AI Policy

1. No Model Training on Your Data

Flarelight does not train, fine-tune, or develop its own AI models. We use off-the-shelf language models provided by third-party AI services—currently OpenAI GPT models accessed via Microsoft Azure AI Studio.

Your data is never used to train, improve, or influence any AI model. Flarelight has no arrangement with any AI provider that permits the use of customer data for model training purposes.

2. AI Provider

AI capabilities in Flarelight are powered by OpenAI language models (e.g. GPT-5) accessed through Microsoft Azure AI Studio. This means all AI requests are routed through Microsoft's enterprise-grade Azure infrastructure, subject to Microsoft's data protection commitments and not through OpenAI's public API.

Microsoft Azure AI Studio does not use data submitted through the Azure OpenAI Service to train or improve Microsoft or OpenAI models.

3. What Data Is Sent to AI

Flarelight never sends raw user data to any AI service. When the AI assistant processes a request, only the following structured metadata is included:

• Resource identifiers: IDs used to reference datasets, reports, or configurations
• Resource names and descriptions: Human-readable labels you have assigned to your resources
• Configuration metadata: Settings and structure of relevant resources
• Data schema: Column names, types, and structure where required to plan or execute a workflow—not the underlying data values
• Your prompt: The natural-language request you submit to the assistant
• Chat context: Prior messages in the current session, used to maintain continuity within that conversation

The actual contents of your datasets—rows, values, records—are never included in AI requests.

4. How the AI Assistant Executes Actions

The Flarelight AI assistant can execute actions within the platform on your behalf—such as creating datasets, merging imports, generating dashboards, or configuring workflows. All of this happens within clearly defined boundaries:

• Subscription tier: The assistant can only perform actions available within your current subscription plan. Features not included in your plan cannot be accessed or triggered.
• Platform permissions: Your role-based platform permissions are passed to the assistant as context. The assistant will not attempt actions your account is not permitted to perform.
• Resource access permissions: Access to specific resources (datasets, reports, configurations) is governed by your individual resource-level permissions. The assistant operates only on resources you have access to.

Permission context is provided to the assistant to guide its planning. However, all actions are independently enforced by Flarelight's backend. Even if the assistant were to generate a command outside your permitted scope, the backend would reject it. AI context is a guide—backend enforcement is the guarantee.

5. Data Isolation

AI requests are scoped to your subscription. The assistant has no visibility into other users' data, resources, or workspaces. Requests are processed in isolation and context is not persisted between separate sessions.

6. No Autonomous or Unrestricted Access

The AI assistant does not have unrestricted access to your data or your Flarelight workspace. It can only act on what you explicitly request, within the scope of what you are authorised to do. It cannot browse, read, or export data outside of a direct user-initiated request.

7. Changes to This Policy

We may update this AI Policy as our use of AI technology evolves. Any material changes will be posted on this page with an updated date. We encourage you to review this page periodically.