Skip to main content
This statement describes how BenefitFlow uses artificial intelligence within our platform, and how that use intersects with data handling, security, and compliance controls.
Version 1.0 — March 26, 2026

AI Functionality

BenefitFlow uses AI and large language model (LLM) tooling solely to analyze, organize, and summarize information that is lawfully obtained from publicly available sources — such as company websites, directories, and regulatory filings. AI features, including FlowPilot, are used for internal purposes to improve the functionality of our platform.
AI features are not used to generate prospecting or outreach messages, send communications on a user’s behalf, or autonomously write to a customer system of record (e.g., CRM). All prospecting activity remains user-initiated and user-authored.

Our Restrictions on Using AI

RestrictionDetails
No model training on customer dataCustomer-provided information and tenant-specific records are not used to train or fine-tune third-party AI models.
No CRM integration with AIAI outputs do not directly modify or populate CRM records or internal systems.
Limited account/service dataConsistent with our Privacy Policy, the platform may process limited account and service-usage information (e.g., name, email, employer, job title; on-screen activity; crash/telemetry data). We adhere to data minimization and use limitation principles.
Consistency and transparencyAI is used only in a manner consistent with this statement. AI will not be used to intentionally deceive, defraud, or mislead others, or to facilitate misinformation.
Decision-makingAI will not be used as a factor in making decisions with legal or similarly significant effects regarding an individual or group, including profiling, unless permitted by applicable law.
Legal complianceWe will not use AI to submit, upload, or generate any output that violates applicable law.

Security, Confidentiality, and Availability Controls

BenefitFlow maintains an independently audited SOC 2 Type II control environment covering the Security, Confidentiality, and Availability trust service criteria.
Control AreaDetails
Current audit periodMarch 1, 2026 through February 28, 2027
Prior audit periodSeptember 1, 2025 through December 1, 2025
Controls includeEncryption at rest and in transit, logical access and RBAC, change management/SDLC, vulnerability management, incident response, business continuity/disaster recovery, logging/monitoring, and customer-data segregation
PersonnelA dedicated Head of Engineering is responsible for reviewing practices and ensuring compliance with all applicable privacy and data security laws
We monitor the use of AI within BenefitFlow to evaluate compliance with this statement and applicable law. All inputs and outputs are subject to monitoring by appropriate BenefitFlow personnel for compliance and quality assurance purposes.

Opting Out

You may opt out of AI processing at any time by adjusting FlowPilot’s opt-in/opt-out toggle in your BenefitFlow account settings.
If you opt out, FlowPilot and other AI features will not be available for use unless and until you opt back in.

Subprocessors and Infrastructure

BenefitFlow operates on established cloud infrastructure and exercises vendor oversight consistent with its SOC 2 design and monitoring practices. Complementary subservice organization controls (e.g., physical and environmental safeguards at the cloud provider) are reviewed as part of BenefitFlow’s assurance program.

Data Privacy

BenefitFlow’s collection, use, and disclosure of personal information are governed by our publicly posted Privacy Policy. Consult the Privacy Policy for additional details regarding our general information collection, use, disclosure, and retention practices.

FlowPilot Security & Data Handling

Data Removal Requests

Privacy Policy

Have questions about our AI data handling practices? Reach out to your BenefitFlow Customer Success Manager or email customerteam@benefit-flow.com.
Last modified on March 30, 2026