AI Usage Policy

1. Our Commitment to Responsible AI

Hobbs Advisory Group is committed to transparent, accountable, and responsible use of artificial intelligence. We believe that organizations using AI have an obligation to disclose that usage honestly, protect the people affected by it, and maintain meaningful human oversight.

This policy describes how we use AI across our operations, what safeguards we maintain, and what rights you have regarding our AI practices. We proactively disclose our AI usage because transparency builds trust and responsible governance reduces risk for everyone.

1.2 Our AI Governance Principles

• Transparency First: We disclose all AI usage clearly and honestly, to the best of our abilities.
• Human-Centered: AI assists our work; humans make all final decisions that materially affect clients or other individuals.
• Accountability: We take full responsibility for AI outputs and their impacts as used by us.
• Continuous Improvement: We regularly review and enhance our AI practices and update this policy to reflect changes.
• Client Protection: We prioritize the interests and rights of the clients and organizations we serve.

2. Scope of AI Usage

2.1 Where We Use AI

Hobbs Advisory Group employs artificial intelligence technology in the following categories of our business:

Customer Support and Communications

• AI-assisted drafting of responses to client and prospect inquiries
• Automated follow-up communications through Apollo.io for business development outreach
• Support documentation and knowledge base assistance
• Automated email sequences for client onboarding and follow-up

Marketing and Content Creation

• Drafting and editing outreach messages, LinkedIn content, and marketing materials using Claude (Anthropic) and ChatGPT (OpenAI)
• Creating written content including website copy, social media posts, and articles
• Social media content development and scheduling
• Email marketing communications and campaign copy reviewed and approved by a qualified human before deployment via Apollo.io
• Educational materials and thought leadership content
• Research for content hooks and regulatory developments

Internal Operations

• Research and synthesis of regulatory, compliance, and governance materials using Claude and ChatGPT
• Document drafting, editing, and review for client engagements and internal use
• Administrative task assistance and workflow support
• Data analysis and reporting
• Meeting preparation and follow-up documentation
• LinkedIn outreach automation through Prosp, using pre-approved message copy

Product and Service Delivery

• Drafting frameworks, policies, and governance documentation for client engagements
• Analysis of client-provided information to support diagnostic and advisory work
• Development of governance roadmaps and client-facing recommendations
• Creating example implementations and reference materials for clients
• Developing tools and resources to support client engagements

Information Technology and Development

• AI-assisted research on technology governance and compliance topics
• System monitoring and cybersecurity awareness using AI-enhanced tools
• Infrastructure management support

Human Resources and Workforce Management

• Training content development for internal standards and client engagements
• Workforce planning support as the firm scales

Finance and Accounting

• Invoice processing and expense categorization
• Financial reporting and analysis
• Audit support and documentation

Legal and Compliance

• Legal research assistance on AI governance, regulatory, and compliance topics
• Document review and analysis in support of client advisory work
• Regulatory monitoring and compliance tracking across jurisdictions

For detailed, system-by-system disclosure of specific AI tools we use, please see our internal AI Disclosure Document, which is maintained as part of our AI governance program. This policy governs all AI usage regardless of the specific tools employed.

2.2 Where We Do NOT Use AI

To ensure fairness, accountability, and appropriate human judgment, we do NOT use AI systems for final decisions in the following areas:

• Certification and Approval Decisions: Final approval or denial of certification, licensing, or qualification applications
• Appeals and Disputes: Review of appeals, grievances, or formal dispute resolution
• Pricing Decisions: Determining fees, pricing, or financial terms for individual organizations or clients
• Legal Guidance: Providing legal interpretation or compliance advice (AI may assist research, but qualified professionals provide all guidance)
• Contract Negotiations: Making binding decisions in contractual matters or negotiations
• Financial Transactions: Processing payments, handling financial transactions, or making financial decisions
• Employment Decisions: Hiring, firing, promotion, or performance evaluation decisions
• Consequential Decisions Affecting Individual Rights: Decisions that determine access to housing, education, credit, insurance, or essential services

These decisions require human judgment, expertise, and accountability that AI cannot replace. While AI may assist with research, analysis, or preliminary work in these areas, final determinations are always made by qualified humans.

3. AI Systems That Adapt or Evolve

AI technologies continue to develop rapidly. The AI systems we use may adapt, learn, or improve over time based on new data, usage patterns, or updates from their providers. This is a normal characteristic of modern AI and is part of how these systems become more useful and accurate.

• AI systems we use may produce different or improved results over time as underlying models are updated by their providers.
• The behavior of AI-powered features may change as providers release new versions or as we adjust our implementation.
• We do not train AI models on your personal data unless separately disclosed in our Privacy Policy and with your consent.
• We will update this policy if there are material changes to the categories of AI we use or how our AI governance operates.
• We periodically review the AI systems we use to ensure they continue to operate consistent with this policy and our governance standards.

Specific information about which of our AI systems have adaptive characteristics is maintained in our internal AI Disclosure Document.

4. Governance and Oversight

4.1 Human Oversight Framework

All AI usage operates under our human oversight governance model. We categorize AI involvement into four levels of oversight appropriate to the nature and impact of the task:

Level 1 — AI as Productivity Tool
Humans use AI to increase efficiency while maintaining complete control.

• Examples: Grammar checking, search assistance, formatting, spell-check
• Oversight: Individual user judgment

Level 2 — AI as Assistant
AI provides drafts, recommendations, or suggestions that humans review, edit, and approve.

• Examples: Content drafting, customer support responses, research summaries, data analysis
• Oversight: Mandatory human review before any output is used or published

Level 3 — AI with Monitoring
AI performs routine tasks with human spot-checks and override capability.

• Examples: Automated workflows, system monitoring, routine processing
• Oversight: Regular audits and immediate human intervention capability

Level 4 — Human Only (No AI)
Critical decisions made entirely by qualified humans without AI assistance.

• Examples: Certification decisions, legal advice, appeals, disputes, employment decisions
• Oversight: N/A — humans only

The oversight level assigned to each AI system is documented in our internal AI Disclosure Document.

4.2 Responsible Parties and Accountability

AI governance at Hobbs Advisory Group is the direct responsibility of its leadership.

Hobbs Advisory Group takes full responsibility for all AI outputs used in our operations, decisions made using AI recommendations, and any errors or issues that arise from AI usage. We do not disclaim responsibility for AI-related outcomes by attributing them solely to the AI system. We do not take responsibility for third-party attacks or unauthorized use outside of our control.

4.3 Employee Training and Standards

Hobbs Advisory Group maintains current knowledge of AI capabilities, limitations, and governance best practices through ongoing professional development. Standards for AI use are reviewed and updated as new tools are adopted or existing tools change materially. All AI usage at Hobbs Advisory Group is subject to the following standards:

• Understanding AI capabilities and limitations
• Appropriate use cases for different AI applications
• Identifying and mitigating bias in AI outputs
• Data privacy and security requirements
• Disclosure and labeling obligations
• When to escalate concerns or defer to human-only processes

5. Truthful AI Claims

We are committed to making only truthful and substantiated claims about our AI systems:

• Any public claims about our AI systems' accuracy, performance, or capabilities are based on testing, evidence, or documented provider specifications.
• We do not represent AI-generated content as exclusively human-created where such representation would be material or deceptive.
• We disclose known limitations of our AI systems in the relevant context.
• Marketing and promotional materials involving AI capabilities are reviewed for accuracy before publication.

This commitment aligns with FTC Act Section 5 expectations regarding truthful AI claims and transparent business practices, including guidance from Operation AI Comply enforcement actions.

6. Transparency and Disclosure Practices

6.1 Content Labeling Standards

We label AI-involved content based on the level of AI contribution:

AI-Generated Content
AI created the substantial majority of the content.

• Label: "This content was generated using artificial intelligence and reviewed by our staff" or "Enhanced by AI."

AI-Assisted Content
AI provided meaningful assistance, but humans created and controlled the content.

• Label: "This content was created with AI assistance" or "Enhanced by AI."

AI as Productivity Tool
AI used for spell-check, search, or formatting.

• Not labeled separately.

All customer-facing AI systems (such as chatbots) clearly identify themselves as AI at the point of interaction, when possible. We also make best efforts to have third-party tools use identifying labels and systems.

6.2 Point-of-Use Disclosure

Where AI is used in customer-facing applications:

• Users are informed they are interacting with AI
• Users can request human assistance at any time
• AI limitations are disclosed in context
• Alternative human-only options are available when appropriate

6.3 Comprehensive AI Disclosures

Our internal AI Disclosure Document provides:

• Specific AI systems and providers we use
• Detailed use cases for each AI application
• Data processing information for each system
• Third-party provider relationships
• Technical specifications where relevant
• Oversight level assigned to each system
• Adaptive characteristics of each system

The AI Disclosure Document is maintained as a living governance record and updated as our AI usage evolves.

7. Data Privacy and Protection

7.1 Our Data Principles

When AI systems process data at Hobbs Advisory Group, we follow these core principles:

• Data Minimization: We only share necessary information with AI systems and avoid processing sensitive personal data through AI when possible.
• Purpose Limitation: Data processed by AI is used only for the specific purpose disclosed and not repurposed without notice.
• Security: All data processed by AI systems is encrypted in transit and at rest, with appropriate access controls and monitoring.
• Transparency: We disclose what categories of data are processed by AI systems in our AI Disclosure Document.
• Retention Limits: We do not retain data in AI systems longer than necessary for the disclosed purpose.

7.2 Third-Party AI Provider Standards

We use only reputable, commercially established AI providers. Current providers — Anthropic (Claude), OpenAI (ChatGPT), Apollo.io, and Prosp — maintain published privacy policies and data processing standards. We do not share client confidential information with AI platforms without explicit consent. We carefully vet all third-party AI service providers and require them to meet our standards:

• No Unauthorized Training: Providers may not use our data to train or improve their models without explicit consent.
• Security Standards: Providers must maintain security measures equivalent to or exceeding our own.
• Regulatory Compliance: Providers must comply with applicable data protection laws (GDPR, CCPA, etc.).
• Contractual Protections: All providers sign data processing agreements that prohibit unauthorized data use or sharing, require prompt notification of security incidents, include audit rights and regular compliance verification, and specify data retention and deletion requirements.
• Incident Response: Providers must have documented incident response procedures and notify us immediately of any data breaches.

Current AI service providers and detailed data processing information are listed in our internal AI Disclosure Document.

7.3 Your Data Rights

You have rights regarding data processed by our AI systems:

• Right to Access: Request information about what data AI systems have processed about you.
• Right to Correction: Request correction of inaccurate information.
• Right to Deletion: Request deletion of your personal data (subject to legal obligations).
• Right to Opt-Out: Where technically feasible, request alternative non-AI processing.
• Right to Data Portability: Receive your data in machine-readable format.
• Right to Object: Object to certain types of AI processing.

To exercise any of these rights, contact us at [email protected] or through the contact form at hobbsadvisorygroup.com. See our Privacy Policy for full details on exercising these rights and our general data practices.

7.4 Special Category Data

We do not process special category data (sensitive personal information such as health, biometric, or financial data) through AI systems except where legally required or authorized, with explicit consent, and under appropriate additional safeguards. When AI processes such data, we provide enhanced protections and oversight.

8. AI Limitations and Risk Management

We acknowledge that all AI systems have inherent limitations. Understanding and managing these limitations is central to our commitment to responsible AI use.

8.1 Known AI Limitations

Accuracy and Reliability

• Limitation: AI systems can generate incorrect, incomplete, or misleading information ("hallucinations").
• Our Approach: Mandatory human review of all AI outputs before use in client work or published externally. Critical information is fact-checked and verified independently whenever possible.

Bias and Fairness

• Limitation: AI systems may reflect biases present in their training data, potentially leading to unfair or discriminatory outputs.
• Our Approach: A qualified human reviews all AI outputs with awareness of this limitation and corrects biased or unbalanced content before use. We do not use AI for decisions affecting protected classes or where bias could cause material harm.

Context and Nuance

• Limitation: AI may misinterpret context, miss nuance, or fail to understand complex situations appropriately.
• Our Approach: Complex matters, sensitive topics, and situations requiring professional judgment are handled by qualified humans. AI assists with research and drafting; it does not substitute for professional judgment.

Technical Reliability

• Limitation: AI systems may experience downtime, errors, performance degradation, or unexpected behavior.
• Our Approach: We maintain the ability to operate without any specific AI tool. Client engagements do not depend on a single AI platform. Clients can always access human support directly.

Privacy and Security

• Limitation: AI systems processing data create potential privacy and security risks.
• Our Approach: Strict data processing standards, appropriate security controls, regular assessment, and incident response planning are maintained for all AI tools in use.

8.2 Continuous Monitoring and Improvement

We actively monitor AI system performance and risks through:

• Quality Reviews: Regular review of AI outputs for accuracy, bias, and appropriateness
• Client Feedback: Monitoring and responding to client feedback about AI-assisted work
• Performance Metrics: Tracking error rates, client satisfaction, and system reliability
• Incident Tracking: Documenting and analyzing AI-related issues or failures
• Technology Updates: Staying current with AI developments, risks, and best practices

When issues are identified, we investigate root causes and implement improvements to prevent recurrence.

8.3 Incident Response

If an AI system produces harmful, inaccurate, or problematic outputs:

• We acknowledge the issue promptly.
• We take immediate corrective action (corrections, takedowns, notifications).
• We investigate the root cause.
• We adjust processes and controls to prevent recurrence.
• We communicate transparently with affected parties.

We take full responsibility for AI-related issues and do not hide behind "AI made a mistake" as an excuse.

9. Your Rights and Recourse

You have specific rights regarding our use of AI systems that may affect you.

9.1 Right to Know

You have the right to know when and how AI is being used in your interactions with us. We commit to clear disclosure at point of interaction, accessible information in our AI Disclosure Document, and transparent responses to inquiries about AI usage.

9.2 Right to Human Review

You have the right to request human review of any decision or recommendation that involved AI assistance, content or communication generated with AI, and customer support interaction with AI systems.

9.3 Right to Explanation

You have the right to understand how AI was used in any matter affecting you. We will explain what type of AI system was involved, what role AI played in the process or decision, what human oversight was applied, and how the final outcome was determined.

9.4 Right to Opt-Out

Where technically feasible and appropriate, you may request human-only customer support, human-written communications, and alternative processes that do not involve AI. Some AI usage (such as internal productivity tools) may not have opt-out options but does not directly affect you.

9.5 Right to File Complaints

If you have concerns about our AI practices, contact us using the information in Section 14. We acknowledge complaints within 24 hours and provide substantive response within 5 business days. You may also file complaints with the Federal Trade Commission, your state attorney general, or applicable data protection authorities. We will cooperate fully with regulatory inquiries.

10. Verification and Accountability

10.1 Self-Certification

Hobbs Advisory Group maintains certification under the SiteTrust AI Transparency Standard. This means we meet all requirements of our certification tier, our certification is publicly verifiable through the SiteTrust registry, and we renew annually and maintain continuous compliance.

10.2 Regulatory Compliance

We maintain compliance with applicable AI, privacy, and consumer protection regulations including FTC Act Section 5 (unfair and deceptive practices), state consumer protection and AI-specific laws, data protection regulations (GDPR, CCPA, and state privacy laws), and sector-specific requirements as applicable.

11. Policy Maintenance and Updates

11.1 Review and Update Schedule

This policy is reviewed at least quarterly. We update it when:

• We deploy AI in new categories of use
• We significantly change how we use AI
• Material risks or issues are identified
• Relevant laws or regulations change
• Stakeholder feedback indicates clarification is needed

11.2 Notification of Changes

Material changes are communicated through prominent notice on our website (30 days), direct communication to affected parties where appropriate, update to the "Last Updated" date on this policy, and entry in the change log below. Material changes include new categories of AI use, changes to governance framework, changes to data practices, or reduction of consumer rights. Non-material changes (corrections, clarifications, formatting) are made without advance notice but noted in the change log.

11.3 Change Log

Version 2.0 — April 2, 2026
Summary of Changes: Updated policy framework including adaptive AI disclosure, jurisdiction-specific protections, accountability provisions, and truthful claims commitment
Type: Major Update

Version 1.0 — December 1, 2025
Summary of Changes: Initial policy publication
Type: New Policy

12. Jurisdiction-Specific Protections

By adopting this AI Usage Policy, Hobbs Advisory Group proactively addresses AI governance requirements across multiple jurisdictions. The governance practices established throughout this policy provide protection under current and emerging AI regulations, including but not limited to the following:

12.1 California

Protection: This policy satisfies the core disclosure and transparency obligations under California's AI legislation, including AB 2013 (Training Data Transparency, effective January 1, 2026), SB 942 (AI Transparency Act; penalties up to $5,000 per violation per day), and SB 243 (Companion Chatbots Act; private right of action, $1,000+ per violation). Companies operating under this policy are positioned ahead of enforcement.

12.2 Colorado

Protection: This policy establishes the governance framework, disclosure practices, and risk management processes that directly support a "reasonable care" defense under SB 24-205 (Consumer Protections for AI, effective June 30, 2026) — the most significant AI liability standard currently enacted. Colorado's law provides an affirmative defense to companies that can demonstrate they exercised reasonable care in their AI governance. The proactive governance documented in this policy materially strengthens the company's position in any regulatory inquiry or litigation.

12.3 Illinois

Protection: This policy's commitment to transparency about AI use in all business functions, including human resources, satisfies the state's Employment AI Disclosure Law (effective January 1, 2026), reducing the risk of employee complaints and enforcement actions.

12.4 Texas

Protection: Companies subject to TRAIGA (Texas Responsible AI Governance Act, effective January 1, 2026) that operate under this policy are positioned to demonstrate compliance with AI disclosure requirements for government services and healthcare applications.

12.5 Utah

Protection: This policy's accountability provisions (Section 4.2) and the commitment not to disclaim responsibility by attributing outcomes solely to AI are consistent with Utah's AI Policy Act, which prohibits companies from using AI as a defense to shift blame for harmful outcomes.

12.6 European Union

Protection: This policy's transparency and governance practices position companies serving EU customers to address the EU AI Act's disclosure and documentation obligations (Regulation 2024/1689; GPAI provisions effective March 2026). The oversight framework, risk management, and disclosure practices align with the Act's requirements for deployers of AI systems.

12.7 Federal

Protection: In the event of conflict between federal and state AI requirements, this policy's commitment to the higher standard of transparency and consumer protection positions the company favorably regardless of how federal preemption develops. This policy is aligned with FTC Act Section 5 expectations regarding truthful AI claims and transparent business practices, and reflects lessons from FTC Operation AI Comply enforcement actions (settlements exceeding $17 million).

This section is not exhaustive. AI regulation is evolving rapidly across jurisdictions. The governance practices in this policy are designed to provide broad, durable protection that extends to new regulatory requirements as they emerge.

13. Legal Provisions

13.1 Accountability for AI Outcomes

Hobbs Advisory Group takes responsibility for AI outputs used in our operations. Ultimate accountability for decisions, content, and services rests with our organization and the humans who oversee them. We do not disclaim responsibility for AI-related outcomes by attributing them to the AI system alone. This commitment is consistent with the requirements of state laws, including the Utah AI Policy Act and California AB 316, that prohibit companies from using AI as a basis to shift blame for harmful outcomes.

13.2 No Guarantee of Perfection

While we implement rigorous quality controls and human oversight, we do not guarantee the accuracy, completeness, or appropriateness of all AI outputs. AI is a tool that assists our team, but ultimate responsibility rests with our organization. Users should exercise independent judgment and verify important information, particularly for significant decisions.

13.3 Limitation of Liability

To the extent permitted by law, liability for errors, inaccuracies, or issues arising from AI usage is subject to the limitations set forth in our engagement agreements, provided we have exercised the governance practices described in this policy.

13.4 Governing Law

This policy is governed by the laws of the State of Georgia without regard to conflicts of law principles. Disputes related to our AI practices are subject to the dispute resolution procedures in our engagement agreements.

13.5 Severability

If any provision of this policy is found invalid or unenforceable, the remaining provisions continue in full effect, and the invalid provision will be modified to the minimum extent necessary to make it valid and enforceable.

14. Contact and Transparency

For questions, concerns, or requests about our AI practices, contact us at:

We respond to all AI-related inquiries within two business days. We are committed to transparency and welcome inquiries about our AI practices.

What to Include in Your Inquiry:

• Your name and contact information
• Nature of your question or concern
• Relevant details (dates, interactions, content involved)
• Specific requests (human review, explanation, opt-out, etc.)
• Preferred response method

15. Additional Information

15.1 Related Policies

• Privacy Policy — General data practices
• Terms and Conditions — Legal terms of service
• AI Disclosure Document — Specific AI systems and details (internal governance record)

15.2 Industry Resources

• National Institute of Standards and Technology (NIST) AI Risk Management Framework
• Federal Trade Commission (FTC) AI Guidance
• EU AI Act and Implementation Guidance