Monitoring and Maintenance Policy

1. Continuous Monitoring

Aidenn's performance is monitored in real time. Key metrics include:

  • Diagnostic accuracy (precision/recall compared with human-engineer assessments).
  • Response time and latency.
  • User satisfaction scores.
  • Error rates across different property types, languages, and demographics.

Disparities in error rates will trigger investigation and remedial action.

2. Scheduled Audits

Quarterly audits are conducted to evaluate:

  • Model performance against baseline metrics.
  • Fairness across user groups.
  • Compliance with data protection and security policies.
  • Adherence to human oversight procedures (engineers confirm or override AI suggestions).

Results are documented and shared with the compliance team.

3. Incident Management

An incident-response plan is in place. When a model output causes or risks causing harm (e.g., misdiagnosed gas leak), operations staff must:

  1. Log the incident in the incident register.
  2. Notify the compliance team and suspend the model if necessary.
  3. Notify affected users if there is a risk to their safety.
  4. Conduct a root cause analysis and implement corrective measures.

4. Model Updates

  • Scheduled retraining: The model is re-trained at least once per year or when monitoring identifies performance drift.
  • Data quality checks: New training data must meet quality, consent, and diversity criteria. Sensitive data and protected attributes are excluded.
  • Version control: Each model version is documented with training data sources, performance metrics, and deployment date. Previous versions are retained for audit.

5. User Feedback & Complaints

  • Users can submit feedback via the app, or email.
  • Complaints about AI decisions will be acknowledged within 5 working days and resolved within 30 days, as required by the DUAA.
  • Complaints trigger a human re-evaluation of the relevant decision and may prompt model retraining or policy updates.

6. Data Retention

  • Call recordings and diagnostic data: Retained for 24 months or until the repair is resolved, whichever is later. Afterward they are anonymised or deleted unless a legal obligation requires longer storage.
  • Account data and invoices: Retained for six years to comply with contract and tax law.
  • Users may request deletion of their personal data at any time. Deletions or anonymisation are performed promptly.

7. Sub-processor Oversight

All subprocessors (e.g., Zapier, Twilio, Vonage, Mailgun, Microsoft) are assessed for compliance with UK GDPR, the DUAA, and the EU AI Act. Contracts include data processing agreements, confidentiality clauses, and audit rights. Compliance audits are performed annually.

8. Review

This policy is reviewed at least annually or whenever there are significant changes to the AI system, organisational structure, or legal requirements. Updates are documented and communicated to stakeholders.

This policy is effective as of 1st January 2024

This website uses cookies to ensure you get the best experience. Learn more