Compliance · GDPR Art. 22 · PIPEDA Fairness

Automated Decision-Making & AI Notice

How IIS uses AI to make decisions about your support requests, and your rights regarding those decisions.

1. What this notice covers

Integrated IT Support Inc. ("IIS", "we") operates ARIA — an AI-powered IT support assistant. ARIA uses automated reasoning to classify your support requests, suggest solutions, route to human technicians, and (in some cases) take read-only actions in your Microsoft 365 or Google Workspace tenant.

2. What decisions ARIA makes automatically

Classification

ARIA categorizes your issue (e.g., "password reset", "VPN", "Outlook crash") to suggest the right fix path. This is a low-stakes decision — wrong classification just means we ask a clarifying question.

Solution suggestion

ARIA suggests fixes from our knowledge base. You always choose whether to apply them. No automated change to your account or files.

Read-only Microsoft Graph lookups

If your organization has connected its M365 tenant to ARIA, ARIA may look up your user record, license, group memberships, or device compliance — read-only, never modifying.

Escalation routing

ARIA decides whether to handle an issue itself or escalate to a human technician.

3. What ARIA does NOT do automatically

ARIA does NOT take any privileged action without explicit human approval. The following always require either you (the user) or your administrator to approve:

Password resets
Microsoft 365 / Google Workspace license assignment or removal
Group membership changes
Device wipes or disablement
User account enable / disable
Adding entries to your tenant knowledge base
Sending notifications to other users in your tenant

For all the above, ARIA sends an approval request and waits. No action fires automatically. See our write-gate function for the technical implementation.

4. Your rights under GDPR Article 22

If you are in the EU or UK, GDPR Article 22 gives you the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. Because ARIA does not make such decisions (all consequential actions require human approval), Article 22 is largely not triggered. Where it could apply, you have the right to:

Request human review of any automated decision
Express your point of view
Contest the decision

To exercise these rights, email privacy@iisupp.net.

5. Your rights under PIPEDA (Canada)

Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) Principle 9 gives you the right to:

Access your personal information held by IIS
Challenge its accuracy
Request correction

Use our self-serve Data Export & Deletion page, or email privacy@iisupp.net.

6. How to opt out of AI processing

If you prefer to interact only with a human technician, reply "human please" in ARIA chat, or email support@iisupp.net. A live technician will pick up your case. You will not be penalized for opting out.

7. What models we use

ARIA is built on Anthropic's Claude family of language models, accessed via the Anthropic API. We do not train models on your data. Anthropic's commercial terms apply to data sent to their API.

8. Confidence and uncertainty

ARIA flags its own confidence on every reply. If confidence is low, you will see a chip like "Low confidence" with a disclaimer suggesting human review. We instrument this to keep ARIA honest about what it does not know.

9. Audit logging

For tenants with our enterprise plans, every action ARIA takes (or proposes) is logged in a per-tenant audit log. Your administrator can review it via the tenant audit endpoint or the upcoming admin console.

10. Contact

Privacy Officer: privacy@iisupp.net

General support: support@iisupp.net

Postal mail: Integrated IT Support Inc. · Ontario, Canada

Last updated: 2026-06-18 · Version 1.0 · Cat 24 compliance

Home · Privacy · Terms · AI Governance