AI Governance
Autonomous Agent Policy
What your AI workers may do, what you authorize, and what remains under your control.
Autonomous Agent Policy
This policy explains how Allorc's AI workers can act on behalf of users and the conditions that apply to that delegated behavior.
What an AI worker may do
Depending on the permissions, plan, connected services, and controls you enable, an AI worker may:
- draft or send messages;
- summarize conversations and files;
- create or update tasks, notes, or records;
- call supported integrations or external APIs;
- schedule meetings or create calendar events;
- trigger workflows based on user prompts or configured automations.
Your authorization
By enabling an integration, granting permissions, or instructing an AI worker to act, you authorize Allorc to take those actions within the scope you have configured.
You must not grant permissions that you are not legally or contractually authorized to delegate.
Your responsibilities
You are responsible for:
- selecting appropriate permissions and approval requirements;
- confirming that your prompts, workflows, and automations reflect your intent;
- reviewing actions and outputs before relying on them in important contexts;
- monitoring connected services for unintended actions, failures, or duplicates.
Limits on delegated authority
Unless Allorc expressly provides a feature designed for it, AI workers are not intended to independently:
- enter into binding legal commitments on your behalf;
- make financial transfers or spending decisions without explicit authorization;
- change security settings, credentials, or access control in ways that materially increase risk;
- delete large volumes of critical business data without a deliberate approval path.
Action approval model
Allorc may classify actions into risk categories. Lower-risk actions may run automatically. Higher-risk actions may require approval or confirmation.
The current model is described in the Action Confirmation Policy.
External communications
If you permit AI workers to communicate with third parties, you are responsible for:
- the recipients you authorize;
- the content and purpose of those communications;
- confirming that messages comply with law, contract, and applicable anti-spam rules;
- reviewing sensitive or high-impact communications before dispatch where appropriate.
Connected services
When an AI worker acts through a connected third-party service, the third-party service may impose its own limits, failures, delays, or policy restrictions. Allorc cannot guarantee availability or performance of those external systems.
Auditability and records
Where available, users should use Allorc's logs, activity history, or workflow records to review what actions were taken and why.
Misuse and suspension
We may disable autonomous features or suspend your account if we believe an AI worker is being used in an unsafe, unlawful, deceptive, or abusive manner.