BakedIn.coTechFoundations.ai
AI Use · v1.0 · Effective 2026-06-01

AI Use Disclosure

Where AI runs, where it does not, what we ground it on, and the choices you have. Citation hygiene checked by a Proof gate; every PR human-reviewed.

EU AI Act
Art 50
GDPR
Art 22
Grounded
paper_id

Effective: 2026-06-01 · Version: 1.0

BakedIn is built with AI as an operating capability, not bolted on. This page tells you, plainly, where AI is used in the Service, where it is not used, what guard-rails surround it, and the choices you have.

This disclosure exists because of, and aligns with:

  • EU AI Act 2024/1689, Article 50 — transparency obligations for AI systems interacting with people and for AI-generated content
  • GDPR Article 22 — your right not to be subject to solely automated decision-making with legal or significant effects
  • NIST AI Risk Management Framework 1.0 — Map, Measure, Manage, Govern
  • ISO/IEC 42001:2023 — AI management system

1. Where BakedIn uses AI

SurfaceAI usedPurpose
Lesson authoring (Learn / Practice / Adopt)Anthropic Claude (Opus / Sonnet / Haiku) via AWS BedrockDrafting lesson narrative, exercises, and feedback grounded in our internal corpus. Every claim is traceable to a paper_id.
Lesson hero imageryGoogle Gemini image generation (e.g. gemini-3-pro-image-preview)Generating art-directed hero backgrounds for marketing surfaces. No user data is sent to Gemini.
Audio narration (optional)ElevenLabs text-to-speechProducing the optional audio track for a lesson. You can turn audio off.
Corpus search and rankingAWS Titan V2 embeddings + HNSW indexFinding the most relevant paper given a topic, internally to the agent loop.
Agent loop (engineering work)Captain → coding_agent dispatch over Bedrock-hosted ClaudeDrafting code changes as pull requests. Every PR is reviewed and merged by a human (Glen Buchanan).
Citation hygieneThe Proof graderA non-generative quality check that verifies every claim in a generated lesson carries a valid corpus citation before the PR is allowed to merge.

If an AI feature is added in the future we will update this page before, not after, it goes live.

EU AI Act Art 50(1) — transparency to users that they are interacting with an AI system

2. Where BakedIn does not use AI

We explicitly do not use AI for:

  • Medical diagnosis or treatment recommendation. Wellness content is educational. Drug-interaction data is sourced verbatim from authoritative bodies (openFDA, DailyMed); the AI does not assert whether a pair interacts.
  • Autonomous decisions that affect you with legal or similarly significant effect (GDPR Art 22). No credit, insurance, employment, eligibility, or pricing decisions are made by AI.
  • Surveillance, biometric inference, emotion recognition, or social scoring (EU AI Act Art 5 prohibited practices).
  • Profiling minors. BakedIn is not directed to children under the ages in our Terms of Service.
  • Training a third-party model on Your Content without your explicit consent. Anthropic's Bedrock-served models do not train on prompts or completions per AWS's Bedrock service terms.

EU AI Act Art 5, Art 9-15 (high-risk obligations not triggered); GDPR Art 22

3. How we keep AI honest

3.1 Corpus grounding

Every BakedIn lesson is grounded in our paper corpus. When the agent drafts content, it retrieves paper passages by embedding similarity, then writes against those passages. Every claim that ends up in a published lesson carries a paper_id reference.

3.2 The Proof grader

Before any agent-authored content can merge, the Proof grader runs three checks:

  1. Evidence — does each claim cite at least one corpus paper?
  2. Citation hygiene — does each paper_id resolve and match the claim it supports?
  3. Editorial stance — does the writing match the BakedIn voice rubric (plain language, no AI tells, no em-dash overload)?

A change that fails any check is rejected automatically. No human override.

3.3 Human-in-the-loop

The agent loop produces pull requests, not deploys. A human (Glen Buchanan) reviews every PR before it merges. For public-facing legal text (this page, the Privacy Policy, the Terms) the agent can only draft; merging requires explicit human edit and approval.

3.4 Bedrock invocation logging

Every call to a Bedrock-hosted model — prompt and response — is logged to S3 in our account, with a 13-month retention. We can answer "what did the system do with this request" with evidence, not memory.

3.5 Limits we publish

  • We do not guarantee factual accuracy. AI is wrong sometimes even with grounding. If you spot an error, email privacy@bakedin.co or open an issue on our public repo.
  • We do not guarantee no bias. We test, but generative models carry their training-set distributions. Our editorial gate reduces — not eliminates — bias surface.

EU AI Act Art 50(2), Art 50(4); NIST AI RMF GV.RR, MS.4

4. AI-generated content disclosure

Where lesson hero imagery is AI-generated, the page bottom carries the line:

Hero artwork generated with Gemini. Real photographs of real people are licensed, not generated.

Where lesson audio is AI-generated:

Narration generated with ElevenLabs. Toggle to off in /account/preferences.

Where lesson narrative was drafted by the agent loop, the lesson metadata exposes authored_by: agent and the list of citing paper_ids. We do not pretend the agent loop is a human.

EU AI Act Art 50(2) — disclosure of AI-generated content

5. Your choices

You can:

  • Opt out of AI-personalised lesson ordering. Toggle in /account/preferences (Phase 1). Default ordering becomes the static pathway order.
  • Turn off AI-generated audio narration. Same place.
  • Request human review of any AI-influenced outcome that concerns you. Email privacy@bakedin.co with a clear description and we will respond within 30 days.
  • Request deletion of the prompts and outputs the system generated on your behalf via the Privacy Policy DSAR flow.

GDPR Art 22(3); EU AI Act Art 86 (right to explanation in certain cases)

6. Risk classification under the EU AI Act

BakedIn does not currently operate any AI system that falls into the high-risk categories listed in EU AI Act Annex III:

  • Not used in biometric identification
  • Not used in critical infrastructure
  • Not used in education to determine access to programmes, evaluate learning outcomes, or assess permissible behaviour in any formally-accredited setting (Learn is self-paced non-accredited material; see Terms §6.3)
  • Not used in employment, recruitment, or worker management
  • Not used to determine eligibility for essential public or private services, creditworthiness, or pricing of insurance
  • Not used in law enforcement, migration, or administration of justice

If a future feature were to qualify as high-risk, we will publish the Article 11 technical documentation and Article 27 conformity assessment before launching it.

EU AI Act Annex III, Art 6(2), Art 11, Art 27

7. Models in use

ProviderModel familyWhere it runsTraining-on-your-data?
AnthropicClaude (Opus / Sonnet / Haiku, 4.x family)AWS Bedrock, us-east-1No — per AWS Bedrock service terms
AmazonTitan V2 embeddings (1024-dim)AWS Bedrock, us-east-1No
GoogleGemini image generationGoogle AI, USNo user content sent — only marketing prompts
ElevenLabsMultilingual v2 voicesElevenLabs, USNo — per ElevenLabs enterprise terms

8. Contact

For any AI-related question, complaint, or correction request:

privacy@bakedin.co

You also have the right to lodge a complaint with your supervisory authority — see the Privacy Policy Section 8.

9. Changes

VersionDateChange
1.02026-06-01Initial publication

Maintained by BakedIn LLC. Licensed CC BY-NC 4.0. Source: app/(legal)/_content/ai-use-disclosure.md.