Política IA.

1. Principios fundadores

Orkelia operates on 4 non-negotiable AI usage principles:

• No model-side storage · zero retention enabled at Anthropic on 100% of calls
• No invented numbers · the agent never generates a price, slot, or practitioner that doesn't exist in the database
• Human escalation on sensitive matters · medical emergencies, contractual issues, complaints → SMS to founder
• Operational transparency · every agent message is viewable in the dashboard with its prompt and tools used

2. Modelos en producción

Generation tasks · Claude Sonnet 4.6 (Anthropic). Used for: agent conversation responses, personalized cold email drafts, lead nurturing.

Classification tasks · Claude Haiku 4.5 (Anthropic). Used for: inbound reply intent classification (hot/warm/cold/unsubscribe), prospect tier scoring.

Embeddings · Voyage AI voyage-3. Used for semantic search over historical conversations.

No OpenAI / Google / Mistral model is used in Orkelia production to date.

3. Datos enviados a los modelos

Standard workspaces (Commercial, Trading, Restau, Transport)

Data sent to models includes user inputs (received messages, prospects, conversation context) + workspace context (templates, value props, FAQ). No sensitive data is anonymized by default for these verticals (no personal health data).

Healthcare workspaces (Orkelia Clinic)

Systematic anonymization pipeline before any LLM call:

• Patient names → pseudonyms (Patient_a3f2)
• Social security numbers → total masking
• Severe allergies → abstract category ("drug allergy")
• Precise addresses → city only
• Birth dates → decade ("60s")

The model sees a de-identified representation. Re-identification only happens on Orkelia side, post-response.

4. Garde-fous tool-use

The agent uses a "tool-use" mechanism to call specific functions (check agenda, create draft, send escalation SMS). The accessible tool list is whitelisted per workspace, max 9 tools. No direct internet access, no code execution, no filesystem access.

Whitelist examples (Orkelia Clinic)

• get_available_slots(date_range) · reads Calendly/Doctolib agenda
• create_draft_reply(patient_id, content) · prepares response for human validation
• escalate_to_practitioner(reason) · sends SMS to practitioner
• get_patient_history(patient_id) · reads anonymized patient history

If the agent tries to call a non-whitelisted tool → blocked + audit log.

5. Conformidad EU AI Act 2026

EU AI Act classifies AI systems by risk level. Orkelia analyzes its own exposure:

Orkelia Clinic → "high-risk" (Annex III)

Health data processing classifies Orkelia Clinic as high-risk AI. Commitments:

• Documented quality system (monthly internal review process)
• Annual compliance assessment (independent audit — first delivered 71/100 on 17/05/2026)
• Technical traceability (prompt+output logs 12 months)
• Transparent user information (this page)
• Integrated human supervision (automatic escalation on sensitive signals)
• Robustness + cybersecurity (see Trust page)

Other branches (Commercial, Trading, Restau, Transport, Shop) → "limited-risk"

Main obligations: transparency (end user knows they interact with AI) + AI-generated marking on synthetic content (emails, drafts). Implemented.

6. Límites conocidos de la IA

To stay transparent, here are the real limits we observe in production:

• The agent may misunderstand a very implicit request or one full of undocumented industry abbreviations → escalates or asks for clarification
• The agent cannot make medical, legal, or contractual decisions alone · systematic escalation
• The agent depends on connected databases · if Doctolib returns wrong slots, the agent forwards the wrong slots
• The agent may be manipulated by prompt injection (malicious patient) → tool-use guardrails block dangerous actions, but response content may be altered
• The agent works in French, Spanish, English. Other languages on request