AI Transparency & Governance Statement

This Statement describes, in plain terms and in a manner consistent with the transparency obligations of Regulation (EU) 2024/1689 (the "EU AI Act"), how Prodia Systems Ltd ("Prodia") designs, deploys and governs the artificial- intelligence systems that power prodia.dev. It is governed by the laws of Ireland and the law of the European Union.

1. Nature of the System

The Service is an AI-assisted, governed autonomous software development lifecycle platform. It uses general-purpose AI models, retrieval systems, agent orchestration logic and deterministic guardrails to analyse software, propose modifications, run validation steps and, where authorised by the customer, execute changes against connected repositories.

2. Disclosure of AI Interaction

Users are clearly informed that they are interacting with an AI system. Output generated by the Service is labelled or otherwise distinguishable as machine-generated, in line with Article 50 of the EU AI Act.

3. Human Oversight

The Service is designed to keep the customer in control. Customers configure oversight levels, approval thresholds and execution scopes; repository writes, deployments and other consequential actions require explicit acknowledgement and, where configured, human approval. Customers may suspend, restrict or roll back agent actions at any time.

4. Models and Providers

The Service uses a combination of Prodia-developed components and third-party foundation models. Where third-party providers are used, customer data is processed under terms compatible with the GDPR and the Service's Data Processing Addendum. A current list of sub-processors is maintained in the DPA.

5. Data Used to Operate the Service

• Customer Inputs are processed solely to deliver the Service to the customer.
• Customer Inputs are not used to train Prodia's, or any third-party provider's, foundation models without the customer's documented instruction.
• Operational telemetry (logs, traces, evaluation results) is processed to operate, secure and improve the Service in accordance with the Privacy Policy.

6. Risk Management

Prodia operates an AI risk-management process aligned with the structure of Article 9 of the EU AI Act and with ISO/IEC 42001 principles. The process covers identification, analysis and evaluation of foreseeable risks, adoption of mitigations, residual-risk assessment and post-deployment monitoring.

7. Logging, Auditability and Explainability

Material agent actions are recorded in a tamper-evident decision ledger. For consequential actions, the Service maintains explanations describing the inputs considered, the policies applied and the alternatives rejected. Customers may retrieve, export and replay such records subject to applicable retention rules.

8. Accuracy, Robustness and Cybersecurity

Prodia operates evaluation harnesses, regression tests, security scans and red- team exercises to monitor accuracy and robustness. Cybersecurity controls include access management, encryption in transit and at rest, key management, segmentation, vulnerability management and incident response.

9. Prohibited Uses

The Service may not be used for any practice prohibited under Article 5 of the EU AI Act, nor for any of the activities listed in the Acceptable Use Policy. Customers are responsible for ensuring that their own use cases do not constitute a "high-risk" AI system under Annex III of the EU AI Act without appropriate compliance measures of their own.

10. Updates

This Statement is reviewed at least annually and updated when the Service materially changes. The current version is always available at this URL.

11. Contact

Questions regarding AI governance may be sent to legal@prodia.dev.