AI Acceptable Use & Transparency Policy
This AI Acceptable Use & Transparency Policy ("Policy") forms part of the Outlex Terms of Service or any other written agreement governing the Customer's use of the Services ("Agreement").
This Policy explains how AI is used in Outlex, the limits of AI Outputs, prohibited and restricted uses, user responsibilities, transparency measures and human oversight expectations.
Capitalised terms not defined in this Policy have the meanings given in the Agreement.
1. About Outlex and Lexi
Outlex provides an AI legal workspace for business and professional users.
The Services may include AI-enabled features such as Lexi, document analysis, contract review, legal Q&A, drafting, redlining, summarisation, workflow automation, matter preparation, legal task support, integrations and lawyer handoff.
Lexi is an AI legal agent. Lexi is not a lawyer, law firm, court, regulator, public authority or substitute for qualified professional judgment.
Where appropriate, Customers may request Human Legal Support from Professionals through the Services.
2. Purpose of this Policy
This Policy is intended to:
- promote safe, lawful and responsible use of AI within Outlex;
- explain the role and limits of AI Outputs;
- define prohibited and restricted uses;
- support transparency for users interacting with AI;
- support human oversight and professional review;
- align the Services with applicable data protection, AI and professional responsibility expectations.
3. Transparency: when you are using AI
Users should understand when they are interacting with AI or receiving AI-generated content.
Outlex may use AI to generate, summarise, classify, review, compare, explain or draft content. AI-generated or AI-assisted content may appear in chat responses, document comments, summaries, redlines, task outputs, checklists, templates, suggested clauses, legal explanations, workflow recommendations and other product features.
Where the context does not make this obvious, Outlex aims to provide appropriate signals, labels, descriptions, disclaimers or user interface cues indicating that AI is being used.
5. Human oversight
Outlex is designed to support human decision-making, not replace it.
Users must maintain appropriate human oversight over AI Outputs, including by:
- reviewing outputs for accuracy, completeness and relevance;
- checking applicable law, jurisdiction, dates and factual assumptions;
- verifying citations, sources, clauses and legal references;
- assessing whether the matter requires professional legal review;
- escalating high-risk, unclear or sensitive matters to a qualified professional;
- ensuring that final decisions remain under human control.
Customers are responsible for deciding when Human Legal Support or external legal advice is required.
6. Customer responsibilities
Customers and users must use the Services lawfully, responsibly and consistently with the Agreement, this Policy and applicable law.
Customers are responsible for:
- ensuring that they have the right to upload, process or share Customer Data through the Services;
- ensuring that prompts, documents and instructions are lawful and appropriate;
- maintaining internal policies and controls for AI use;
- training or instructing users on appropriate use of AI where necessary;
- reviewing AI Outputs before use;
- avoiding overreliance on AI;
- ensuring that the Services are not used for prohibited or restricted purposes;
- ensuring that any use of AI in their organisation complies with applicable data protection, employment, professional, regulatory and AI laws.
7. Prohibited uses
Customers and users must not use the Services to:
- violate applicable law, regulation, court order, professional duty or third-party rights;
- generate, facilitate or conceal fraud, deception, unlawful conduct or regulatory evasion;
- produce illegal, discriminatory, harassing, defamatory, hateful, exploitative or harmful content;
- infringe intellectual property, confidentiality, trade secret, privacy or data protection rights;
- generate malware, phishing, credential theft, unauthorised access, harmful code or cybersecurity abuse;
- impersonate another person or misrepresent AI Outputs as human-generated where that would be misleading or unlawful;
- create or distribute deceptive deepfakes, synthetic media or manipulated content in a way that misleads others;
- process personal data without a lawful basis or required notices;
- submit data that the Customer is not authorised to process through the Services;
- use the Services to make decisions in a way that unlawfully discriminates against individuals or groups;
- bypass usage limits, security controls, access controls, monitoring, filters or technical safeguards;
- reverse engineer, extract, scrape or misuse the Services, models, prompts, outputs or system behaviour;
- use the Services in a way that could compromise legal privilege, confidentiality or professional secrecy without appropriate safeguards.
8. Restricted high-risk uses
Unless expressly agreed in writing with Outlex and subject to appropriate safeguards, Customers must not use the Services as the sole or determinative basis for decisions or actions in high-risk or regulated contexts, including:
- employment, worker management, hiring, promotion, termination or disciplinary decisions;
- access to education, training, credit, insurance, housing, healthcare, essential services or public benefits;
- law enforcement, criminal justice, migration, asylum, border control or public authority decision-making;
- biometric identification, biometric categorisation, emotion recognition or profiling;
- automated legal, regulatory, court, tribunal or administrative decisions affecting rights or obligations;
- medical, financial, tax, investment, insolvency or other regulated professional advice where a qualified professional is required;
- any use that would cause Outlex or the Customer to be treated as deploying or providing a high-risk AI system without the required controls.
Outlex may refuse, suspend or require additional safeguards for use cases that appear high-risk, unlawful, unsafe or outside the intended scope of the Services.
9. Legal workflows and professional review
Outlex may support legal workflows such as contract review, drafting, negotiation support, employment documentation, corporate documentation, legal research support, compliance checklists and internal legal operations.
However:
- AI Outputs should not be treated as final legal advice unless reviewed and approved by a qualified professional where required;
- court filings, regulator submissions, formal legal opinions, litigation strategy, high-value transactions, complex tax matters, employment termination, insolvency, criminal, sanctions, financial regulatory or other high-stakes matters should receive appropriate human professional review;
- users should not submit AI Outputs to courts, regulators, counterparties, employees or third parties without reviewing their accuracy, legal basis, confidentiality and business consequences.
10. Data use and AI model providers
Outlex may use third-party AI model providers and infrastructure providers to deliver AI-enabled features.
Current AI model providers may include OpenAI, Anthropic and Google Gemini, as further described in the DPA and subprocessor list.
Unless expressly agreed otherwise, Customer Personal Data is not used to train third-party foundation models.
Customer Personal Data may be processed by AI model providers as necessary to provide the Services, generate AI Outputs, process prompts, analyse documents, maintain security, prevent abuse and perform related service functions, subject to the applicable Agreement, DPA, provider configuration and contractual safeguards.
11. Customer Data and sensitive information
Customers should submit only the data necessary for the relevant task.
Customers should use caution before submitting special category data, criminal offence data, highly confidential information, privileged information, employee disciplinary information, sensitive financial information, trade secrets or other regulated information.
Where Customers submit sensitive information, they are responsible for ensuring that the submission is lawful, necessary and subject to appropriate safeguards.
12. AI-generated content and disclosure
Users are responsible for deciding whether AI-assisted or AI-generated content must be disclosed to third parties, including counterparties, customers, employees, regulators, courts or the public.
Users must not remove, hide or alter AI-related disclosures where doing so would be misleading, unlawful or contrary to this Policy.
Where users publish or externally share AI-generated content, they should ensure that any required disclosure, review, approval or professional sign-off has been completed.
13. AI literacy and user training
Customers are responsible for ensuring that their authorised users understand the appropriate use and limitations of AI in their business context.
This may include training or guidance on:
- how AI Outputs are generated;
- the need for human review;
- risks of hallucination, error or missing context;
- confidentiality and data protection;
- appropriate prompting and document upload practices;
- when to escalate to Human Legal Support or external counsel;
- prohibited and restricted use cases.
Outlex may provide documentation, user guidance, disclaimers, onboarding materials or other resources to support appropriate use of AI.
14. Outlex safeguards
Outlex aims to maintain reasonable safeguards for AI use, which may include:
- user-facing AI disclosures and disclaimers;
- human escalation and lawyer handoff options;
- access controls and authentication;
- data protection and subprocessor controls;
- no-training-by-default commitments for third-party foundation models;
- logging, monitoring and abuse prevention;
- quality review, testing and product improvement processes;
- security controls and incident response;
- restrictions on prohibited and high-risk use cases;
- documentation and internal governance processes.
These safeguards may evolve as the Services, technology and applicable legal requirements develop.
15. Integrations and third-party services
Customers may enable integrations with third-party services, such as Google Drive, Microsoft / Microsoft 365, Slack or other supported tools.
When Customers enable integrations, Customer Data may be exchanged between Outlex and the relevant third-party service according to the Customer's configuration, the integration permissions and the third party's terms.
Customers are responsible for ensuring that they have the right to connect those services and process the relevant data through Outlex.
16. Monitoring, enforcement and suspension
Outlex may monitor use of the Services to protect security, prevent abuse, maintain compliance, enforce the Agreement and improve reliability.
If Outlex reasonably believes that a Customer or user has violated this Policy, Outlex may take appropriate action, including:
- requesting clarification or additional information;
- requiring the Customer to stop or modify the relevant use;
- disabling features or integrations;
- removing or restricting access to content;
- suspending or terminating access to the Services;
- notifying relevant authorities where legally required.
17. Updates to this Policy
Outlex may update this Policy from time to time to reflect changes in the Services, AI features, legal requirements, regulatory guidance, provider configuration or risk controls.
Where changes are material, Outlex may provide notice through the website, in-product notice, email or another reasonable method.
18. Contact
For questions about this Policy or Outlex's use of AI, contact: