AI & automated systems

Pinnora is an AI-intensivesoftware platform. This AI & Automated Systems Statement ("AI Statement") supplements and is incorporated by reference into our Terms of Service and Privacy Policy. In the event of conflict regarding AI-specific topics, this AI Statement prevails over general marketing descriptions. Pinnacle MAV Media LLC("we," "us") may update this page as capabilities, providers, or regulatory expectations evolve.

1. Scope of AI and automation

The Service includes features that use machine learning, large language models, multimodal models (text, image, and video), scoring algorithms, retrieval-augmented workflows, vector-embedding similarity search, and related automation (collectively, "AI Features"). AI Features operate across the product workflow as discrete "modules" grouped into layers — including (without limitation) market and competitor research, audience and avatar synthesis, brand and product analysis, messaging and persuasion development, creative and copy generation, creative-system development, image and video generation, quality and compliance checks, and performance feedback. The specific modules available to your organization depend on your plan, configuration, and any feature flags we have enabled for you. The set of modules and the models powering them may change over time; published in-product documentation is the operational source of truth for which modules are currently available.

Many modules chain together: the output of one module (for example, a research synthesis) is automatically used as part of the input to a downstream module (for example, a creative concept generator). A single user request may therefore trigger a sequence of model invocations — possibly orchestrated by an agent loop with a bounded number of steps — across one or more providers. We disclose this so you understand that text or context you submit to one module may flow through multiple subsequent prompts within your workspace.

Non-AI components (authentication, billing, file storage, collaboration shells, and manual user actions) may process data without model inference. Where a feature does not invoke a model, this AI Statement applies only to the extent general Service terms govern.

2. Nature of model outputs

Outputs of AI Features are probabilistic and generative. They may be factually incorrect, incomplete, outdated, inconsistent with your brand guidelines, biased, offensive, or unsuitable for regulated use cases. Outputs are not verified by us for accuracy, legality, or fitness for a particular campaign, jurisdiction, or platform. You must treat all outputs as draft materials subject to human review, editorial control, and compliance sign-off before external use.

3. Not professional advice

AI Features do not provide and must not be relied upon as legal, tax, financial, medical, or other professional advice. They do not create an attorney-client, fiduciary, or advisory relationship. For advertising claims, substantiation, disclosures, and platform policy interpretation, consult qualified counsel and platform representatives.

4. Model providers, routing, and infrastructure

Inference requests are routed through a unified inference gatewayoperated by our hosting provider. The gateway provides routing, automatic failover, observability for reliability and cost management, and budget controls across one or more upstream model providers. Each upstream model provider we use is contractually bound (via API DPA or enterprise terms) not to use our customers' prompts or outputs to train its general-purpose models. The currently engaged upstream providers and regions are published, and kept up to date, on our Subprocessors page.

Gateway behavior you should know about:

• Every prompt issued by an AI Feature transits the gateway before reaching the chosen upstream provider; aggregate metrics (request identifier, provider, model family, latency, token counts, error codes) are captured by the gateway for reliability and cost. Prompt and output content is not used by the gateway operator for training.
• A request originally targeted at one provider may be automatically retried against another provider if the first is unavailable, rate-limited, returns an error, or returns output that fails our schema-validation step. The user-facing result is the same regardless of which provider answered.
• We may change which modelwithin a provider's family handles a given module — for performance, cost, safety, or capability reasons — without prior notice, provided the privacy commitments in this AI Statement and our Privacy Policy continue to be met. We do not commit to a specific model name or version on a public legal page because model line-ups change frequently; if a specific model commitment is contractually important to you, it must be addressed in a signed enterprise order.
• Different plans may route to different model tiers (for example, a higher-quality model for paid tiers and a lower-cost model for free tiers). Where this applies, the in-product help page for the relevant feature describes the tier behavior.

Categories of models we currently use

• Text-generation models from major frontier-model providers, accessed through the unified gateway with API-tier terms that prohibit training on customer prompts.
• Multimodal (image and, where enabled, video) generation models for creative-asset modules. Generated images may carry provider-applied invisible watermarks (for example, SynthID for Google-generated imagery); we do not strip these.
• An asynchronous research agent(currently a Google product) that, when invoked, autonomously browses the public web and synthesizes findings over the course of several minutes (up to roughly one hour per research task). The agent decides which URLs to visit; it operates within the upstream provider's safety and rate-limit policies. If the streaming connection between us and the upstream agent drops, we resume the same session rather than restarting.
• Web search and content-extraction tools from one or more third-party providers, used to fetch and extract content from URLs the user supplies or the research agent decides to visit. Extracted content is returned to the LLM as part of the prompt.
• Embedding models for vector representations of generated outputs and selected inputs (see Section 5.5 below).
• A fallback inference provider used when the primary providers are unavailable.

5. Model training and improvement

Unless we notify you otherwise in-product, in this AI Statement, or in a separate written agreement, we do not use your Customer Content (including prompts and outputs) to train or fine-tune general-purpose public models for third-party benefit. We may use aggregated, de-identified telemetry; automated quality signals; and security/abuse classifiers to operate, secure, and improve the Service (including product features and routing heuristics) in a manner that does not disclose your identifiable Customer Content to the public.

6. Data processing and retention

Personal data and Customer Content submitted to AI Features are processed as described in our Privacy Policy and, for business customers, our Data Processing Addendum. Inference-related logs (request identifier, provider, model family, latency, token counts, error codes, schema-validation results) are retained for periods necessary for security, debugging, billing validation, and legal compliance, then deleted or minimized according to our retention practices. Cross-border transfers may occur; we rely on appropriate safeguards as described in the Privacy Policy and DPA.

6.1 Asynchronous job execution

Many modules execute as durable background jobs. The job payload — which includes the prompt, the relevant prior-module outputs, and any contextual fields — transits a managed queue subprocessor (see Subprocessors) so that work survives restarts, retries on transient failures, and is delivered exactly to the worker that owns it. The queue subprocessor is contractually bound by a DPA and processes the payload only to deliver the job.

6.2 Multi-step pipelines and agent loops

Some workflows orchestrate multiple modules in sequence, automatically using one module's output as part of the next module's input. Some workspace assistants run a tool-use loop with a bounded maximum number of steps (currently in the low tens). You should assume that information you submit to one module may be used to construct subsequent prompts within the same workspace and run.

6.3 Vector embeddings and similarity search

To enable similarity search, deduplication, and clustering across the creative outputs your organization generates, we may compute a numerical embedding (a fixed-length vector of numbers) of selected outputs and store it in our database alongside an organization identifier. Embeddings are mathematical representations and do not directly reveal the original text, but they can be used to retrieve semantically similar prior outputs. Embedding computation is performed via the same gateway and provider commitments described in Section 4. Embeddings are scoped to your organizationand are never used to surface another organization's outputs to you. Embeddings persist with the source output; deleting the source output deletes the embedding through the standard retention process.

6.4 Internal access to prompts and outputs

We treat your prompts and outputs as confidential Customer Content. Our personnel do not access them as part of routine operations. Personnel with appropriate role authorization may access prompts and outputs only when (i) you ask us to investigate a specific issue with your account; (ii) abuse or security investigations require it; or (iii) legal process compels disclosure. Access is logged.

6.5 Caching

Where the gateway or our application layer caches inference responses for performance, caching is scoped per organization and per request signature; we do not serve one organization's output to another organization through any cache.

6.6 Autonomous web research and content extraction

Research-oriented modules and the asynchronous research agent described in Section 4 may autonomously fetch content from third-party URLs — either URLs you supply or URLs the agent decides to visit. Extracted content is then included in subsequent LLM prompts.

• Third-party site operators may observe inbound requests from our research subprocessors' infrastructure (IP addresses, user agents). We rely on each research subprocessor's published crawl-etiquette and robots.txt handling.
• Web pages we fetch may contain personal data of third parties (for example, comments, testimonials, author bylines). Once fetched into a research module, that content becomes part of the prompt sent to an LLM provider and part of the module's output, subject to the same retention rules as other Customer Content.
• You are responsible for ensuring that any URL you submitfor research is one you are lawfully entitled to investigate, and that downstream use of any extracted content (quoting, summarizing, repurposing) complies with copyright, database rights, the source site's terms, and applicable privacy law.

6.7 Safety filters and moderation

Upstream model providers apply their own safety classifiers and content filters to inputs and outputs. A request may be refused or partially redacted by a provider if it triggers those filters. We may additionally apply our own pre- and post-generation checks to enforce our Acceptable Use Policy. Filter behavior is probabilistic; legitimate prompts may occasionally be refused, and unsafe content may occasionally pass — you remain responsible for human review.

6.8 System prompts and proprietary instructions

Each module operates with proprietary system prompts and orchestration logic that we develop and maintain. These instructions are our confidential trade secrets; you do not receive a license to them, may not attempt to extract them via prompt injection or other techniques, and may not use the Service to reconstruct or train a competing prompt set.

6.9 Data minimization — what to put in prompts

We do not currently apply automated personal-data redaction to the prompts we send to upstream providers. Do not include unnecessary personal data, special-category data (Art. 9 GDPR), cardholder data, or government-issued identifiers in module inputs unless your business purpose requires it and you have a lawful basis for sharing that data with the upstream provider as described in Section 4. If you upload such data, it will be processed by the providers we use to deliver the requested feature.

7. Customer obligations

You agree that you will:

• Evaluate outputs for accuracy, brand safety, and suitability before publication or media spend;
• Comply with applicable advertising, consumer protection, intellectual property, privacy, and platform rules;
• Obtain and maintain all rights, consents, and licenses necessary to submit Customer Content to AI Features, including any URLs you submit for autonomous research;
• Not use AI Features to generate unlawful, deceptive, or harmful content, including content that infringes third-party rights or violates our Acceptable Use Policy;
• Clearly disclose AI-generated or AI-assisted content where law or platform policy requires labeling;
• Apply data-minimization (see Section 6.9) when constructing prompts and uploaded context;
• Not attempt to extract model weights, underlying system instructions, or non-public training methodologies, or to bypass usage limits, safety filters, or access controls.

8. Abuse, safety, and prompt injection

You must not feed the Service malicious payloads designed to exfiltrate data, manipulate other tenants, or override safety policies. We employ technical and organizational measures to detect abuse; we may block, throttle, or log suspicious activity. You acknowledge that prompt injection and similar attacks remain an industry-wide risk; you are responsible for sanitizing untrusted input that you incorporate into prompts.

9. Intellectual property

As between you and us, ownership of Customer Content and your outputs is governed by the Terms of Service. We do not claim ownership of your outputs solely by virtue of model inference. Third-party model providers may impose usage restrictions on generated content; you are responsible for complying with those restrictions when applicable.

10. Ad platforms and regulated industries

Connection to or use of third-party advertising platforms (such as Meta, Google, TikTok, or LinkedIn) is subject to those platforms' terms and policies. AI Features do not guarantee approval of creatives, compliance with platform ad policies, or performance metrics. Highly regulated sectors (financial services, healthcare, political advertising, children's products, etc.) may impose additional obligations; you are solely responsible for sector-specific compliance.

11. Experimental features

Beta, preview, or experimental AI capabilities may have reduced reliability, different retention behavior, or additional logging for quality assurance. They are provided AS IS unless otherwise stated in-product.

12. No performance or outcome warranty

We do not warrant that AI Features will achieve any particular business result, benchmark, click-through rate, conversion rate, or regulatory clearance. Any uptime or support commitments applicable to the Service are stated in your subscription terms or enterprise agreement and do not extend to third-party model availability or latent model defects outside our reasonable control.

13. Government and high-risk use

Unless expressly authorized in a separate agreement, the Service is not intended for use as the sole basis for automated decisions with legal or similarly significant effects on individuals, nor for covered high-risk AI deployments where prohibited by applicable law. Government end users may be subject to additional terms or export rules.

14. EU AI Act & transparency obligations

Where the EU Artificial Intelligence Act (Regulation (EU) 2024/1689) applies, our role and yours are as follows:

• Our role: we are a provider of certain general-purpose-AI-enabled features (in the sense that we package and route inference) but we are not the developer of the underlying foundation models. The foundation-model providers in Section 4 are the upstream providers within the meaning of the Act and are responsible for model-level conformity (training data summaries, copyright policies, evaluations, systemic-risk reporting where applicable).
• Your role: when you use the Service to deploy or distribute AI-generated content, you act as a deployer and, in some cases, a downstream provider. You are responsible for compliance with deployer obligations including transparency to natural persons under Art. 50 (e.g., disclosing that content is AI-generated where required), and for any obligations arising from your deployment context (Annex III high-risk uses, biometric categorization, social scoring, etc., which are prohibited or restricted).
• Prohibited practices: you must not use the Service to deploy AI in a manner that would be prohibited under Art. 5 of the Act (subliminal manipulation, exploitation of vulnerabilities, social scoring by public authorities, untargeted scraping of facial images, emotion recognition in workplaces or schools except where permitted, biometric categorization inferring sensitive attributes, real-time remote biometric identification in publicly accessible spaces, certain predictive policing).
• Watermarking and labeling:where the Act, platform policy (e.g., Meta's AI political-advertising rules, Google's SynthID disclosures), or other law requires content to be marked as AI-generated or manipulated, you are responsible for applying that label before publication. For images and video produced via the Gemini image and video models, content may carry SynthID watermarks added by the upstream provider; we do not strip these.

15. Copyright & training-data disclaimer

Foundation models are trained by their respective providers on large datasets. We do not control, audit, or warrant the lawfulness of any provider's training data. Outputs generated through the Service may resemble third-party works in style or substance; you are responsible for clearing rights in any output before commercial use, particularly for outputs that depict real persons, recognizable brands, or copyrighted characters. Where a provider offers an indemnity for output-based IP claims (e.g., enterprise IP indemnification), that indemnity flows from the provider to us and is not independently assumed by us, except as expressly stated in a signed enterprise order.

16. Hallucinations & output verification

Generative models are prone to hallucinations — confident-sounding outputs that are false, fabricated, or misattributed. Outputs that look like citations, statistics, quotations, regulatory provisions, prices, or competitor claims must be independently verified before publication. The Service does not constitute substantiation under FTC advertising guidance.

17. Contact

AI governance inquiries: technical@thepinnacle.media