Last updated: 23 May 2026

AI Usage Disclosure

Korrali is built on large language models. This page explains how we use them, what data is sent to model providers, how we handle outputs, and how we think about emerging AI regulation including the EU AI Act.

What AI does in Korrali

Large language models perform two functions inside Korrali:

Drafting answers to security, privacy, and AI governance questionnaires, grounded in the knowledge base you provide.
Drafting policies and governance documents (AI Usage Policy, Vendor Management Policy, etc.) from structured inputs in our Policy Generator.

AI is used to draft. Humans review and approve. Korrali outputs are starting points, not finished work product.

Model providers

Anthropic (primary): Claude Sonnet 4.6 by default; Claude Opus 4.7 for higher-stakes drafting (e.g., governance documents).
OpenAI (fallback): used only if Anthropic is unavailable, or for text embeddings used in knowledge retrieval.

What data is sent to model providers

Relevant excerpts from your knowledge base (only the chunks needed to answer the specific question).
The questionnaire text or governance prompt.
Prompt scaffolding (system instructions written by Korrali).

Data is sent at request time only. Korrali does not pre-load your knowledge base into any model.

Data retention by model providers

Both Anthropic and OpenAI contractually agree (in their API terms for paid usage) that:

They do not retain customer API content beyond what is needed to complete the request and meet abuse-monitoring obligations.
They do not use customer API content to train their models.

We rely on these provider commitments. We do not have additional zero-retention contracts at this time.

Confidence and citations

Every generated answer is labeled with a confidence level (High, Medium, Low) and may include citations pointing to specific knowledge base entries. When the knowledge base does not support an answer, Korrali says so explicitly rather than inventing one.

Human oversight

Korrali is designed around human-in-the-loop review. Answers and documents must be reviewed and approved by you (or your team) before they are exported or shared. Korrali does not auto-submit responses to customers.

Hallucination and accuracy

Large language models can produce confident-sounding text that is incorrect. We mitigate this through retrieval grounding (answers are based on your knowledge base, not the model's parametric memory), confidence scoring, and source citations. You are responsible for verifying outputs before relying on them.

EU AI Act and emerging regulation

The European Union AI Act (Regulation 2024/1689) is the first comprehensive AI regulation in a major market. Its general-purpose AI provisions and the bulk of its high-risk system obligations phase in through 2026 and 2027. Similar AI governance expectations are emerging in the United States (state-level), United Kingdom, and elsewhere.

Korrali helps AI-native companies prepare for and respond to the AI governance questions their enterprise customers are now asking — questions that increasingly mirror the documentation expectations set by the AI Act and analogous frameworks:

What AI systems do you use, and for what purpose?
How is customer data processed? What controls exist?
How do you handle hallucinations, bias, and harmful outputs?
What human oversight exists for AI-generated outputs?
What documentation supports your AI usage claims?

Korrali accelerates the workflow of answering these questions — drafting responses from your knowledge base, generating policy templates, and producing audit-formatted exports. Korrali does not certify compliance with the EU AI Act or any other framework. We are a workflow tool, not a compliance certifier or law firm. Have qualified counsel review your AI Act readiness independently.

Our own AI usage as a company

Korrali uses AI internally for product development assistance (code generation, documentation drafting). We do not use customer-uploaded knowledge bases or questionnaire content for any internal AI training, fine-tuning, or evaluation.

Contact

Questions about AI usage: privacy@korrali.com.

This page is informational. It is not legal advice. AI regulation is evolving rapidly — confirm specific obligations with qualified counsel for your jurisdiction.