Trust & AI

How Hammer Automation handles AI tools, data, and provenance. A short trust commitment for buyers evaluating vendors — schools, offices, and admin teams reviewing how we touch your systems, your sources, and your decisions.

Data minimization

We only collect the data the engagement requires. We only keep it as long as you need it. We never move your data to other systems without you knowing and approving it in writing.

Connectors & access

When we connect AI to your existing systems (email, calendar, docs, CRM) we always ask for a named owner, document exactly which permissions are required, and prefer read access over write access. No shared logins — every connection runs under a named account with an audit trail.

Sandbox pilots

New workflows are always piloted first in a scoped environment with synthetic or anonymized data. We do not move to production data until you have signed off on the result and we have jointly defined how rollback works.

Human in the loop

No AI workflow we build sends anything to a customer, student, or third party without a human approving it. Every workflow has a visible approval point — in Slack, in the inbox, or wherever you already work.

Source receipts

When AI summarizes, quotes, or draws conclusions from your documents we show which sources were used. You should be able to trace every claim back to a specific source, not just trust the model.

Image & audio provenance

Images, audio, and video that AI has generated or edited are labeled as AI-generated in what we deliver. We use C2PA-style provenance metadata where it works and document the source in plain text where it does not.

No unsolicited email

We never broadcast email on your behalf without you signing off on the recipient list and the content. Your contacts never become a training set. Our own newsletter runs on double opt-in with one-click unsubscribe.

Handover & exit

We document every solution so you own it after the engagement ends. If you want to switch vendors or take everything in-house you get the prompts, templates, configurations, and access keys — no strings attached.

A marketplace listing is not a safety review

When a database, CRM, or MCP plugin shows up in a vendor marketplace it only means the tool is available — not that it is safe to point at your production data. Before any connected agent goes live we review which account it runs under, whether it has read or write scope, where its actions are logged, who owns the credential, and how you switch it off. The permission map below walks through exactly those questions.

Map what an agent may touch

When a vendor changes owner, rules, or pricing

Tools change owners, pull API scopes, shift their pricing, or grow less reliable — sometimes at short notice. In an implementation engagement we build for that: we map which data flows and connectors depend on the vendor, who owns each connection, and which sample and handover artefacts let you move the workflow. We name a fallback tool where one exists and who on your side can pause the flow if something changes. It is the same idea as the handover and named connections above — pointed at what you do the day a vendor changes course.

See our AI tool status map

Want to talk through it before you book?

Happy to walk through how this applies to your specific setup — no cost, no obligation.

Book a callSee the permission map