This document provides general information about the use of Artificial Intelligence (AI) within the ExorLive platform.

The document describes how AI features operate, the applicable security and compliance principles, and the responsibilities associated with the use of AI functionality in the system.

This document may be referenced in contractual documentation, including the ExorLive Data Processing Agreement.

Detailed documentation for specific AI features is provided separately in the documentation for each feature.

This guide explains:

• How AI functionality is used within the ExorLive platform

• The intended use and limitations of AI features

• Security and compliance principles governing AI functionality

• How ExorLive AI aligns with relevant regulatory frameworks including the EU AI Act and GDPR

ExorLive AI features are designed to support professionals, not replace them.

AI-generated outputs are suggestions that assist users in performing tasks within the platform. These suggestions must always be reviewed and validated by the professional user before use.

The AI functionality:

• does not diagnose medical conditions

• does not independently assess patient risk

• does not replace professional expertise

Final responsibility for all outputs and decisions remains with the user.

ExorLive AI features use of modern language models and data processing techniques to support users with selected tasks in the platform.

AI functionality processes user input and generates suggestions based on the interpreted context and available system data.

AI features generally follow a structured workflow:

The system interprets the user's input using natural language processing in order to identify relevant context, keywords, and intent.

Relevant information may be retrieved from ExorLive’s internal resources and structured platform data.

The AI system generates suggestions or structured outputs based on the interpreted input and retrieved information.

All outputs are presented to the user for review and can be edited, modified, or rejected before use.

ExorLive AI features are designed to minimize the processing of personal data.

As a general principle, AI functionality operates based on the information actively provided by the user.

Personal data may only be processed by an AI feature if such information is included in the user’s input.

• AI features do not require personal data to operate

• Personal data is not automatically retrieved from patient records or system profiles

• AI features process only the information actively entered by the user in input fields

• Personal data may therefore only be processed if the user explicitly includes such information in the input

If personal data is included in user input:

• the information may be processed by the AI feature to generate the requested output

• such processing takes place within the scope of the data processing agreement between the customer and ExorLive

• the customer remains responsible for determining whether such processing is lawful under applicable data protection legislation

For operational purposes, limited system data may be recorded, including:

• user prompts

• AI responses

• technical metadata such as timestamps or usage metrics

Such data may be used for:

• system performance monitoring

• security monitoring

• service improvement and troubleshooting

Logging is handled in accordance with ExorLive’s data protection policies and applicable retention practices.

Generative AI systems may occasionally produce incomplete, inaccurate, or irrelevant outputs.

Users must therefore always review AI-generated outputs before applying them in practice.

Potential limitations may include:

• misinterpretation of unclear or incomplete input

• generation of generic or incomplete responses

• occasional hallucinations or incorrect suggestions

Before using AI-generated results, users should consider:

• Is the output relevant to the intended purpose?

• Does the result match the professional context?

• Is important information missing?

• Should the result be modified before use?

ExorLive AI functionality is developed and operated in accordance with applicable legal and security frameworks.

Under the EU Artificial Intelligence Act, ExorLive AI functionality is classified as a limited-risk AI system.

This classification is based on the following characteristics:

• the AI supports user workflows rather than making autonomous decisions

• outputs generated by the system require human evaluation

• users retain full control over how outputs are used

ExorLive fulfills the transparency obligations applicable to limited-risk AI systems by:

• informing users that AI functionality is used

• providing documentation describing system capabilities and limitations

• ensuring that human oversight remains central to system use

ExorLive operates an Information Security Management System aligned with ISO/IEC 27001:2022.

This includes:

• structured risk assessment processes

• role-based access control

• secure software development practices

• incident detection and response procedures

• continuous monitoring and improvement of security controls

These measures help ensure the confidentiality, integrity, and availability of system data.

In alignment with the General Data Protection Regulation (GDPR), ExorLive AI features incorporate the following data protection principles:

• Lawfulness, Fairness, and Transparency: Processing of personal data is conducted lawfully, fairly, and in a transparent manner, with clear communication to users about how AI features handle input data.

• Purpose Limitation: Data is processed only for specified, explicit, and legitimate purposes related to the relevant AI feature and not further processed in a manner incompatible with those purposes.

• Data Minimization: ExorLive AI features are designed to minimize the processing of personal data. Personal data is only processed by an AI feature if such data is explicitly entered by the user in the relevant input field.

• Accuracy: Ensuring that personal data is processed in a manner relevant to the intended purpose, while reminding users that AI-generated outputs must be reviewed before use.

• Storage Limitation: Personal data is retained only for as long as necessary to fulfill the relevant processing purposes and in accordance with applicable retention practices.

• Integrity and Confidentiality: Appropriate security measures are in place to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

• Accountability: ExorLive demonstrates compliance with GDPR principles through documentation and proactive data protection measures.

These practices help ensure that users’ data is handled responsibly and in compliance with applicable data protection laws.

While ExorLive AI features provide valuable support, the final responsibility remains with the user.

Users must:

• evaluate all AI-generated outputs before use

• ensure that results are appropriate for the professional context

• modify or reject outputs when necessary

AI functionality must never replace professional judgment.

ExorLive continuously evaluates its AI systems to maintain high levels of quality, safety, and reliability.

This includes:

• monitoring AI output relevance and consistency

• evaluating feedback from users

• performing periodic technical validation of AI functionality

• updating model architecture and supporting systems when appropriate

Users are encouraged to report issues or unexpected results to: support@exorlive.com

8. Token Usage & Allocation

AI functionality in this platform is governed by token-based usage limits. Each instructor license includes a monthly token allocation. Organizations requiring additional capacity may purchase supplemental token packages in fixed increments, with no cap on the number of additional packages. Specific allocation figures are defined in the applicable subscription agreement and may be subject to change.

• ExorLive AI Program Builder

• ExorLive AI Translator