be used. These include Anthropic, OpenAI and Google Gemini. The applicable transfer mechanisms are documented on the sub-processors page.
For work involving personal data or client confidential data, Imageplus uses locally hosted open-weight models running on Imageplus-controlled infrastructure. No data leaves the Imageplus perimeter.
AI in client systems
When Imageplus designs, builds or maintains AI systems for clients, the applicable architecture depends on the engagement. Imageplus may work across three deployment tiers depending on the client's objectives, data sensitivity, regulatory obligations and governance requirements.
The three-tier model is described in detail on the three-tier AI model page of the Approach section.
Where a client system uses an external AI provider, that provider is documented in the applicable engagement documentation together with the relevant data flow, transfer mechanism and safeguards. The client is briefed on the data implications before the architecture is confirmed.
AI-assisted development
Imageplus uses AI tools to assist with software development. This includes code assistance, documentation drafting and test generation. AI-generated code is reviewed and approved by a principal before being merged or deployed. No client personal data, client confidential data, production credentials or sensitive context is submitted to AI development tools.