Our Wave is dedicated to empowering survivors through technology, ensuring our AI tools remain ethical, transparent, and effective in meeting their needs.
Why This Policy Exists
Our Wave uses AI to personalize our offerings, reach more survivors, and move faster as a small team. AI helps us think more carefully: surfacing diverse perspectives, stress-testing assumptions, gathering and synthesizing feedback, and working through complex problems with greater rigor. It makes our work more considered, not just faster. It never replaces the human care at the center of everything we do.
The people we serve are in vulnerable moments, and the information they trust us with reflects some of the most sensitive experiences a person can have. That combination demands clear rules.
This policy exists to do two things. First, protect survivors, their data, and the integrity of our work. Second, give our team a practical framework for using AI confidently and responsibly. We hold two obligations at the same time: use technology to maximize our impact toward our mission, and respect the rights and dignity of every person we interact with. This policy makes both obligations specific.
The Principles That Guide Us
These four principles sit above every section that follows. When a gray area comes up, we come back to these.
Survivor protection comes first. No efficiency gain, technical capability, or organizational convenience justifies compromising the safety, privacy, or dignity of the people we serve.
Humans stay in the loop. AI supports human judgment. It does not replace it. Every AI output that reaches a survivor, a partner, or the public passes through a human first. The only exception is content that is clearly labeled as AI-generated.
We are transparent about what we build and how we use data. When AI plays a role in a decision, we explain how. When we collect data, we say why. When something goes wrong, we say so.
AI acts only within tight boundaries. The stakes of an incorrect autonomous action in our context are higher than at most organizations. A fabricated statistic, a misrouted resource, or an insensitive message can cause real harm to someone in a vulnerable moment. We scope AI authority accordingly.
How We Use AI
We use AI to support our work in content development, research, internal operations, and platform improvements. In every case, our use of AI is guided by a single question: does this protect and serve survivors?
All AI-assisted work that involves Our Wave data, survivor information, or organizational content takes place inside a single authorized AI environment administered by our Chief Technology Officer. Personal AI accounts, free-tier tools, and unvetted third-party services are not permitted to handle our data. The list of approved tool integrations is reviewed every six months.
When AI plays a role in a decision that affects you, we provide clear explanations of the processes involved so that those decisions can be understood by the people they affect.
What AI Can and Cannot Do
This is the practical application of our “tight boundaries” principle. AI may prepare. Humans decide and act.
- AI can draft an email. It cannot send one.
- AI can query a database. It cannot write to one.
- AI can suggest a resource. It cannot share it with a survivor.
- AI can generate content. It cannot publish it.
Any tool or database access an AI system has is read-only and scoped as narrowly as the use case allows. Write access to any system requires case-by-case authorization with documented justification.
Protecting Your Data
Survivor data is treated with the highest level of care.
We collect data only with informed, affirmative consent. You retain agency over your personal data. That includes the right to understand how your data is used, to withdraw consent, and to request deletion. Community-informed agreements on data collection and ownership guide our practices and are made available in clear language in our Privacy Policy.
We do not share survivor data with external AI systems. We do not paste, upload, or otherwise provide internal Our Wave content or survivor data to any unauthorized AI tool. We do not allow unvetted AI services to access our accounts, integrations, or tools. These rules apply to free-tier models, personal accounts, locally-run open-source tools, and any third-party AI service not explicitly approved under this policy.
Our data privacy practices are reviewed at least twice per year and comply with applicable privacy regulations across the jurisdictions where we operate.
How We Handle Meetings
We use a single approved AI notetaker for Our Wave meetings, administered by our CTO. Third-party notetakers are not permitted on our side of any call.
When someone outside Our Wave joins a meeting with their own AI notetaker enabled, we use judgment based on the sensitivity of the conversation. For routine conversations without sensitive content, allowing it may be fine. For anything involving survivor data, organizational specifics, or otherwise sensitive material, we ask the external participant to disable their notetaker, or we move that portion of the conversation offline.
This restriction exists because third-party notetakers route meeting audio and transcripts through external systems whose data handling, retention, and AI training practices we have not vetted.
Content Standards
Not all content carries the same risk. We apply different levels of human review depending on what the content is and who it reaches.
Platform and website content (educational resources, guides, FAQs, anything a survivor might rely on for information or guidance): AI may draft. A human reviews and approves before publication.
Community communications (emails to survivors, social posts, partner updates): AI-assisted but human-authored. AI can help with structure, drafting, or tone-checking. The final version is written and owned by a team member.
Internal operational content (meeting notes, internal summaries, planning documents): AI may draft. A team member reviews before circulating.
Anything that cannot be reviewed before distribution is clearly labeled “Created by AI.”
Content That Is Never Acceptable
The following are banned without exception, regardless of intent or context:
- Content that simulates survivor voices
- Fabricated testimonials or quotes attributed to survivors
- Synthetic trauma narratives of any kind
- Any content designed to represent the lived experience of a survivor that was not actually authored or directly approved by that survivor
The boundary must be unambiguous and enforceable.
Images, Video, and Statistics
Any photorealistic image or video created primarily by AI is clearly labeled as AI-generated at the point of use. If an identifiable person appears in AI-generated media, that person has given explicit permission for their likeness to be used in that specific context.
Every statistic, metric, or data point in AI-assisted content, whether it references Our Wave’s data or an external source, is independently verified and sourced by a team member before publication. AI systems frequently produce plausible but inaccurate numbers. We cite the source. We confirm the number.
Fairness and Bias Prevention
We conduct bias audits of our AI systems and outputs at least twice per year. These audits evaluate for cultural bias, linguistic bias, accessibility gaps, and patterns that may disadvantage or exclude specific populations within the communities we serve.
Where we develop or fine-tune AI tools, the data we use is diverse and representative. Gaps in representation are identified during audits and addressed on a documented timeline.
When Something Goes Wrong
We define an AI incident as any event where an AI system used by or connected to Our Wave produces harmful, inaccurate, or inappropriate content that reaches a survivor, partner, or the public; exposes, leaks, or mishandles survivor data or other sensitive information; behaves in an unexpected way that creates risk; or is used in violation of this policy.
When an incident happens, we move quickly:
- We contain it. The person who discovers the incident stops the affected process right away. If harmful content was published, we pull it. If data was exposed, we restrict access.
- We notify leadership within 24 hours. Our CTO is notified. If the incident involves survivor data exposure, our Executive Director is notified in the same window.
- We assess scope and severity. Who was affected, what data or content was involved, whether the issue is still active, and what caused it.
- We remediate. This may include correcting or removing published content, revoking system access, patching vulnerabilities, updating safeguards, and retraining staff.
- We communicate with affected parties. If survivors or community members were impacted, we tell them directly what happened, what was involved, what we did, and what is changing. Honesty and speed matter more than polish.
- We learn from it. Within 30 days of resolution, our CTO completes a written review covering root cause, impact, response effectiveness, and the specific policy or technical changes being made.
Building AI Tools Internally
Any AI tool we build or commission ourselves meets baseline standards.
User input is sanitized and validated before reaching a model. Systems are hardened against prompt injection, jailbreaking, and other adversarial techniques. Any database or tool access granted to a model is read-only unless an explicit, documented exception is approved by our CTO. Even read access is scoped as narrowly as the use case allows. Outputs that reach survivors meet the same human review standards described above.
Tools are tested for accuracy, safety, and bias before they go live. Testing includes adversarial inputs, edge cases relevant to our survivor population, and review by someone who did not build the tool.
Third-Party Tools
Any third-party AI tool proposed for use in our operations is evaluated against this policy before adoption. We look at data handling practices, privacy protections, content generation safeguards, and the vendor’s own published AI ethics commitments. Approved tools are documented and reassessed every six months.
Governance, Training, and Accountability
Who owns this. Responsibility for AI governance at Our Wave sits with our Chief Technology Officer. That includes overseeing how AI is used across the organization, maintaining the approved tools and integrations list, ensuring compliance with this policy, leading incident response, and recommending updates as the landscape evolves.
Training. Every team member receives training on responsible use of approved tools, data handling requirements, content review expectations, and how to recognize and report incidents. Training is not a one-time event. It is updated as tools and policy change, and it is designed to build genuine understanding rather than just check a box.
Monitoring. We continuously monitor the performance and impact of our AI systems on both our operations and the communities we serve. We publish annual impact reports detailing effectiveness, outcomes, and areas for improvement.
Community feedback. We maintain active feedback channels, including surveys, focus groups, and accessible online forms, to hear from the people our AI systems affect. Community input informs policy development and tool design. It does not just validate decisions already made.
Policy review. This policy is reviewed at least every six months. Reviews may also be triggered by significant changes in AI technology, new regulatory requirements, or lessons from incidents. The review process is transparent, and staff and community input are part of it.
Your Voice Matters
We welcome your questions, concerns, and feedback about how we use AI. Our commitment to transparency means we want to hear from you, and we want your input to shape how we build. You can reach us at [email protected].
This policy is a living document, not a shelf document. It reflects where we are today, and it will change as the technology and our understanding of it evolve. What will not change is the commitment underneath it: that we use AI to serve survivors better, not just faster, and that we hold ourselves to a higher standard because the people who trust us deserve nothing less.
Updated May 19, 2026
Back to top
