AI & Automation Policy

Nova X Solutions designs AI-enabled workflows and automation systems to reduce operational friction, improve reliability, and increase visibility across business ecosystems. We treat AI not as a shortcut but as an infrastructure component, subject to the same standards of reliability, transparency, and accountability we apply to every system we build.

This policy describes how we use AI and automation tools in our own operations, how we apply them in client engagements, and the principles that govern both.

1. Scope

This policy covers three contexts:

• Internal operations — AI and automation tools used to support our own workflows.
• Delivery and development — AI tools used in the process of designing, building, or testing systems.
• Client-facing systems — AI and automation components embedded into infrastructure we build and deploy.

2. Human Oversight

We build automation with the assumption that humans remain accountable for outcomes. This shapes how we design, deploy, and govern automated workflows.

• Automation includes defined control points, escalation paths, and override mechanisms.
• We do not deploy fully autonomous systems for high-risk decisions without safeguards, fallbacks, and human review.
• Audit trails are implemented where automation executes consequential actions.

Where a client-facing automated process affects clients or end users, clients may request human review of an automated output, an explanation of the logic or criteria applied, or modification/disabling of specific automated behaviors within the scope of the engagement agreement.

3. Third-Party AI Tools

We may use third-party AI tools in internal and delivery contexts (for example for research, summarization, or code assistance). We apply strict controls over what data is shared with these tools.

• We do not submit client confidential information, personal data, or sensitive business data to third-party AI tools without explicit client consent.
• We do not use client data to train, fine-tune, or improve any AI model.
• We do not use AI-generated outputs in client deliverables without human review and accountability for the final result.

Where a client engagement requires restrictions on AI tool usage (including prohibiting cloud-based AI tools), we accommodate this within the scope of the engagement agreement.

4. Data Handling in AI Contexts

Minimum data principle

We request only the information necessary to evaluate, design, and deliver a solution.

Controls for automated processing

• Input sanitization and validation before processing.
• Access controls limiting which systems and personnel can access intermediate outputs.
• Logging of data flows through automated pipelines for audit and incident investigation where appropriate.

Information shared with us during an engagement is used solely for the purpose for which it was provided and is not used for product development, model training, or marketing without explicit written consent.

5. Bias, Fairness, and Responsible Design

Where we build AI systems that affect individuals (including recommendation engines, scoring systems, workflow routing, and automated communications), we apply bias assessment, fairness by design, and transparency where legally required or operationally appropriate. We do not build AI systems designed to manipulate, deceive, or exploit individuals.

6. Prohibited Uses

Nova X Solutions will not use AI or automation, in our own operations or in systems we build for clients, for:

• Generating or distributing disinformation or synthetic media designed to deceive.
• Surveillance, tracking, or profiling without knowledge and consent.
• Automated decision-making that discriminates on protected characteristics under Nigerian law.
• Circumventing security controls, access restrictions, or compliance requirements.
• Any application prohibited under the Nigeria Data Protection Act 2023 or other applicable law.

7. Quality, Reliability, and Validation

How we validate

• Automated workflows are tested against agreed requirements and realistic operational scenarios, including edge cases.
• AI components are evaluated for output quality, consistency, and alignment with the intended use case before production deployment.
• We prefer deterministic logic for critical operations where consistency and auditability are non-negotiable; AI is applied where it adds measurable value.

Ongoing monitoring

• Deployed automation is monitored for failures, exceptions, and output drift.
• Alerting and escalation paths are configured for human review when thresholds are breached.
• Where third-party models are used, we assess the impact of provider updates on system behavior and re-validate affected components.

8. Incident Handling for AI and Automation Systems

When an automated system produces an unexpected, incorrect, or harmful output, or fails to execute as designed, we treat it as an operational incident requiring structured response: detection, containment, assessment, remediation, and disclosure where required.

9. Alignment with Applicable Frameworks

This policy is designed to be consistent with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation (NDPR), and emerging international best practices on responsible AI deployment. As the regulatory framework develops, we will update this policy accordingly.

10. Changes to This Policy

We may update this policy as our use of AI evolves, as new tools are adopted, or as the regulatory environment changes. The effective date above reflects the most recent version.

11. Contact

For questions about our use of AI and automation, or to make a request regarding an automated process that has affected you: