AI Governance Assessment Report (Summary)

Help me Fix's AI system (Aidenn) supports property-repair triage. It helps identify potential faults and collects information to assist human engineers. Because access to safe housing is a fundamental right, the service must ensure robust transparency and human oversight. The system's outputs do not determine whether a repair is carried out; final decisions remain with humans.

Help me Fix relies on user consent and recognised legitimate interests as legal bases for processing personal data. Under the UK Data (Use and Access) Act 2025 (DUAA), recognised legitimate interests include safeguarding and emergency response, which apply to property repairs. Users are informed about AI processing and can opt out and request a non-AI fallback.

• Privacy Risk: Recording video calls and storing them for six years may exceed necessity. Retention should be reduced (e.g., 24 months) with anonymisation applied.
• Bias & Fairness: Error rates may differ for tenants with limited English proficiency or disabilities. Provide multilingual support and accessible interfaces. Conduct fairness testing across property types and demographics.
• Security: Use strong access controls, encryption, and regular security audits.

Create a data inventory mapping personal data flows. Ensure high quality training datasets, document all subprocessors, and execute data processing agreements. Provide clear retention schedules and respond promptly to subject-access and deletion requests.

Publish the model card, governance report, and monitoring policy. Explain that Aidenn assists with diagnostics, describe data types used, retention periods, and the right to opt out of automated processing. Document human-oversight procedures.

• Continuous Monitoring: Track diagnostic accuracy, service quality, fairness, and complaint rates. Investigate disparities.
• Scheduled Audits: Conduct quarterly audits to evaluate performance, fairness, and compliance.
• Incident Management: Establish an incident-response plan for misdiagnoses or harmful outputs. Log incidents and notify affected users.
• Model Updates: Re-train the model annually or when performance drift is detected. Evaluate new training data for quality and diversity.
• User Feedback & Complaints: Provide accessible channels for feedback. Under the DUAA, respond to complaints within 30 days.
• Data Retention: Limit retention of call recordings and personal data to 24 months unless a legal obligation requires longer storage.
• Sub processor Oversight: Maintain contracts with subprocessors (e.g., Zapier, Twilio, Vonage, Mailgun, Microsoft) and audit compliance with data-protection laws.