How we hold
ourselves to account.

Code of Conduct & Ethics

Core principles

• Integrity & honesty — no misleading claims about our platform, our data, or what our AI can and cannot do.
• Respect & fairness — colleagues, customers and partners treated with dignity; zero tolerance for discrimination or harassment.
• Compliance & legality — adhere to all applicable laws and to every policy in this hub.
• Confidentiality — customer data and engagement details are protected; used only for legitimate, contracted purposes.
• Conflicts of interest — disclosed and managed; company interest before personal gain.
• Accountability — we own our actions and foster a culture of openness and constructive challenge.

Implementation

Every employee, officer and director must understand and comply with this Code. Violations may result in disciplinary action up to termination. Regular training reinforces understanding, and concerns can be raised confidentially under our Whistleblowing & Speak-Up policy without fear of retaliation.

Anti-Corruption & Anti-Bribery

Our commitment

• Zero tolerance for offering, giving, soliciting or accepting any bribe or improper payment, including facilitation payments.
• Compliance with all applicable anti-corruption law, including the Swiss Criminal Code, the UK Bribery Act and the US FCPA.
• Gifts & hospitality kept modest, transparent, and never used to influence a decision; recorded where material.
• Due diligence on partners, resellers and suppliers to ensure they share these values.
• Accurate books — every transaction recorded truthfully; no off-book accounts.

Enforcement

Allegations are investigated promptly and confidentially. Substantiated involvement in corrupt activity results in disciplinary action up to termination and, where appropriate, referral to authorities. The Compliance function oversees training, monitoring and response.

Responsible Corporate Finance & Governance

Our commitment

• Fair tax — comply with tax law in every jurisdiction we operate; no aggressive avoidance schemes.
• Fair competition — no cartels, market abuse or anti-competitive conduct; staff trained on competition law.
• Financial integrity — accurate, complete reporting; effective internal controls; regular audit and risk assessment.
• Ethical funding — investments and funding aligned with our values; transparent shareholder communication.
• Governance — structures that promote accountability, with Board oversight of this policy.

Whistleblowing & Speak-Up

How to raise a concern

Anyone — employee, contractor, customer or partner — may report suspected illegal, unethical or unsafe conduct through a confidential channel. Reports can be made by name or anonymously to ethics@insigz.com or via our website contact form.

Our commitment

• Non-retaliation — no detriment, dismissal or disadvantage for raising a concern in good faith.
• Confidentiality — identity protected to the fullest extent possible.
• Prompt investigation — every report reviewed; substantiated issues remediated and, where required, disclosed.
• Feedback — reporters informed of outcome where lawful and practicable.

Responsible AI

insigz builds AI agents that fuse intelligence data and draft analysis. Because those outputs inform consequential decisions, we hold our AI to principles that are encoded in the product itself — not merely stated here.

Our principles

• Human authority (AI supports, never decides). No agent publishes a customer-facing artifact autonomously. Consequences, reports and schema changes are drafted by AI and approved, edited or overridden by a named human.
• Grounding & no fabrication. The analyst is grounded at the observation layer; it cites the underlying signed records and explicitly refuses when it lacks evidence rather than inventing facts.
• Transparency of reasoning. Every output shows the queries it ran and the evidence it used; no black-box outcomes.
• Provenance & auditability. Every inference is logged with timestamp, user, inputs and the full provenance chain, and is exportable.
• Human-committed data model. New sources and schema changes are agent-drafted but human-committed — a Steward approves the diff before anything touches the canonical model. No silent schema changes, no silent entity merges.
• Fairness & bias. We assess models for biased or disparate outputs and document known limitations.
• Privacy & proportionality. AI is applied to lawful, contracted purposes only, with data minimisation by default.

Governance

Our Responsible AI principles are reviewed as models and capabilities evolve. Material concerns about an AI output or behaviour can be raised to ai-ethics@insigz.com and are reviewed by senior engineering and compliance leadership.

Responsible Use & Customer Vetting

insigz is a dual-use intelligence-fusion platform. We are deliberate about what we are not, and about who may use what we build.

What insigz does not do

• No classified data, no SCIFs, no sovereign or clandestine-service sales — we fuse open and commercially-licensed sources only.
• No enabling of unlawful mass surveillance, unlawful targeting, or the suppression of journalists, activists, minorities or protected groups.
• No use that violates international humanitarian law, sanctions, or fundamental human rights.

Customer vetting (KYC)

• Know your customer. We screen prospective customers, their ownership and their intended use before contracting.
• Sanctions screening. Customers and beneficial owners are screened against OFAC, EU, UK and Swiss SECO lists (see Export Controls & Sanctions).
• Acceptable-use terms. Every engagement is bound by acceptable-use clauses; prohibited uses are grounds for immediate suspension.
• Right to refuse. We may decline or terminate any engagement we judge incompatible with this policy, without obligation to justify commercially.

Reporting misuse

Suspected misuse of the platform can be reported to compliance@insigz.com; reports are investigated and may result in suspension, termination and disclosure to authorities.

Export Controls & Sanctions Compliance

Our commitment

• Export controls. Compliance with Swiss Goods Control (GKG/GKV), EU dual-use Regulation 2021/821, and applicable US EAR controls before any cross-border provision of technology or support.
• Sanctions. No products, services or support provided, directly or indirectly, to sanctioned persons, entities or territories. Customers and beneficial owners are screened against OFAC, EU consolidated, UK OFSI and Swiss SECO lists.
• Continuous re-screening. Designations change; we re-screen active customers and suppliers and act on new matches.
• Deemed exports. Access by foreign nationals to controlled technology is assessed where relevant.
• Record keeping. Screening, classifications and licences are documented and auditable.

Escalation

Any potential match, ambiguity or licence question is escalated to Compliance before proceeding. When in doubt, we stop.

Data Protection & Privacy

Our commitment

• Lawful, minimal processing — we process only what an engagement requires, for defined purposes.
• Residency — customer data lives in single-tenant stores in Switzerland or your required region; we do not transit US infrastructure by default.
• Security — TLS 1.3 in transit, AES-256 at rest, per-tenant KMS keys (see Information Security).
• No selling, no ad-tech — we never sell data and use no third-party advertising trackers.
• Data-subject rights — access, rectification, erasure, portability and objection under FADP and GDPR, honoured within statutory timelines.

Reference

Full detail — what we collect, retention periods, sub-processors and how to exercise your rights — lives in our Privacy Policy and Sub-processor list. Questions: privacy@insigz.com.

Information Security

Our commitment

• Tenant isolation — each engagement runs in its own database, VPC, service account and KMS keys; zero cross-tenant query paths in production.
• Encryption — TLS 1.3 in transit, AES-256 at rest; bring-your-own-key supported.
• Authentication — OIDC SSO, MFA enforced for all roles, row-level security in the database.
• Audit — append-only, signed logs of every read, write, inference and approval, exportable to the customer.
• Vulnerability management — third-party penetration testing, automated dependency scanning, responsible-disclosure programme, and a 72-hour incident-notification SLA.
• Per-incident support access — support has no standing access; access is named, scoped, time-boxed and logged.

Reference

See our public Security overview for architecture detail. Report a vulnerability to security@insigz.com.

Human Rights & Civil Liberties

Our commitment

• Respect for human rights — we avoid causing or contributing to adverse human-rights impacts through our operations or our technology.
• Privacy & proportionality — we design for data minimisation and lawful, proportionate use; we do not facilitate unlawful surveillance.
• Civil liberties — we will not knowingly enable the targeting or suppression of journalists, human-rights defenders, minorities or protected groups (see Responsible Use).
• Non-discrimination & equality — equal opportunity across our workforce and operations.
• Labour rights — fair wages, safe conditions, freedom of association; prohibition of child, forced and trafficked labour.
• Grievance & remedy — accessible channels to raise human-rights concerns, investigated promptly and fairly.

Due diligence

We conduct human-rights due diligence on use cases, customers and high-risk suppliers, and we integrate findings into our vetting and sourcing decisions.

Decent Work & Fair Employment

Our commitment

• Fair employment — competitive, equitable compensation; non-discrimination in hiring and promotion; stability where feasible.
• Work-life balance — flexible arrangements, reasonable hours, support for family responsibilities.
• Dignity at work — zero tolerance for harassment, bullying or abuse; fair, prompt grievance handling.
• Voice — open communication and respect for the right to organise and bargain collectively.

Diversity, Equity & Inclusion

Our commitment

• Diversity — across race, gender, age, religion, disability, sexual orientation and background.
• Equity — fair, unbiased recruitment, selection, training and promotion; diverse interview panels where possible.
• Inclusion — a culture of respect where everyone can reach their potential; support networks for under-represented groups.
• Zero tolerance — discrimination and harassment are investigated promptly and confidentially.
• Measurement — we monitor diversity data and recruitment/promotion patterns and act on what we find.

Health, Safety & Wellbeing

Our commitment

• Safe environment — hazards identified, assessed and managed; equipment maintained; compliance with Swiss occupational-safety law (SUVA/EKAS).
• Training — induction and ongoing safety training, including emergency response.
• Psychological safety & wellbeing — support for mental health and a culture where people can speak up.
• Participation — employees consulted on safety matters and encouraged to report hazards.
• Continuous improvement — incidents investigated and used to prevent recurrence.

Training & Development

Our commitment

• Opportunities — on-the-job training, workshops, courses, conferences and e-learning.
• Career development — clear paths, cross-functional exposure, mentorship and coaching.
• Performance — development goals set and reviewed; training needs identified through regular feedback.
• Resources — budget and time allocated so participation is real, not theoretical.
• Inclusivity — development is accessible to all employees regardless of role, level or location.

Anti-Slavery, Anti-Trafficking & Child Labour

Our commitment

• Prohibition — no slavery, servitude, forced or compulsory labour or human trafficking, anywhere in our operations or supply chain.
• No child labour — no employment below age 15 (or 14 where permitted by the ILO), or below the legal minimum age, whichever is greater.
• Due diligence — risk assessment and screening of suppliers and contractors before and during engagement.
• Contractual flow-down — suppliers must uphold these standards (see Supplier Code of Conduct).
• Remediation — confirmed cases investigated and remediated, with support for affected individuals.

Supplier Code of Conduct

Adherence to this Code is a condition of doing business with insigz. We verify compliance through assessment and reserve the right to audit.

Expectations

• Legal compliance — all applicable laws and regulations where they operate.
• Business integrity — no corruption, extortion or bribery; transparency; respect for IP.
• Labour & human rights — no child or forced labour; non-discrimination; fair pay; humane hours; freedom of association.
• Health & safety — safe working conditions, training and protective equipment.
• Environment — regulatory compliance and responsible production and waste management.
• Security & confidentiality — protection of any insigz or customer data they handle.
• Reporting — prompt disclosure of known or suspected violations.

Responsible Sourcing

Our commitment

• Ethical practices — transparency and honesty; rejection of bribery and corruption.
• Human rights & labour — suppliers uphold international labour standards and the prohibitions above.
• Environmental stewardship — sustainable, low-impact practices encouraged and assessed.
• Security & quality — data-handling, quality and safety standards required of vendors who touch our stack.
• Supplier diversity — equal opportunity in procurement; participation of diverse and small suppliers encouraged.
• Monitoring — assessments and audits; prompt action on violations.

Environmental Responsibility

Emissions & energy

• Measure and work to reduce our greenhouse-gas footprint, prioritising cloud regions and providers powered by renewable energy.
• Prioritise energy efficiency in our offices and operations; favour low-emission travel and remote-first collaboration.

Materials & waste

• Minimise material use; prioritise reusable, recycled and responsibly-sourced equipment; manage e-waste through certified channels.
• Reduce, reuse and recycle across our operations.

Supply chain & transparency

• Favour vendors with credible sustainability commitments (see Responsible Sourcing).
• Comply with applicable environmental law and report progress to stakeholders.

Because our direct footprint is modest, our largest environmental lever is the efficiency of the infrastructure we run on — which we weigh in vendor and region selection.