You already use AI. Do you know the right questions to ask?
Most offices already use AI, sometimes without really deciding to. But no one addresses the questions that matter: what is realistic, and how to stay protected. This is the part of our work that comes before any tool.
You already use AI, every day or now and then
With consumer versions and no professional contract, what you paste in leaves any GDPR framework, often outside the EU. And it is the person who pasted it who carries the responsibility, not the tool. For client or project data, that is not trivial. Nothing to ban for all that: what matters is knowing where your data goes and having the right framework in place.
It depends on the version. On contractual offerings and professional APIs, using your data to train the models is generally excluded by contract. On free consumer versions, often not. The first useful reflex is to know which one you are using.
Yes, always. An AI produces drafts, not decisions, and it sometimes gets things wrong without flagging it. A human review is what makes the rest reliable.
The European framework on AI expects staff who use these tools to have a suitable understanding of them, proportionate to your use. The precise terms are still evolving at the European level. In practice, for a team that already uses them, that means teams who know what the tool does and what should not be handed to it, with documented in-house training.
What is genuinely possible, and what is not
Specific things: pull the deadlines, the budget and the key points out of an 80-page document; prepare a first draft of a quote, a follow-up or a report; sort your documents and photos by project and by date; triage the inbox. These are drafts that you approve. Their real value shows when these steps link up within the way you work, without you having to trigger them one by one from a browser.
Rarely. In most cases, what is missing is not one more piece of software but the link between the ones you already have, or a specific step to automate around them. That is where we step in first. In the situations where a tool specific to your trade is genuinely missing, we build that too, but it is not the starting point.
Anything that calls for judgement you would reread line by line: a costing, a decision that no one checks behind. Or a volume too low to justify the setup. Sometimes the right answer is not to equip, or not yet.
No. We start from your real tools: a spreadsheet, emails, messages, paper. The first step is usually one or two tasks that come back every week, not a big IT project.
A subscription is a tool you open, where you type a task, and whose answer you copy into your working tool. Every time. What we build works differently: when a quote comes back approved, saving it to your client file, filing the PDF and scheduling the follow-up happen without you opening anything. It is wired to your real files, tested, documented, set out by contract, and it runs in the background. The difference is not in the quality of the answers, it is in who does what each time.
How to stay protected, on the GDPR and technical side
By default, on servers located in the European Union, and we favour European providers. With each of them, the processing of your data is governed by a data processing agreement. That is the starting point, not an option added at the end. For more sensitive cases, a residual risk may remain, and we set it out for you in writing.
Four levels, depending on how sensitive the data is. Data with no personal character opens up the most capable models. For personal data, three degrees of closeness: the European cloud set out by contract; a dedicated server in Europe, with no outside AI service; or an on-site installation, where no data leaves your infrastructure.
Even with hosting in Europe, some architectures involve a residual risk. Under the GDPR, only genuine anonymisation of the data removes that risk, since it is then no longer personal data. Simple pseudonymisation is not enough, and true anonymity is hard to guarantee. So for genuinely sensitive data, we favour European servers and providers, or a dedicated infrastructure.
Someone on your side. By default, the automations are built so that nothing goes out without your agreement: no automatic sending forced on you. You remain the data controller, like an intern's draft: you sign it, so you read it.
These questions, we go through them on your real processes.
That is the work of the audit: you receive a written report, clear, with an order of priority.