Webdox Generative AI Usage Policy for Clients

Webdox, through Generative Artificial Intelligence (Generative AI), seeks to drive more efficient, secure and productive processes, as well as improve the experience of all its clients and users.

We recognize that Generative AI is a constantly evolving technology and that its adoption may raise concerns in certain sectors or specific areas. Therefore, Webdox establishes this external use policy, aligned with best practices and international standards, including the guidelines of ISO/IEC 42001:2023, with the aim of ensuring ethical, responsible and safe use of Generative AI.

In accordance with ISO/IEC 42001:2023, Webdox commits to:

• Implement an AI management system that ensures transparency, fairness and traceability in its Generative AI applications.
• Adopt mechanisms for risk management, mitigating biases and ensuring data security and client privacy.
• Promote responsibility and accountability in the use of Generative AI, ensuring that its implementation aligns with organizational values and applicable regulatory frameworks.
• Foster understanding and training of clients in the appropriate use of AI tools, mitigating risks and maximizing their value.

For this purpose, our clients may have access to one or more tools developed, protected and supported by Webdox, called "Webdox AI Products", which integrate Generative AI in a secure and ethical manner. These tools are designed to comply with the security, privacy and control standards recommended by ISO/IEC 42001:2023 and current legislation on data protection and use of Artificial Intelligence, providing clients with a reliable and secure environment for the use of this technology.

To ensure continuous improvement, Webdox allows Users to rate the results generated by AI directly on the platform. These ratings are integrated into an internal analysis panel that allows identifying and mitigating possible errors or biases, optimizing system precision.

This policy applies to the interaction of all clients and authorized users with all functionalities that form part of the "Webdox AI Products" ecosystem (hereinafter, "AI Users"), as well as all processes within the base functionalities of WebdoxCLM's Cloud Service that incorporate Artificial Intelligence technologies. This scope may include:

• Services, platforms and Generative AI products available to certain Clients;
• Automations within WebdoxCLM's Cloud Service;
• Monitoring and technical support of "Webdox AI Products" functionalities;
• The results of the interaction between AI Users and the functionalities of "Webdox AI Products";

Everything relating to the exercise of Rights associated with the Protection of Personal Data of Data Subjects and Personal Data Controllers, within the scope described in this section, will be reviewed in accordance with the WebdoxCLM Privacy Policy (https://www.webdoxclm.com/en/privacidad).

Webdox commits to ensuring that all its Generative AI functionalities operate under the following guidelines:

• Ethics: Promote responsible and lawful use through clear parameters on permitted and prohibited applications, as well as restrictions within the functionality.
• Transparency: AI Users may request access to reports on usage data they have generated through interactions with Webdox AI Products functionalities. To ensure continuous improvement, Webdox allows Users to rate the results generated by AI directly on the platform. These ratings are integrated into an internal analysis panel that allows identifying and mitigating possible errors or biases, optimizing system precision.
• Security: Protect AI Users' data against unauthorized access, losses or alterations, in accordance with the controls established by ISO/IEC 27001:2022, in which Webdox is certified.
• Compliance: Align the use of Generative AI with applicable laws and international standards, such as GDPR and local data protection and AI usage legislation.
• Traceability: Enable tracking of activities associated with AI use.
• Continuous Improvement: Regularly evaluate and update tools to maximize their effectiveness and minimize risks. This includes semi-annual vulnerability reviews, external and internal audits, along with periodic training for Grupo Webdox collaborators and AI Users.

The AI User has the responsibility to ensure and oversee compliance with this Policy and the Law, in addition to carefully validating the generated content before its application, communication, notification or implementation, particularly in contractual or decision-making documents.

Webdox AI Products may only be used for lawful, legal purposes established in the respective technical description of Webdox Material provided by Webdox to the client regardless of the means of dissemination.

Access to and use of Webdox AI Products functionalities is conditioned on the acceptance and compliance with the Terms and Annexes of Webdox's Service Contract specified in this document, as well as those establishing the responsibilities, restrictions and ethical guidelines applicable to the use of such functionalities.

Webdox may update the tools according to the development roadmap, so the obligations, responsibilities, principles, limitations and scope of this Policy may be updated in accordance with new Webdox AI Products functionalities.

The use of the tools is strictly prohibited for:

• Generating illegal, illicit, misleading, defamatory, discriminatory content or content that infringes intellectual or industrial property rights or personal rights of any third party to the relationship between Webdox and its Clients.
• Promoting misinformation, hatred or illegal activities.
• Impersonating identities or violating the privacy of third parties.
• Making critical decisions without adequate human supervision, such as financial or legal approvals.
• Using the Services in a way that infringes, misappropriates or violates the rights of any natural or legal person.
• Attempting or helping someone to reverse engineer, decompile or discover the source code or underlying components of Webdox AI Products functionalities, including our models, algorithms or systems.
• Representing that an output was generated by a human when it was not.
• Interfering with or disrupting any of Webdox's Services, including circumventing any usage limits or restrictions, or bypassing any security protection or mitigation measures we implement in our Services.
• Generating any type of illegal content, including defamation, incitement to violence, discrimination, child pornography and other content that violates local and international laws.
• Impersonating identities and generating content that claims to be created by a different person or entity than the real one, which could lead to identity theft.
• Generating content used to harass, intimidate or defame individuals or groups.
• Accessing, collecting or processing personal information unethically or without adequate consent.
• Generating inappropriate content such as sexually explicit, violent or disturbing in nature.
• Conducting misleading advertising by generating content used to promote products or services fraudulently.
• Manipulating opinions through generating content designed to manipulate public opinions or influence political elections dishonestly.
• Engaging in illegal activities by generating content that promotes or facilitates illegal activities, such as hacking, illegal drug sales or incitement to terrorism.
• Generating content that breaches computer security systems, stealing data or performing similar activities.
• Using the tool to create or enhance security threats, whether at a digital or physical level.
• Using the Webdox AI Products tool for the development of autonomous weapons or systems that can cause indiscriminate harm.
• Using it for purposes not contemplated in the technical description of the Webdox AI Products tool.
• Allowing the Webdox AI Products tool to make critical decisions without adequate human supervision, especially where ethical judgment or human understanding context is required.

Using the result of the interaction between the AI User and the Webdox AI Products functionalities to configure, train or create any other model that competes with Webdox or the mentioned functionalities.

AI users of Webdox AI Products must respect and protect intellectual property rights, both internally and externally.

The unauthorized use of copyright-protected material or the creation of content that infringes the intellectual property of others is strictly prohibited.

AI Users will retain the Intellectual and Industrial Property of their interactions with Webdox AI Products functionalities. Given the nature of the functionalities and of Artificial Intelligence in general, other AI Users may receive similar interactions to each other; the assignment of Intellectual Property Rights does not extend to third parties.

Webdox may use the content of such interactions solely to maintain, improve, update or develop Webdox AI Products functionalities and to comply with these Usage Policies, as well as all applicable laws to the Services provided by Webdox.

If the AI User does not want their interaction with the functionalities to be used to train our Webdox AI Products functionalities, they may request this through the following email address: ia@webdoxclm.com.

AI Users of Webdox AI Products are responsible for ensuring that the generated content produced with generative AI aligns with the organization's values, ethics and quality standards. Generated content must not be used if it is misleading, harmful, offensive or discriminatory. In case of doubt, contact ia@webdoxclm.com, without prejudice to this possibly limiting our Service's ability to provide support for the functionalities or to understand the use cases applicable to the AI user's needs.

As mentioned at the beginning of these Policies, the field of Artificial Intelligence is constantly evolving; without prejudice to Webdox's efforts to continuously improve Webdox AI Products functionalities, these, given their probabilistic nature, may contain interactions that do not accurately reflect descriptions, places, situations, text identifications, languages or facts.

4.4.1 Responsible Use of Webdox AI Products in Contract Management

Contract Content Generation: Users must carefully review and validate the contractual content generated by the Webdox AI Products tool before its use and/or final acceptance.  It is the AI user's responsibility to ensure that generated contracts comply with applicable laws and regulations. Webdox will not provide legal advice under any circumstances.  Content generated by Webdox AI Products is a support suggestion and is based on probabilistic models.

Non-Discrimination in Contracts: The use of Webdox AI Products tools to generate contracts that cause discrimination, directly or indirectly, or that infringe labor rights, fundamental rights or human rights is not permitted.

At Webdox, we are committed to maintaining transparent communication with our clients regarding the operation of AI tools, providing general information about key technical aspects when required.

Through the AI product, clients may make inquiries on topics such as the platform architecture or system versions, always within the limits that safeguard the security, integrity and confidentiality of our technological infrastructure.

It is important to note that, although complete coverage of all technical requests is not guaranteed, clear and guiding responses will be sought that allow clients to better understand the technological environment of our tools.

Access to Webdox AI Products is limited exclusively to clients with an active subscription to the Webdox Cloud Service, who may use the tool through a single session, without the need for additional configurations. Any other unauthorized individual is prohibited from accessing Webdox AI Products.

Each client will be responsible for the use they make of their session and must ensure that access to the tools is carried out in accordance with the accepted terms and conditions. Sharing access credentials or allowing unauthorized third parties to use the tools on their behalf is not permitted.

Webdox provides a secure environment for the use of Webdox AI Products, ensuring that the infrastructure and access mechanisms comply with appropriate security standards. The platform is designed to operate with data protection and privacy safeguard measures, without requiring additional configurations from the client.

The AI User can access the Webdox AI Products tool directly from the Webdox Cloud Service, either through the document repository, workflows or any other platform feature that has AI tools enabled. More information on how to access at: https://soporte.webdoxclm.com/.

Webdox prioritizes the protection of its clients' data through:

• Temporary use and storage: Data is processed exclusively during the active session and deleted once the session ends. Data requiring retention due to application use will remain associated with each user's account. This process is audited to ensure compliance; for its part, data associated with each account is deleted within a maximum period of 30 days.
• Encryption: All data transmission uses TLS 1.2 protocols or higher, ensuring its confidentiality and integrity.
• Secure environments: Implementation of isolated environments with role-based access controls and multi-factor authentication (MFA).
• Secure deletion: Temporary data is automatically and securely deleted after completing the session.
• Shared responsibility: Webdox and its clients collaborate to ensure compliance with data protection standards.
• ISO Compliance: Webdox applies information security best practices based on ISO/IEC 27001, 27701 and 27018 standards, ensuring risk management, protection of confidentiality, integrity and availability of data processed through its tools.

The information collected is handled in accordance with our Privacy Policy, available on our official website https://www.webdoxclm.com/en/privacidad.

AI Users are responsible for ensuring that the data provided for contract management is accurate or at least adequate and complies with all applicable laws and regulations, understanding that AI results are support suggestions and do not constitute legal advice. All system output must be reviewed and validated by a qualified legal professional before making binding decisions or performing legal acts based on such information.

Webdox AI Products process only the information uploaded by the user and do not modify or store data outside the context of the service. Their function is to read and analyze the information provided to generate the expected results, so the truthfulness, completeness and accuracy of the data entered depend exclusively on the user.

Appropriate logging and auditing mechanisms will be implemented to capture activities related to generative AI use. These records must be regularly reviewed to detect and respond to any suspicious or unauthorized activity. This task will be performed by Webdox's technology team.

From the outset, the AI User of Webdox AI Products authorizes the review of their activity in Webdox AI Products for statistical usage purposes and future functionality improvements.

Any security incident related to Webdox AI Products must be reported immediately to the designated team through official support channels or to Soporte@webdoxclm.com. Reports will activate a rapid response protocol to mitigate the impact and resolve the situation.

Periodic vulnerability assessments and security testing must be conducted on Webdox AI Products to identify and address any security weakness or vulnerability in accordance with Webdox's vulnerability management policy, which includes quarterly review, daily scanning, secure development and other measures.

Webdox implements a continuous risk management process to:

• Identify, assess and mitigate technical, ethical and legal risks.
• Conduct AI impact assessments (AIA) to ensure the safety and reliability of the tools.
• Regularly review and update tools to align with industry best practices.

Webdox AI Users and third parties accessing Webdox AI Products will have training materials available on the responsible and safe use of generative AI. Training may be provided through various means such as content capsules, online courses, digital materials available to Webdox AI Products users.

Although training is not mandatory, it is suggested to be reviewed by AI Users as it will cover topics such as ethical considerations, potential risks, security best practices and compliance requirements, which are necessary for appropriate use of generative artificial intelligence.

Periodic awareness campaigns and communications must be carried out to reinforce the importance of cybersecurity, responsible use of AI and compliance with this policy, which will be led by Webdox's Security team.

Non-compliance with this policy may be understood as a material breach of the Webdox Cloud Service Subscription Agreement and may result in disciplinary measures depending on the severity of the breach, ranging from:

• Investigation and audit: Conduct an internal investigation and audit to assess the extent of the ethical violation and ensure that appropriate corrective measures are taken.
• Suspension of access to Webdox AI Products for the offending AI User: Temporarily suspend access to the AI tool for the offending AI User(s), in cases of serious ethical violations by them. Until the Client demonstrates the application of necessary guarantee measures to ensure the risk no longer exists.
• Mandatory Training: Require the Client to provide mandatory AI ethics training to their staff before fully restoring access.
• Contract Review: Eventually and in cases of repeated risks or non-compliance by the Client, Webdox may conduct a contract review with the Client to incorporate additional measures of ethical compliance and accountability.
• Legal Liability: Reserve the right to take legal action and apply penalties if ethical violations result in significant legal consequences or harm to third parties.

Webdox may update the tools according to the development roadmap, so the obligations, responsibilities, principles, limitations and scope of this Policy may be updated in accordance with new Webdox AI Products functionalities.

This policy will be periodically reviewed and updated to ensure its currency and alignment with technological, legal and regulatory advances. Updates will be notified through official channels.

Contact: For inquiries or more information, contact soporte@webdoxclm.com.