LLM Usage Policy

Effective Date: November 2025

  1. Purpose and Context
    This policy defines Validfor OÜ’s principles for the responsible and compliant use of Large Language Models (LLMs) in connection with our digital validation and lifecycle management solutions.
    Validfor leverages LLM technologies to improve user experience, document consistency, and process automation always under strict human supervision, with full respect for privacy, data integrity, and regulatory compliance.
  2. Data Privacy and Confidentiality
    Validfor places the highest priority on protecting customer and personal data.
    All information processed through LLM-enabled features is handled securely and in accordance with theValidfor Privacy Policyand applicable data protection laws, including GDPR.
  • Data provided by users through LLM tools is processed exclusively within secure, validated environments.
  • Inputs and outputs are never shared with external AI providers or public APIs.
  • Validfor’s LLM capabilities operate throughprivate enterprise instances or on-premise models that ensure complete confidentiality.
  1. Purpose and Limitations of Data Use
    Data processed via LLM-assisted tools is used only to deliver the specific functionality requested by the user, for example, generating documentation drafts, summarizing data, or performing linguistic analysis.
    Validfor doesnotuse this data to retrain, fine-tune, or otherwise modify the behavior of LLMs.
    All processed content remains isolated within the client’s own environment and is retained only as necessary to fulfill operational or contractual obligations.
  2. Human Oversight and Review
    To guarantee accuracy, compliance, and reliability, all AI-generated content is subject to expert human review before being used in any official or client-facing capacity.
    Qualified personnel validate outputs for:
  • Factual accuracy and contextual relevance
  • Absence of bias or misleading information
  • Compliance with internal validation and documentation standards

LLMs at Validfor function exclusively as assistive tools, never as autonomous decision-makers.

  1. Customer Data Exclusion from Model Training
    Validfor ensures that customer data isneverused for LLM training, reinforcement, or dataset enrichment.
    Our AI models are pre-trained on publicly available or ethically licensed datasets only.
    No proprietary or regulated client information contributes to the creation, optimization, or refinement of any Validfor AI component.
  2. Security and Regulatory Compliance
    All LLM-related activities are governed by Validfor’s internalInformation Security Management System (ISMS)and subject to regular audits.
    We apply:
  • Encryption for data in transit and at rest
  • Role-based access control and session logging
  • Continuous monitoring for data leaks or unauthorized access
  • Validation and change control consistent with GAMP 5, Annex 11, and 21 CFR Part 11

These controls ensure that LLM implementations operate safely within regulated environments.

  1. Continuous Review and Updates
    As AI technologies evolve, Validfor will periodically update this policy to reflect emerging standards and regulatory expectations.
    Any material changes will be communicated to users through official channels.
    Continued use of LLM-enabled features after such updates constitutes acceptance of the revised policy.
  2. Questions and Contact
    For inquiries about Validfor’s LLM practices, compliance documentation, or security measures, please contact:
    compliance@validfor.com

Validfor OÜ
Harju maakond, Kesklinna linnaosa, Viru väljak 2, 3. korrus, Tallinn 10111, Estonia