TrailTrack by Boardrooms to Backroads
Template — review with legal counsel. This document is a starting point and must be reviewed and adapted by a qualified attorney for your jurisdiction(s) before you rely on it.

AI Features & BYOK Disclosure

Last updated: 22 June 2026

This AI Features & Bring-Your-Own-Key (“BYOK”) Disclosure explains how artificial-intelligence features work in the TrailTrack web application and related services (together, the Service), operated by Boardrooms to Backroads Consulting LLC (“B2BC”, “we”, “us”, or “our”). It describes which features use AI, the BYOK model, what data is sent to a third-party AI provider and on whose account, how keys are stored, the limits of AI output, and the responsibilities of the Customer and each User. This Disclosure supplements, and should be read together with, our Terms of Service, Privacy Policy, and Disclaimer.

In this document, the Customer is the organization that subscribes to or is invited to use the Service; a User is an individual who accesses the Service; Content is the data, files, and other materials handled in a Workspace; and a Workspace is a Customer’s isolated environment within the Service.

1. AI features in the Service

The Service offers optional AI-assisted features that the Customer or a User may choose to enable and use. These include, for example: an interactive “Ask your portfolio” assistant that answers questions over your Content; a weekly digest that summarizes activity; a risk and compliance watch that flags items for review; and content-help features that draft, summarize, or rewrite text. AI features are off until enabled and only run when invoked, either by a User action or by an opt-in automated schedule the Workspace has turned on.

2. The BYOK model

AI features in the Service are strictly bring-your-own-key. We do not bundle, resell, or provide AI inference under our own account. Instead, the Customer optionally connects its own account or API key with a third-party AI provider of its choice. When an AI feature runs, it makes calls to that provider under the Customer’s own key. If no key is configured, AI features are unavailable and no Content is sent to any AI provider.

3. Supported AI providers

The Customer may connect a key from a supported third-party AI provider, which currently includes:

  • Anthropic;
  • OpenAI;
  • Google (Gemini);
  • xAI;
  • Mistral; and
  • any OpenAI-compatible endpoint the Customer configures.

The choice of provider, model, and configuration is the Customer’s. We do not control, endorse, or guarantee any provider, and the set of supported providers may change over time.

4. Data flow: what is sent to the provider

When an AI feature runs, the Service sends to the Customer’s chosen provider the relevant prompt and the Content needed for context. Depending on the feature, that context may include task, project, portfolio, document, or comment data that the requesting User is permitted to access, together with any instructions the User provides. This data is transmitted to the provider so the provider can generate a response, which is then returned to the Service and shown to the User. You should not submit Content to an AI feature that you are not permitted to disclose to a third-party AI provider.

5. The provider’s terms govern provider-side processing

Because AI calls are made under the Customer’s own key and account, the provider’s own terms of service, acceptable-use policy, and privacy policy govern how that provider processes the prompt and Content on its side, including any logging, retention, abuse-monitoring, or regional-routing practices. The Customer is responsible for reviewing and accepting the chosen provider’s terms and privacy policy directly with that provider before enabling AI features. We are not a party to, and are not responsible for, that provider-side processing.

6. Key storage and security

We store the Customer’s AI provider key server-side only. The key is encrypted at rest, is never exposed to the browser, is never shown to other Users or other Workspaces, and is used solely to make the AI calls the Customer or its Users request through the Service. Access to stored keys is restricted on a least-privilege basis. The Customer may rotate or remove its key at any time, which disables AI features that depend on it. We recommend rotating keys periodically and revoking any key you believe may be compromised, both in the Service and with your provider.

7. No training on your Content by us

B2BC does notuse Customer Content to train, fine-tune, or improve our own AI models. We use the Content only to perform the AI request the Customer or its Users initiate. Whether the third-party provider may use inputs or outputs for its own training or model-improvement purposes depends on that provider’s terms and account settings. The Customer should review and configure its provider’s training, retention, and data-use settings to match its requirements; those settings are controlled at the provider, not by us.

8. AI output is probabilistic and may be wrong

AI output is generated by probabilistic models and may be inaccurate, incomplete, outdated, biased, or entirely fabricated (often called a “hallucination”). Output may look confident and well-formed while still being wrong. AI features are provided for convenience and informational purposes only. They are not professional, legal, financial, accounting, tax, medical, or other expert advice, and must not be relied upon as such. A qualified human must review AI output before you act on it. See our Disclaimer for the full limitations that apply.

9. Human review and responsible use

The Customer and its Users remain responsible for the prompts they submit and for any decision made using AI output. Do not use AI features to make consequential decisions without independent human verification, and do not submit Content into AI features in violation of any law, contract, or third-party right. Use of AI features is subject to our Acceptable Use Policy and to the acceptable-use rules of the chosen AI provider.

10. Cost and billing

Because AI calls run under the Customer’s own key, the Customer is billed directly by its AI provider for all usage generated through the Service, according to that provider’s pricing. We do not mark up, meter for resale, or charge a separate fee for the inference itself. The Customer is responsible for monitoring and managing its own provider spend, including any usage limits, quotas, or budgets it wishes to set with the provider.

11. Automated and scheduled AI

Automated or scheduled AI features, such as the weekly digest and the risk and compliance watch, are opt-in per Workspace and default to off. They do not run, and they do not spend the Customer’s key, unless an authorized administrator enables them. When enabled, the resulting usage bills to the Customer’s key like any other AI call. Administrators can disable automated AI at any time.

12. MCP and connected tools

The Service may allow administrators to extend AI features with connected tools and data sources, including admin-managed Model Context Protocol (“MCP”) servers configured for a Workspace. When such tools are connected, an AI feature may send relevant context to, or receive data from, those tools as part of fulfilling a request, under the credentials and permissions the Workspace configures. The Customer is responsible for the tools and servers it connects and for ensuring it has the rights to share the relevant Content with them. Credentials for connected tools are handled server-side and are not exposed to other Users.

13. Availability and changes

AI features are optional and may be added, changed, suspended, or removed over time, including in response to provider availability, model deprecations, security needs, or legal requirements. Provider outages, rate limits, or errors may interrupt AI features independently of the rest of the Service. We may update this Disclosure from time to time; when we make material changes we will revise the “Last updated” date above and, where appropriate, provide additional notice within the Service.

14. Responsibility and your acknowledgment

By enabling or using AI features, the Customer and its Users acknowledge the BYOK model, the data flow to the chosen provider, the application of the provider’s terms to provider-side processing, and the probabilistic, non-advisory nature of AI output described above. Nothing in this Disclosure limits any non-waivable rights you may have under applicable law.

15. Contact us

If you have questions about AI features or this Disclosure, contact us at privacy@boardroomstobackroads.com. For related information, see our Privacy Policy, Subprocessors, Terms of Service, and Disclaimer.

TrailTrack is a product of Boardrooms to Backroads Consulting LLC. Patent pending.