Legal

Public legal documents

Provider documented recommended procedures

This section sets out the procedures Mortem AI recommends customers follow to maintain "adequate human oversight" of the Services, as referenced in customer Master Service Agreements (Article 11.2(c)(iii) and Schedule A Section A.4). These procedures support the AI risk allocation set out in customer agreements and are part of the framework against which the parties' respective responsibilities for AI Output are assessed.

1. Maintain designated human representatives

Customer should designate one or more human representatives available during the customer's published business hours, capable of receiving escalations from Sarah AI and responding to End Users when Sarah hands off a conversation. Designated representatives should have authority to engage with families on matters Sarah is not authorised to handle (final pricing commitments, cremation authorisation, contractually binding statements, professional judgment calls).

2. Respond to escalations within commercially reasonable timeframes

Escalations from Sarah AI fall into two categories:

• Routine escalations (general questions outside Sarah's configured scope, scheduling needs that require human input): responded to within the customer's published business hours, typically within four (4) business hours.
• Priority escalations (distress or grief crisis indicators, suicidal ideation, urgent immediate-need requests, regulatory or compliance queries, complaints): responded to as soon as practicable, typically within one (1) business hour during business hours and on a next-business-day basis after hours, with after-hours acknowledgement to the End User where SMS or email channels permit.

3. Review AI Output before relying on or communicating it externally

Sarah AI generates conversational Output using probabilistic large language model technology. Output may occasionally contain inaccuracies, outdated information, or content that does not reflect the customer's intended messaging. Customer is expected to:

• Review Sarah's responses periodically through the conversation dashboard or transcript review tools provided;
• Verify pricing, service availability, scheduling, and similar factual representations communicated to End Users before relying on them as binding;
• Configure Sarah's knowledge base (RAG documents) accurately and update it when customer's services, pricing, hours, or staff change;
• Use the AI/human takeover function in the conversation viewer where Sarah's response is incorrect, inappropriate, or where human handling is warranted.

4. Maintain required AI transparency to End Users

Sarah AI identifies itself as an automated AI assistant at the start of every interaction (as required by California SB 1001 and Quebec Law 25). Customer should not represent the Services as a human service, should not disable or modify Sarah's AI disclosure, and should include appropriate AI disclosures in its own website terms and privacy policy.

5. Configure sensitive data restrictions

Sarah AI is configured by default to decline to process Social Security numbers, financial account numbers, Protected Health Information, and cause-of-death information. Customer should not configure custom prompts or knowledge base content that requires Sarah to elicit or process these categories. Where a configuration appears to require processing of restricted data, customer should escalate to Provider at [email protected] before deployment.

6. Maintain accurate escalation contact information

Customer should keep the escalation contact information for each Location current. Where contacts change, customer should update the escalation list through the onboarding portal or by contacting [email protected]. Sarah's escalation routing depends on this list being accurate.

7. Obtain required consents for messaging

Customer is responsible for obtaining and maintaining all consents required for SMS, MMS, and email communication with End Users under TCPA, CAN-SPAM, CASL, and other applicable laws, including A2P 10DLC registration for US SMS. Mortem AI provides messaging infrastructure but is not the message sender for regulatory purposes.

8. Cooperate with privacy and data subject requests

As data controller for customer's End User data, customer is the first point of contact for End User privacy requests (access, correction, deletion, automated decision-making review). Customer should respond to such requests within applicable legal timeframes. Mortem AI provides reasonable assistance to customer in fulfilling these requests; contact [email protected] for processor-level assistance.

Updates to these procedures. These procedures may be updated from time to time. Material updates will be communicated to customers in advance through the channels specified in customer agreements. The version of these procedures in effect at the time of a given dispute is the version that applies, unless the customer agreement specifies otherwise.

Contact

For questions about any of the documents linked above, or about Mortem AI's legal or compliance practices generally:

Mortem AI Inc.
1717 Devney Drive
Altoona, Wisconsin 54720
United States

General: [email protected]
Privacy: [email protected]
Security: [email protected]