Usage Policy Simetrik Assistant AI

Document Name:	Simetrik AI Use Policy
Document Owner:	Legal & Compliance	Type:	Policy
Approved by	Maria Paula BayonaSr Director, Legal & Compliance	Published by:	GRC
Last update date	20/02/2026	Classification:	Public

CHANGES CONTROL

Version	Date	Description	Prepared by	Approved by
001	15/04/2024	Document creation	Camilo Torres	Santiago Gómez G.
002	06/10/2025	Document update	María Andrea Visba	Santiago Gómez G.
3.0	20/02/2026	Update due to brand change. Incorporation of guidelines on contextual information, Inputs and data samples; inclusion of provisions on monitoring, AI feature improvement, use of third parties and subprocessors, prohibited uses, and mandatory platform acceptance with traceability logging.	María Andrea Visba	Maria Paula Bayona

1. PURPOSE

This Policy is intended to establish the rules governing the use of the Generative Artificial Intelligence and Machine Learning tools integrated into our platform. These functionalities are collectively referred to as Simetrik AI.

The primary objective of Simetrik AI is to serve as an advanced assistant for your daily operations, focusing on:

• Assist and optimize: Facilitating the daily tasks of companies and their authorized users when using the platform.
• Analytical support: Assisting in the understanding and interpretation of complex data.
• Operational efficiency: Streamlining the configuration of rules and processes within the platform.

It is important to emphasize that Simetrik AI operates as a support and assistance tool; it is not intended to replace human judgment or independently make automated decisions that produce legal effects on its own.

2. SCOPE 

This Policy applies to all Customers and all Users who access or use Simetrik AI. Access to or use of Simetrik AI implies acceptance of the terms set forth herein. In the event of any conflict between this Policy and Simetrik’s Terms and Conditions with respect to the use of AI, this Policy shall prevail exclusively in matters related to Simetrik AI.

This Policy supplements Simetrik’s Terms and Conditions, Simetrik’s Data Processing Policy, and Simetrik’s Information Security and Privacy Policy (collectively, the “Simetrik Corporate Policies”).

3. DEFINITIONS

For purposes of this Policy, the following terms shall have the meanings set forth below:

• Simetrik AI: The set of generative Artificial Intelligence (AI) and Machine Learning (ML) functionalities integrated into the Tool. Simetrik acts as an “AI Deployer” under the EU AI Act, operating such functionalities without being the provider of the underlying foundational model.
• Input: Information, instructions, queries, or data that the Customer or its Users provide to Simetrik AI.
• Output: Content, response, or suggestion generated by Simetrik AI in response to an Input.
• Third-Party Services: Foundational models, general-purpose artificial intelligence (GPAI) services, or AI solutions provided by third parties, such as OpenAI, Google, or others.
• GPAI Models (General-Purpose AI): General-purpose artificial intelligence models, including, among others, Large Language Models (LLMs) provided by third parties.
• LLM: A Large Language Model (LLM) is a general-purpose artificial intelligence model based on deep learning techniques and trained on large volumes of textual data, designed to generate, interpret, or transform natural language. LLMs may produce content, answer questions, summarize information, generate code, or provide other linguistic Outputs through statistical inference.
• Subprocessors: Third parties authorized by Simetrik to process data on behalf of Simetrik and, specifically, in connection with Simetrik AI.
• Personal Data: Information relating to an identified or identifiable natural person, in accordance with applicable law.

4. GOVERNING PRINCIPLES AND REGULATORY COMPLIANCE

In the context of the use of Simetrik AI, artificial intelligence functionalities generate Outputs such as responses, suggestions, recommendations, explanations, or other content automatically produced by the system based on the information, instructions, or data provided by the Customer or its Users, as well as the context of use within the platform.

Simetrik designs, integrates, and operates Simetrik AI in accordance with the following principles:

1. Transparency: Simetrik will inform users about the existence of AI functionalities, their general purpose, and their main limitations, as well as the use of Third-Party Services (Subprocessors), which are available for consultation in our Trust Center.
2. Human oversight: Simetrik AI is conceived as a support tool. Decisions with legal, financial, contractual, or compliance effects must not be executed in an automated manner without review and validation by the Customer and/or its Users.
3. Security and data protection: Simetrik applies information security and cybersecurity controls, including principles of data minimization, encryption, access management, and information governance measures, in accordance with its Corporate Security and Privacy Policies.
4. Non-discrimination and bias control: To the extent reasonable and technically feasible, Simetrik evaluates model behavior to identify biases and adopt mitigation measures.
5. Traceability and auditability: Simetrik may retain technical records of interactions with Simetrik AI for purposes of security, compliance, traceability, and audit.

Simetrik integrates and uses artificial intelligence systems within its service, defining their purpose and context of use, aligning with internationally recognized regulatory frameworks and best practices, such as the EU AI Act and applicable guidance in the United States, where applicable.

In this context, Simetrik acts as a deployer of artificial intelligence systems, without developing or training general-purpose artificial intelligence (GPAI) models, which are provided by third parties.

The processing of personal data associated with the use of Simetrik AI is carried out in consideration of data protection and privacy-by-design principles, in alignment with recognized regulatory frameworks such as the General Data Protection Regulation (GDPR) and applicable privacy laws in the United States.

This Policy complements and shall be interpreted together with the Privacy Notice, the Personal Data Processing Policy, the Data Processing Addendum (DPA), and Simetrik’s Information Security and Privacy Policy, available at https://www.simetrik.com.

For purposes of applicable data protection regulations, the Customer acts as the Controller with respect to the Personal Data entered or processed through Simetrik AI, and Simetrik shall act as the Processor where applicable, processing such data solely in accordance with the Customer’s instructions and the applicable DPA.

5. DESCRIPTION OF SIMETRIK AI FUNCTIONALITIES

Simetrik AI comprises the set of generative Artificial Intelligence and Machine Learning functionalities, components, and capabilities integrated into the Tool, designed to assist, facilitate, optimize, support, and monitor the use of the platform by the Customer and its authorized Users.

The functionalities of Simetrik AI are intended, among other purposes, to improve the user experience, support the understanding and interpretation of data, facilitate the configuration and operation of the Tool, and assist in operational and analytical tasks, without replacing human oversight or executing automated decisions with legal or similarly significant adverse effects.

For illustrative and non-limiting purposes only, the functionalities enabled by Simetrik AI may include:

• Contextual and documentation assistance, through guides, explanations, and references based on the Help Center, Simetrik Academy, and other internal resources.
• Support in the analysis and interpretation of data within the Customer’s workspace, including descriptions, explanations, and suggestions aimed at facilitating the understanding of financial or operational information.
• Support in the configuration of rules, formulas, and transformations, including suggestions, autocomplete, and technical recommendations.
  Conversational interactions within the application, intended to provide explanations, recommendations, and operational assistance.
• Assistance in the extraction, organization, classification, and mapping of data to internal schemas of the Tool, including functionalities commonly referred to as “Smart Parser.”
• Monitoring and operational support, intended to alert, suggest, or assist in reconciliation processes, configuration, and use of the Tool.
  

The functionalities of Simetrik AI may evolve, be modified, or be expanded over time as part of the continuous development of the Tool. The incorporation of new AI capabilities shall not require amendment of this Policy, provided that such functionalities maintain the characteristics, purposes, and limitations described herein and do not imply substantial changes in the nature of the processing of information or in the system’s level of risk.

For the generation of Outputs, Simetrik AI uses system metadata, internal documentation, and generative artificial intelligence models to produce Outputs. This involves the combination of technologies such as:

• Vector databases
• Information retrieval systems
• Machine learning models
• Large Language Models (LLMs), such as models provided by third parties (for example, OpenAI, Google, or other equivalent providers)

Simetrik does not develop or train general-purpose artificial intelligence (GPAI) models, but rather integrates models developed by third parties into its platform. Accordingly, the parameters, training processes, data used, and final behavior of such models are not controlled by Simetrik and are subject to the terms and policies of their respective providers.

5.1 Visual Identification of AI-Enabled Functionalities. 

For the purpose of promoting transparency toward Customers and Users, the functionalities of the Tool that incorporate or use Simetrik AI capabilities shall be identified in a clear and reasonable manner through distinctive visual elements defined by Simetrik (including, for illustrative and non-limiting purposes, icons, buttons, labels, or highlighted text). To facilitate the identification of functionalities that may incorporate AI, such visual elements shall be displayed in purple.

The purpose of these elements is to allow Users to immediately recognize when an interaction or functionality relies wholly or partially on Artificial Intelligence capabilities, without implying any modification of the obligations or responsibilities established in this Policy.

6. INFORMATION RESOURCES USED BY SIMETRIK AI

For the generation of Outputs, Simetrik AI uses a combination of internal information sources, contextual information from the usage environment, and, where applicable, information provided directly by the Customer or its Users, always in accordance with this Policy, Simetrik’s Data Processing Policy, and Simetrik’s Information Security and Privacy Policy.

The resources used by Simetrik AI are intended to support the operation, configuration, and understanding of the use of the Tool, without replacing human validation or constituting professional advice.

6.1 Internal and External Information Sources

Simetrik AI may use as reference:

1. Content from Simetrik’s Help Center.
2. Support materials, implementation guides, functional documentation, and best practices prepared by Simetrik.
3. Product definitions, functionality catalogs, and configuration schemas of the Tool.
4. Publicly available information on the web regarding general industry concepts, technical standards, or widely accepted notions, to the extent relevant to responding to an Input and without including the Customer’s confidential information.

These sources are used for informational and support purposes only and do not replace human validation or review by the Customer.

6.2 Contextual Information from the Usage Environment

Simetrik AI may use contextual information associated with the use of the Tool in order to generate Outputs that are relevant and consistent with the Customer’s operational context. Such contextual information may include, among other elements:

• General identifiers of the Customer and its authorized Users, such as the name of the Customer, its Users, and the associated company.
• Table schemas, including column names, data types, and structural relationships.
• Descriptions, labels, and metadata associated with use cases, reconciliation processes, and system configurations.
• System preferences, such as language settings, visible columns, configured views, or display options
• Contextual operational information, such as the status of a reconciliation, the last execution date or time, or process progress indicators.

6.3 Information Provided by the Customer or Users (Inputs and Data Samples)

In certain functionalities, Simetrik AI may use information provided directly by the Customer or its Users, including:

• Inputs expressly entered by the User (queries, instructions, questions, or descriptions).
• Representative samples of data uploaded into the Tool, such as sample column values, reference records, or limited subsets of information, used solely for the purpose of:
  • Supporting the interpretation of data,
  • Suggesting configurations, rules, or mappings,
  • Facilitating the understanding of the structure or schema of the information, or
  • Generating Outputs contextualized to the Customer’s environment.

Where technically feasible, such data samples may be processed using anonymization or pseudonymization techniques. Under no circumstances shall these samples be used to train third-party foundational models or for purposes other than providing the service within the Tool, unless expressly agreed otherwise.

As a fundamental principle of privacy and data protection, Simetrik does not use the Customer’s Inputs or data samples to train, retrain, or improve third-party foundational models, nor Simetrik’s own models, unless there is a prior, express, and written agreement with the Customer.

Inputs and data samples are used exclusively for the provision of Simetrik AI functionalities within the Tool and are not employed for other purposes, such as general model training, commercial profiling, or independent reuse.

6.4 Safeguards and Limitations

The Customer acknowledges that:

1. The quality, accuracy, and suitability of the Outputs may depend on the quality, completeness, and accuracy of the information provided by the Customer or its Users. Simetrik shall not be responsible for erroneous Outputs resulting from incorrect, insufficient, or outdated Inputs.
2. Simetrik AI uses the information described in this Section exclusively for operational, functional, and support purposes within the Tool.
3. Where the use of Simetrik AI involves the processing of Personal Data, such processing shall be carried out in accordance with applicable law and Simetrik’s Corporate Policies regarding information security and personal data protection.

7. USE AND MONITORING OF DATA BY SIMETRIK

Simetrik may:

1. Monitor Inputs and Outputs
   For the purpose of supervising, preventing, and/or investigating abusive, unlawful, harmful, or unauthorized uses of Simetrik AI.
2. Improve and develop AI functionalities
   Simetrik may collect interaction data (including Inputs and Outputs) in order to:
   • Improve the performance and accuracy of the system.
   • Develop new AI functionalities.
   • Strengthen security, traceability, and abuse detection mechanisms.

Where Personal Data is involved, such processing shall be carried out in accordance with applicable law. Where required by law, Simetrik shall provide a reasonable opt-out mechanism for purposes of improving internal models. The foregoing shall apply unless otherwise agreed between Simetrik and the Customer.

3. Retain technical records
   Simetrik may retain technical records of interactions with Simetrik AI in compliance with traceability, audit, security, and other applicable regulatory requirements.

8. THIRD-PARTY SERVICES AND SUBPROCESSORS

8.1 Third Party Services

Simetrik AI may integrate or make use of Third-Party Services, including GPAI models, to enable artificial intelligence capabilities. The use of such Third-Party Services is carried out within the framework of:

1. Simetrik’s Terms and Conditions,
2. Simetrik’s Personal Data Processing Policy, and
3. Simetrik’s Information Security and Privacy Policy.

The Customer and its Users acknowledge and agree that:

• Third-Party Services are subject to the terms and policies of their respective providers.
• Simetrik does not control the final behavior of such foundational models.

8.2 Subprocessors

The Customer and its Users acknowledge and agree that Simetrik AI will use Subprocessors for its operation. The relationships with such Subprocessors are governed by Simetrik’s Corporate Policies and the corresponding data processing agreements.

9. PROHIBITED USES

The Customer and its Users may not:

1. Process special categories of Personal Data (for example, health data, biometric data, sexual orientation, political affiliation, or trade union membership, among others), unless there is a valid legal basis and express contractual authorization.
2. Enter Inputs containing highly sensitive information, confidential information, or trade secrets of the Customer or third parties that are not strictly necessary for the use of the Tool.
3. Use Simetrik AI to make automated decisions that produce legal or similarly significant adverse effects on individuals or entities (for example, determination of creditworthiness, employment decisions, risk assessments, or access to essential services).
4. Attempt reverse engineering, parameter extraction, decompilation, or unauthorized manipulation of the models used by Simetrik AI.
5. Use the system to develop competing models or train external systems, unless expressly authorized in writing by Simetrik.
6. Generate content that infringes intellectual property rights, privacy rights, data protection laws, or any other rights of third parties.
7. Use Simetrik AI in a manner contrary to applicable laws or regulations, Simetrik’s Terms and Conditions, or this Policy.

Simetrik may, at its discretion, suspend or disable access to Simetrik AI in the event of detection or reasonable suspicion of a breach of this Policy.

10. OBLIGATIONS OF THE CLIENT AND USERS

El Cliente y sus Usuarios reconocen y aceptan que:

1. They are fully responsible for the Inputs they provide and for any decisions, actions, or omissions taken based on the Outputs.
2. The Outputs generated are for informational purposes only and do not constitute professional advice (legal, financial, accounting, regulatory, or otherwise).
3. They must review and validate the Outputs before using them in environments that may have significant contractual, financial, legal, or compliance effects.
4. They may receive Outputs similar to those generated for other users or third parties, without creating any right of exclusivity or claim
5. They are responsible for ensuring that Inputs and Outputs do not infringe third-party rights or applicable laws.
6. The use of Simetrik AI constitutes an additional functionality that does not modify the scope, conditions, or economic obligations of the primary contracted service.
   

11. LIMITATIONS OF SIMETRIK AI

Simetrik AI is based on generative artificial intelligence and machine learning models of a probabilistic nature. The Customer acknowledges and agrees that such technologies present inherent limitations, which do not, in and of themselves, constitute a breach of the service levels (SLA) applicable to Simetrik’s primary service.

11.1 General Limitations (LLM)

Like any system based on LLMs, Simetrik AI inherits the limitations of its underlying technology, including, among others:

• Hallucinations: Outputs may be incorrect, incomplete, inaccurate, or based on non-existent information, even when they appear coherent.
• Bias: Models may contain biases derived from the training data used by GPAI providers.
• Limited context: The system does not “understand” context in the way a human does and may interpret queries literally or partially.
• Prompt sensitivity: Small variations in how a question is phrased may produce different Outputs.
• Technical limitations: There are restrictions in semantic search, in the generation of complex queries (for example, SQL), and in the understanding of the Customer’s internal hierarchies.

11.2 Operational and Third-Party Limitations

Due to the probabilistic nature of generative AI and its integration with Third-Party Services:

• The performance, availability, or behavior of Simetrik AI may present unexpected variations.
• The models do not maintain persistent memory of the Customer or its Users beyond what is necessary for the immediate context.
• The models do not interpret or apply the Customer’s internal policies or organizational structures.
• It is not always possible to fully and transparently explain the internal logic used to generate an Output (lack of full explainability).

Consequently, any recommendation generated by Simetrik AI must be reviewed and validated by competent human personnel before being applied in sensitive environments.

11.3 Specific Limitations of Simetrik AI

In addition to the foregoing, the following specific limitations apply:

• Content availability: Response capabilities depend on the content available in the Help Center, existing documentation, and metadata. If these resources are limited or outdated, Outputs may be unsatisfactory.
• Input sensitivity: A slight change in the wording of a question may transform an “I don’t know” into a correct Output (or vice versa).
• Semantic search restrictions: The effectiveness of semantic search is influenced by the quality and structure of the knowledge base.
• SQL query generation: The system attempts to construct SQL queries based on metadata and sample data and may experience difficulties with complex queries or unforeseen scenarios.
• User and Company context: The system uses contextual data (such as user names, company names, etc.) but lacks a deep understanding of internal relationships or hierarchies, which may affect the relevance of Outputs.

12. INTELLECTUAL PROPERTY

The Customer acknowledges that Simetrik AI constitutes an additional functionality of the Tool and that:

1. The use of Simetrik does not confer any additional intellectual property rights upon the Customer or the Users.
2. All intellectual property associated with Simetrik AI — including, without limitation, its design, architecture, integration models, configurations, improvements, functionalities, algorithms, and technical or conceptual components — is and shall remain the exclusive property of Simetrik or its licensors.
3. The use of the Tool and Simetrik AI does not grant the Customer or any User any intellectual property rights other than those expressly granted under the agreements in force with Simetrik.

13. REGULATORY COMPLIANCE (UE AND EE. UU.)

In the context of the EU AI Act and applicable U.S. regulatory guidance:

1. The Customer and its Users acknowledge that they are interacting with a generative AI system.
2. Simetrik may retain records of interactions with Simetrik AI for purposes of traceability, audit, security, and compliance.
3. Simetrik AI must not be used for processes that may be classified as high-risk under the EU AI Act without prior evaluation and specific agreement with Simetrik.
4. Simetrik AI does not perform automated decisions with legal or similarly significant effects on individuals; any such use shall be the sole responsibility of the Customer and must include human oversight.
5. Simetrik does not control the training or parameters of the GPAI models used.
6. The Customer and its Users are responsible for ensuring that Inputs and Outputs do not infringe third-party rights or applicable laws.
7. The Customer and/or its Users must promptly report to Simetrik any incidents or anomalous system behavior that may involve significant risks.

14. WARRANTIES DISCLAIMER

Simetrik AI is provided to the Customer and its Users “as is” and “as available,” without any warranties of any kind, whether express or implied. Without limiting the foregoing, Simetrik does not warrant that Simetrik AI:

1. Will operate without interruptions, errors, delays, or defects.
2. Will generate Outputs that are accurate, complete, current, free of bias, lawful, or suitable for a particular purpose.
3. Will meet the specific requirements of the Customer or its Users, or comply with technical, legal, regulatory, or business standards applicable to the Customer.

Simetrik expressly disclaims any implied warranties, including, without limitation, warranties of merchantability, fitness for a particular purpose, non-infringement of third-party rights, accuracy, performance, quality, or reliability.

15. DISCLAIMER REGARDING THE OPERATION AND SCOPE OF SIMETRIK AI

Simetrik AI is offered as a support tool, and its Outputs are automatically generated based on artificial intelligence models that may present errors, inconsistencies, or incomplete information. Outputs must not be interpreted as professional advice nor used as the sole basis for financial, legal, operational, or compliance decisions.

The Customer and its Users are responsible for reviewing and validating any Output before applying it in their operations. Simetrik does not guarantee that Outputs will be accurate, free from bias, current, or suitable for the Customer’s specific needs, nor that Simetrik AI will operate uninterrupted or without errors.

Simetrik shall not be responsible for the behavior or limitations of third-party artificial intelligence models integrated into Simetrik AI.

To the maximum extent permitted by law, Simetrik shall not be liable for indirect, consequential, or any damages arising from the use of or reliance on Outputs generated by Simetrik AI.

16. MODIFICATIONS

Simetrik may modify this Policy, or terminate it in whole or in part, at any time and at its sole discretion. Where modifications are material, Simetrik shall make reasonable efforts to notify the Customer.

Continued use of Simetrik AI after the effective date of the modifications shall constitute acceptance of such modifications.

17. GENERAL PROVISIONS

1. Governing Terms. The Customer and its Users declare that: (i) they have read, understood, and accepted this Policy; (ii) they have not relied on any representations or warranties other than those expressly set forth herein in deciding to use Simetrik AI; (iii) the Users have the Customer’s authorization to accept these terms on behalf of the Customer and in their own name, as applicable; and (iv) in the event of any conflict between this Policy and Simetrik’s Terms and Conditions with respect to the use of AI, this Policy shall prevail solely with respect to matters specifically related to Simetrik AI.
2. Existing Agreements. In the event the Customer has entered into an agreement for the provision of Simetrik’s services, such agreement shall remain fully applicable and shall also govern the use of Simetrik AI. In the event of any inconsistency between this Policy and the Agreement, the provisions of the Agreement shall prevail.