At 84EM, we use artificial intelligence (AI) tools to enhance our WordPress development services while safeguarding client confidentiality and minimizing data exposure.
This policy explains when and how we use AI, which providers we rely on, and the controls available to you.
If you prefer, we can complete your project without using third-party generative AI—see Client Controls.
Last Updated: October 24, 2025
How We Use AI
We treat AI as an assistive development tool, similar to an editor or framework, to improve speed and quality. Typical uses include:
- Research, ideation, and architectural comparisons
- Boilerplate/code suggestions, refactoring ideas, and documentation drafts
- Brainstorming test cases and identifying edge conditions
Human Expertise & Quality Assurance
- All AI-assisted suggestions are reviewed in depth by a human before acceptance.
- We test for functionality, performance, and security before inclusion.
- At no time are AI tools working autonomously; they are guided and closely reviewed by an engineer with 30 years of experience.
AI & LLM Providers
With client approval, we use third-party AI services as assistive development tools—currently, Claude Code (developed by Anthropic↗), Codex CLI (developed by OpenAI↗), and Copilot (developed by GitHub↗).
We avoid including client confidential information or personal data in prompts unless you ask us to and it is necessary for the project; in those cases, we limit the data to the minimum required. For details on provider handling of data, see their public documentation:
When We Do—and Don’t—Use AI
We use AI for the purposes described above.
We do not use AI for the following without your written approval:
- Client confidential data, trade secrets, or access credentials
- Personal data (PII) or regulated data (e.g., PHI/financial account data)
- Information restricted by NDA or contractual terms
Retention, Storage & Logging
We minimize the storage of prompts and outputs. Where we retain AI-assisted artifacts (e.g., code diffs, tickets, or documentation), they reside in our private project systems. They are subject to the retention practices outlined in our Privacy Policy. Provider-side handling depends on product tier and configuration; we select settings that align with data minimization.
Client Controls
- Opt out of AI usage at any time
- Require written approval for any prompt containing real client data
- Request a list of AI tools used on your project
- AI-Free Option: Upon request, we will complete your project without using third-party generative AI to process your code, content, or data.
- Scope note: This AI-free option does not restrict security/performance infrastructure that may use machine learning under the hood (e.g., WAF/CDN threat mitigation), and it does not prohibit non-generative developer tooling (e.g., linters, compilers).
Security
We follow least-privilege access, regular hardening, and external vulnerability scanning as part of our broader security program. Our infrastructure providers (e.g., Kinsta hosting; Cloudflare WAF/CDN) and related practices are disclosed in our Privacy Policy.
Intellectual Property & Licensing
- All deliverables are human-reviewed and tested before inclusion
- We avoid verbatim third-party code and check license compatibility
- Deliverables are provided under our agreement and applicable licenses
Transparency
- We disclose AI usage upon request and can note where AI materially assisted.
International Transfers & DPAs
Our providers may process data in the United States and other countries. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) through provider data protection terms. We will enter into a Data Processing Addendum upon request. See our Privacy Policy for details.
Contact & Policy Updates
Questions about this policy? Contact us. We may update this policy to reflect changes in our practices or applicable law. Significant changes will be noted here and dated above.