At 84EM, we use artificial intelligence (AI) tools to enhance our WordPress development services while safeguarding client confidentiality and minimizing data exposure.
This policy explains when and how we use AI, which providers we rely on, and the controls available to you.
If you prefer, we can complete your project without using third-party generative AI—see Client Controls.
Last Updated: September 5, 2025
How We Use AI
We treat AI as an assistive development tool, similar to an editor or framework, to improve speed and quality. Typical uses include:
- Research, ideation, and architectural comparisons
- Boilerplate/code suggestions, refactoring ideas, and documentation drafts
- Brainstorming test cases and identifying edge conditions
Human Expertise & Quality Assurance
- All AI-assisted suggestions are reviewed by an engineer before inclusion
- We test for functionality, performance, and security before merge
- We follow coding standards and tailor solutions to project requirements
AI & LLM Providers
We sometimes use third-party AI services as assistive development tools—currently Anthropic Claude and OpenAI ChatGPT. We avoid including client confidential information or personal data in prompts unless you ask us to and it is necessary for the project; in those cases we limit the data to the minimum required. For details on provider handling of data, see their public documentation:
When We Do—and Don’t—Use AI
We use AI for the purposes described above. We do not use AI with the following without your written approval:
- Client confidential data, trade secrets, or access credentials
- Personal data (PII) or regulated data (e.g., PHI/financial account data)
- Information restricted by NDA or contractual terms
If a prompt must include real client data, we will obtain your approval and limit the data to the minimum required for the task.
Retention, Storage & Logging
We minimize storage of prompts and outputs. Where we retain AI-assisted artifacts (e.g., code diffs, tickets, or documentation), they reside in our private project systems and follow the retention practices in our Privacy Policy. Provider-side handling depends on product tier and configuration; we select settings that align with data minimization.
Client Controls
- Opt out of AI-assisted workflows at any time
- Require written approval for any prompt containing real client data
- Request a list of AI tools used on your project
- AI-Free Option: Upon request, we will complete your project without using third-party generative AI to process your code, content, or data.
- Scope note: This AI-free option does not restrict security/performance infrastructure that may use machine learning under the hood (e.g., WAF/CDN threat mitigation), and it does not prohibit non-generative developer tooling (e.g., linters, compilers).
Security
We follow least-privilege access, regular hardening, and external vulnerability scanning as part of our broader security program. Our infrastructure providers (e.g., Kinsta hosting; Cloudflare WAF/CDN) and related practices are disclosed in our Privacy Policy.
Intellectual Property & Licensing
- All deliverables are human-reviewed and tested before inclusion
- We avoid verbatim third-party code and check license compatibility
- Deliverables are provided under our agreement and applicable licenses
Transparency
- We disclose AI usage upon request and can note where AI materially assisted
International Transfers & DPAs
Our providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) through provider data protection terms. We will enter into a Data Processing Addendum upon request. See our Privacy Policy for details.
Contact & Policy Updates
Questions about this policy? Contact us. We may update this policy to reflect changes in our practices or applicable law. Significant changes will be noted here and dated above.
Effective Date: September 5, 2025