Governance Policy
Last updated: February 9, 2026
1. Our Commitment to Ethical Governance
Exelor is committed to transparent, accountable, and ethical governance in all aspects of our business operations. This policy outlines our principles for corporate governance, data stewardship, and responsible AI usage within the EAAF platform.
2. Core Governance Principles
2.1. Transparency
- Clear disclosure of data processing practices (see Privacy Policy)
- Open communication about platform capabilities and limitations
- Transparent pricing and service terms
2.2. Accountability
- Defined roles and responsibilities within Exelor leadership
- Regular internal audits of platform security and compliance
- Clear escalation paths for client concerns ([email protected])
2.3. Data Stewardship
- We act as a data processor for client business process data (BPMN, SOPs, integrations)
- Client data is never used to train third-party AI models without explicit consent
- All data processing complies with GDPR and applicable local regulations
- Data residency options available upon request (EU/US hosting)
2.4. Responsible AI Usage
- AI components in EAAF (process optimization, anomaly detection) are:
- Explainable: decisions can be audited via platform logs
- Human-in-the-loop: critical decisions require human approval
- Bias-tested: regular audits for fairness in process recommendations
- No fully autonomous decision-making affecting client business outcomes
3. Platform Governance Framework
EAAF provides clients with tools to implement process governance within their organizations:
| Capability | Governance Benefit |
|---|---|
| RBAC (Role-Based Access Control) | Ensures only authorized personnel access sensitive processes |
| Process versioning (BPMN/SOP) | Maintains audit trail of process changes |
| Digital maturity metrics | Enables data-driven governance decisions |
| Integration logging (n8n) | Full visibility into cross-system data flows |
| Compliance reporting | Supports internal/external audits |
Note: Implementation of process governance remains the client’s responsibility. Exelor provides tools and methodology but does not assume operational control over client processes.
4. Third-Party Risk Management
We maintain strict governance over partners who handle client data:
- Cloud providers (AWS/Google Cloud): ISO 27001 certified
- Payment processors (Stripe/PayPal): PCI DSS compliant
- Integration tools (n8n): vetted for security practices
- Regular security assessments of all subprocessors
5. Reporting Concerns
Suspected violations of this policy may be reported confidentially to:
📧 [email protected]
We investigate all reports within 10 business days and take corrective action where warranted.
6. Policy Updates
This policy is reviewed annually and updated to reflect:
- Changes in applicable regulations (GDPR, AI Act, etc.)
- Evolution of EAAF platform capabilities
- Client feedback and industry best practices
Last review: February 9, 2026
Next scheduled review: February 2027
Governance Policy
Last updated: February 9, 2026
1. Our Commitment to Ethical Governance
Exelor is committed to transparent, accountable, and ethical governance across all aspects of our business and platform operations. This Governance Policy outlines our principles for corporate conduct, responsible AI usage, data stewardship, and the governance capabilities embedded within the EAAF (Exelor AI Automation Framework) platform.
We believe that strong governance is not only a compliance requirement but a foundation for trust with our clients — especially small and medium businesses relying on EAAF to automate critical business processes.
2. Core Governance Principles
2.1. Transparency
- Clear disclosure of how client data is processed, stored, and protected (see our Privacy Policy)
- Open communication about platform capabilities, limitations, and AI decision boundaries
- Transparent pricing with no hidden fees or lock-in commitments
- Public documentation of security practices and incident response procedures
2.2. Accountability
- Defined leadership accountability: the Exelor management team is ultimately responsible for governance compliance
- Regular internal audits of platform security, data handling, and AI model performance
- Clear escalation paths for client concerns: [email protected] for operational issues; [email protected] for policy violations
- Annual third-party security assessments (SOC 2 Type II readiness roadmap in progress)
2.3. Data Stewardship
- Exelor acts as a data processor for client business process data (BPMN diagrams, SOPs, workflow configurations, integration logs)
- Client data is never used to train third-party AI models or improve services for other clients without explicit, opt-in consent
- All personal data processing complies with GDPR, CCPA, and applicable local regulations
- Data residency options available upon request (EU-hosted infrastructure via AWS Frankfurt / Google Cloud Belgium)
- Clients retain full ownership and portability of their process data at all times
2.4. Responsible AI Usage
The AI components within EAAF (process optimization suggestions, anomaly detection, workload forecasting) adhere to the following principles:
| Principle | Implementation in EAAF |
|---|---|
| Explainability | AI recommendations include source data references and confidence scores; full audit trail available in platform logs |
| Human-in-the-loop | No fully autonomous decisions affecting business outcomes; critical actions (e.g., payment approvals, contract changes) require explicit human confirmation |
| Bias mitigation | Regular fairness audits of AI suggestions across industry verticals and company sizes; feedback mechanism to report biased recommendations |
| Purpose limitation | AI models are trained exclusively on anonymized, aggregated platform usage patterns — never on client-specific business data without consent |
3. Platform Governance Capabilities for Clients
EAAF is designed to empower organizations to implement robust process governance within their own operations. Key capabilities include:
| Capability | Governance Benefit |
|---|---|
| RBAC (Role-Based Access Control) | Granular permissions ensure only authorized personnel access, modify, or execute sensitive processes |
| Process versioning (BPMN/SOP) | Full audit trail of all changes to process definitions with user attribution and timestamps |
| Digital maturity metrics | Objective, data-driven scoring enables governance committees to prioritize process improvements |
| Integration logging (n8n) | Complete visibility into cross-system data flows with retention policies aligned to client requirements |
| Compliance reporting | Pre-built templates for internal audits and regulatory evidence (e.g., ISO 9001, SOC 2) |
Important: While EAAF provides governance tools and methodology, the ultimate responsibility for process execution, compliance, and risk management remains with the client organization. Exelor does not assume operational control over client business processes.
4. Third-Party Risk Management
We maintain strict governance over partners and subprocessors who may access client data:
| Partner Category | Examples | Governance Requirements |
|---|---|---|
| Cloud infrastructure | AWS, Google Cloud | ISO 27001 certified; data processing agreements (DPAs) in place |
| Payment processors | Stripe, PayPal | PCI DSS Level 1 compliant; no storage of raw card data |
| Integration tools | n8n (self-hosted option available) | Security audits performed; vulnerability disclosure program active |
| Analytics & support | Mixpanel, Intercom | Anonymization of client data where possible; opt-out mechanisms provided |
All subprocessors undergo annual security reviews. A current list of subprocessors is available upon request to enterprise clients.
5. Reporting Concerns & Whistleblower Protection
Suspected violations of this policy — including security incidents, unethical AI behaviour, or data mishandling — may be reported confidentially to:
All reports are:
- Acknowledged within 3 business days
- Investigated by an independent governance committee within 10 business days
- Handled with strict confidentiality; whistleblowers are protected from retaliation
6. Policy Review & Updates
This policy is reviewed annually and updated to reflect:
- Evolving regulations (EU AI Act, national AI frameworks, GDPR amendments)
- Platform capability enhancements
- Client feedback and industry best practices (NIST AI RMF, ISO/IEC 42001)
Last review: February 9, 2026
Next scheduled review: February 2027
This Governance Policy applies to Exelor and the EAAF platform. It does not constitute a contractual commitment beyond the terms specified in your Service Agreement. For binding commitments, please refer to your contract with Exelor.