AI Governance

Version: 1.0

January 2026

1. Overview

Aurora Coach is an AI-powered coaching platform for software engineering teams. We use AI to remove the analytical friction that stops improvement before it starts—helping teams identify growth opportunities and take practical next steps.

This document provides AI-specific governance information for AI governance committees, InfoSec, and compliance teams. For complete legal terms, see our Terms of Service, Data Processing Agreement, and Sub-processors list.

2. AI Provider & Models

Provider Anthropic

Current Model Claude Sonnet 4.5

Supported Models Claude Haiku 4.5, Claude Sonnet 4.5, Claude Opus 4.5, Claude Opus 4.6

Communication Server-side only—API keys never reach the browser

Data Region US (Anthropic API)

Training Policy Anthropic does not use API data for model training

Model selection is centralized—changes require a code deployment with no runtime switching or per-user model selection. See our Sub-processors page for the current list of AI providers.

3. What Data Reaches the AI

Never Sent to Anthropic

Email addresses
Passwords or credentials
Phone numbers
IP addresses or session data
Payment information
Any personally identifiable information we store

What Is Sent

Data Type What's Included Privacy Note

Category information Names and descriptions of coaching areas No personal data

Team context Team name, methodology description Organizational identifiers only

Coaching conversations Messages you type during sessions User-provided content only

Analysis results Aggregated strengths and opportunities Team-level, not individual

Improvement items Actions your team has committed to Operational data only

Session context Prior coaching insights used for continuity No personal data; team-level only

Key Principle

Users are always the source of any identifying content. Aurora Coach never programmatically injects names, emails, or personal profile data into AI prompts.

4. Data Flow

Your Browser

HTTPS

Aurora Coach Server Your Data (tenant-isolated)

HTTPS

Anthropic API Zero Retention

Your browser never communicates directly with Anthropic. All AI interactions go through our server, which handles authentication, validation, and tenant isolation before any data moves.

5. AI Model Training

Party Training on Your Data? Details

Anthropic No Data not used for training, not retained after processing

Aurora Coach Limited May train on aggregated, anonymized data only

See Terms of Service Section 6.3 and our DPA for complete details on data usage.

6. EU AI Act Classification

Aurora Coach is designed with privacy-preserving architecture:

Team Analytics: Performance metrics visible to administrators are aggregated at the team level—they do not identify, score, or evaluate individual employees
Individual Coaching: AI coaching interactions are confidential and not visible to managers or other users

Based on this architecture, Aurora Coach is not classified as a high-risk AI system under EU AI Act Annex III, Category 4 (Employment). The Service does not monitor or evaluate individual employee performance, make decisions affecting individual employment terms, or profile individuals for employment purposes. See Terms of Service Section 11.6 for complete details.

7. Security & Audit

Control Implementation

Tenant Isolation Database-level enforcement—cross-tenant access architecturally impossible

Authentication Every AI request requires an authenticated session

Audit Trail AI interactions logged internally for security and compliance

Content Safety Anthropic's content filters active; refusals handled gracefully

8. Frequently Asked Questions

Does Anthropic retain our data?

No. Per Anthropic's API terms, data is not retained after processing and is not used for model training.

Can one organization's data leak to another?

No. Tenant isolation is enforced in several layers, including the database level. The AI only receives data from the authenticated user's organization.

Can we audit AI interactions?

AI interactions are logged internally for security and compliance purposes. Logs can be made available upon reasonable request to support legal or regulatory audit requirements.

Where can we learn more about Anthropic's practices?

Visit the Anthropic Trust Center.

9. Contact

For governance and compliance inquiries: [email protected]

General inquiries: [email protected]