Responsible AI.
Our commitments.

01Classification under the AI Act

The MyKonci Service uses generative artificial intelligence models to produce content (conversational replies) and analysis systems to produce scores and recommendations (Cortex).

Within the meaning of Regulation (EU) 2024/1689 (the "AI Act"), the Service is classified as follows:

• Limited-risk AI system (Title IV of the AI Act), chatbot and voice agent: transparency obligation (inform the user they are interacting with an AI), no other substantial obligations.
• Limited-risk AI system, Cortex: analysis and recommendations without automated decisions producing legal or significant effects within the meaning of article 22 of the GDPR.

MyKonci does not deploy high-risk or unacceptable-risk AI systems within the meaning of the AI Act.

02Transparency towards users

In line with article 50 of Regulation (EU) 2024/1689 (AI Act), guests interacting with the Service must be informed that they are interacting with an AI system. MyKonci implements this principle both technically and contractually:

• Information notice template provided by MyKonci and made available to the Customer at onboarding. This template contains the information required by articles 13 and 14 of the GDPR (controller identity, purposes, recipients, rights, etc.) as well as the AI notice required by the AI Act.
• Contractual obligation for the Customer to display this notice or an equivalent one on the channels through which guests interact with the Service (rental listings, welcome messages, arrival instructions). This obligation is reiterated in the T&Cs of sale and the DPA.
• Voice identification: the voice agent explicitly introduces itself as an automated assistant when answering calls. Audio recordings generated are identifiable as outputs of an AI system.
• Written identification: the chatbot's first message can include a notice of its automated nature, configurable by the Customer.

Failure by the Customer to comply with this information obligation is considered a breach of the T&Cs of sale that may lead to suspension of the Service. MyKonci, as the provider of the AI system within the meaning of the AI Act, remains jointly responsible for providing the tools enabling this transparency.

03Human oversight and decisions

MyKonci applies the principle of human oversight:

• No decision producing legal or significant effects within the meaning of article 22 of the GDPR is taken in a fully automated way regarding guests.
• Cortex produces recommendations; the final decision always rests with the customer's team (concierge, manager).
• Chatbot and voice-agent replies rely solely on the information provided by the customer; in case of missing or ambiguous information, the AI escalates to a human rather than making things up.
• If the customer enables an automation feature (e.g. automatic message sending), they become the controller within the meaning of the GDPR and must provide an opt-out mechanism for guests.

04Data quality and bias

MyKonci implements measures to limit the biases and errors inherent to AI:

• Strict prompt framing (instruction system) limiting the AI's scope of action.
• Escalation mechanism to a human in case of doubt or missing information.
• Continuous learning per tenant, with strict isolation: no customer's data influences another's analyses.
• Periodic quality audits of replies and recommendations.
• Customers can report an error; corrections are integrated into the service improvement process.

05Prohibited uses (Acceptable Use Policy)

The Customer undertakes not to use the Service to:

• Produce or distribute illegal, defamatory, hateful, discriminatory content or content contrary to public order.
• Manipulate guest behaviour in a deceptive, hidden way or in a manner harmful to their free consent.
• Rate or categorise people on the basis of protected characteristics (origin, religion, sexual orientation, political opinions, health, etc.) within the meaning of article 5 of the AI Act.
• Set up a general social scoring of guests.
• Extract facial images or biometric data for identification purposes.
• Infer people's emotional state in the workplace or educational settings within the meaning of article 5.1.f of the AI Act.
• Impersonate a real person or make the guest believe they are interacting with a human when they are interacting with the AI.
• Bypass the Service's security or human-oversight mechanisms.
• Exploit vulnerabilities related to age, disability or economic situation to influence a person's behaviour.
• Reuse, resell or integrate AI outputs in a high-risk AI system without MyKonci's prior written agreement.

Any breach of this policy constitutes a substantial violation of the T&Cs of sale that may lead to immediate suspension of the Service.

06Security and robustness

• The AI models used by MyKonci are provided by reputable vendors (OpenAI, Azure OpenAI) subject to their own security and robustness requirements.
• System prompts are stored securely and their modification is logged.
• Regression tests are performed before any model or prompt update.
• Fallback mechanisms are in place in case of AI vendor unavailability.

07Training data and reuse

MyKonci commits not to use customer data to train, fine-tune or evaluate external AI models (OpenAI, Azure OpenAI or any other provider). Internal learning is strictly per tenant and pseudonymised when it concerns overall product improvement.

08AI incident reporting

Any incorrect, biased or inappropriate reply can be reported at ai@mykonci.com. Reports are handled within 48 business hours and are followed by analysis and, if necessary, a corrective update.

09Evolution

This policy will evolve as the AI Act progressively takes effect (August 2024 to August 2027) and as sector best practices mature. Any substantial change will be notified to customers.

10Contact

For any question about this AI policy, contact ai@mykonci.com or our DPO at privacy@mykonci.com.