EU AI Act Article 50 transparency
ClientPulse — what the AI does, what it sees, what it cannot decide on its own.
Sections
Product Name
ClientPulse by Aurora AI Solutions Studio UG
Version & Classification Date
Version 1.1 (Final-product reality) | Classification Date: May 24, 2026
What It Does
ClientPulse is an AI-powered Client Health Intelligence platform for marketing agencies (5–50 seats). It combines financial, relationship, delivery, and engagement signals — currently 20+ signal kinds — into a composite Client Health Score (0–100), predicts churn and expansion opportunities, and generates AI-recommended save playbooks, renewal pitches, win-back campaigns, payment check-ins, and white-label monthly client reports. Every client-facing outbound action requires explicit human approval before send (HITL gate); no client-facing communication is auto-sent.
Aurora Operator (AI Agent)
ClientPulse embeds the Aurora Operator — a named AI agent that runs structured skills (draft-save-playbook, draft-renewal-pitch, draft-winback-campaign, draft-payment-checkin, run-expansion-play) under your own Bring-Your-Own-Key (BYOK) LLM credential (Anthropic Claude / OpenAI GPT / Google Gemini). Operator output streams into a review slide-over with an Article 50 disclosure banner; you accept or reject before anything reaches the client. Agent loop is capped at 5 tool calls per invocation and ~1,500 output tokens per skill.
Closed-loop signal pipeline (CP ↔ CTP)
ClientPulse and ContentPulse share a unified signals pipeline. A signal generated in ClientPulse (e.g. renewal_window_30d) can trigger an Operator skill in ContentPulse (e.g. draft-renewal-pitch). All signals remain inside your Aurora workspace (Supabase EU Frankfurt) under row-level security and are never shared across accounts.
| Agent | Function | Data Source |
|---|---|---|
| Financial Signal Agent | Analyzes Stripe invoicing data; calculates financial health sub-score (30% weight) | Stripe API |
| Meeting Intelligence Agent | Transcription + extraction: sentiment (1–10), action items, scope changes, escalations | Whisper + Claude Sonnet |
| Health Scoring Agent | Composite 0–100 score from Financial (30%), Relationship (30%), Delivery (25%), Engagement (15%) | All signals |
| Churn Prediction Agent | Probability (0–100%) per client based on multi-signal pattern matching | Claude Sonnet |
| Upsell Detection Agent | Transcript analysis for expansion signals and cross-sell opportunities | Claude Sonnet |
| Monday Brief Agent | Weekly summary generation with action proposals (requires approval) | Rule-based (no model) |
| Action Proposal Engine | Auto-drafts save plans and retention actions for at-risk clients | Claude Sonnet |
| Aurora Operator — draft-save-playbook | Skill triggered by client_amber_red / save_play_in_flight. Outputs a 3–5 step markdown save playbook into the per-client churn-hero. | BYOK (Anthropic / OpenAI / Google) |
| Aurora Operator — draft-renewal-pitch | Skill triggered by renewal_window_60d / 30d / 14d. Outputs a pre-populated pitch deck in ContentPulse. | BYOK (Anthropic / OpenAI / Google) |
| Aurora Operator — run-expansion-play | Skill triggered by pitch_expansion_opp / expansion_opp_detected. Outputs a checklist + draft upsell sequence. | BYOK (Anthropic / OpenAI / Google) |
| Aurora Operator — draft-winback-campaign | Skill triggered by client_amber_red. Outputs a multi-phase campaign brief in ContentPulse. | BYOK (Anthropic / OpenAI / Google) |
| Aurora Operator — draft-payment-checkin | Skill triggered by payment_cadence_drift. Outputs an email draft + checklist. | BYOK (Anthropic / OpenAI / Google) |
Model Configuration
Aurora-managed default (non-Operator scoring / classification): Anthropic Claude Sonnet 4.6.
Monday Brief generation: rule-based — no LLM. The brief ranks clients, signals and recommended actions directly from your portfolio data.
Aurora Operator BYOK — Anthropic: Claude Opus 4.7, Sonnet 4.6, Haiku 3.5 (customer-selectable per skill).
Aurora Operator BYOK — OpenAI: GPT-5 family (gpt-5.x).
Aurora Operator BYOK — Google: Gemini 2.x family.
Transcription (Zoom recordings): OpenAI Whisper API.
Temperature (Scoring / Prediction): 0.3 (deterministic).
Temperature (Operator skill output): 0.7 (creative).
Agent loop cap: 5 tool calls per Operator invocation, ~1,500 output tokens per skill.
Processed Data Types
NOT Collected
| Framework | Classification | Notes |
|---|---|---|
| EU AI Act — Article 50 transparency | Limited Risk | Aurora Operator interacts directly with a natural person → Art 50(1) disclosure banner shown in the slide-over. AI-generated artifacts (reports, save plays, pitches, payment check-ins) carry Art 50(2) visible disclosure + machine-readable provenance. Enforcement: 2 December 2026. |
| EU AI Act — Annex III (high-risk) | Out of scope (working analysis) | ClientPulse profiling targets commercial agency-client relationships, which do not squarely fit any Annex III enumerated domain (biometrics, critical infra, education, employment, essential public services, law enforcement, migration, justice). Customer warrants in §10.5 of the Terms that they will not use ClientPulse outputs to make decisions in an Annex III domain. Annex III obligations are postponed to 2 December 2027 per the May 7 2026 Digital Omnibus. Subject to confirmation by qualified counsel. |
| GDPR / DSGVO | Compliant posture | EU data residency (Supabase eu-central-1 Frankfurt, Vercel fra1, Resend AWS eu-west-1, Stripe Payments Europe Frankfurt), data minimisation, AES-256 at rest, TLS 1.3 in transit, RLS on every table, Art 22 HITL safeguard, Art 13–14 notice in Privacy Policy, DSAR endpoint roadmap targeting June 2026. |
| California SB 942 (AI Transparency) | Out of scope | SB 942 covers generative AI providers with >1M monthly visitors in CA. Aurora is well under this threshold. Re-verify at ~500k MAU. |
| California SB 243 (Companion Chatbot) | Out of scope | Aurora Operator is a structured work-tool agent, not a companion chatbot providing ongoing emotional/social interaction. Negative-classification documented. |
| Colorado SB 26-189 | Out of scope | The original Colorado AI Act (SB 24-205) was repealed and replaced by SB 26-189 (signed 14 May 2026, effective 1 January 2027). SB 189 covers ADMT in employment, housing, lending, insurance, healthcare, education, essential government services — ClientPulse is in none of these. |
| UK GDPR + Data Use and Access Act 2025 | Compliant | DUAA 2025 (commenced 5 Feb 2026) liberalised the Art 22 prohibition for non-special-category profiling. Aurora's HITL gate provides the safeguards-based regime the statute requires. |
All automated outbound actions are queued in an approval system requiring explicit human authorization:
Action Queuing
Monday Brief emails, churn alerts, save plans, check-in invites are drafted and held for review
Human Approval Required
Agency owner must explicitly approve each action before it reaches client
Optional Auto-Approve
Per-action-type auto-approve toggle available once trust is established
No Autonomous Communication
Zero client-facing outbound communication is sent without explicit human approval in this sprint
AI-Generated Disclosures
All health scores clearly labeled as “AI-generated using financial, relationship, and delivery signals”
Signal Source Display
Each score shows which data sources contributed to the final calculation
Audit Logging
All AI-driven recommendations logged with input data, model version, and timestamp
Public Model Card
This page is publicly accessible and linked from Impressum and in-app footer.
Aurora Operator Article 50 banner
Whenever you open the Operator slide-over, a persistent banner displays: “Aurora Operator is an AI assistant. Output may need human review before use.” This satisfies EU AI Act Article 50(1) (AI-system disclosure to natural persons), effective 2 December 2026.
Customer-facing AI disclosure footer (white-label reports)
When you send a white-label monthly client report to your end-client via the magic-link viewer, a default-ON footer is appended: “This report was prepared with the assistance of AI (Aurora Operator). All data and figures verified by [your agency name].” This satisfies EU AI Act Article 50(2) transparency for re-distributed AI output. Agency owners can toggle this off per agency under Settings → Notifications & Disclosure, but doing so transfers the downstream Article 50 disclosure obligation to the agency.
Machine-readable provenance
HTML <meta name="ai-generated" content="aurora-operator"> tag emitted on the client-report viewer (/r/[token]) when AI-disclosure is on, so downstream readers (LLM training filters, content-provenance browser extensions) can detect AI assistance even if the footer is hidden by user agents.
Algorithm Foundation
Health Score algorithm uses only objective business metrics: payment timeliness, meeting frequency, contract value trends, no demographic or protected-class data
Data Restrictions
No collection or use of demographic, racial, gender, or protected-class information
Bias Impact Assessment
Conducted per Colorado AI Act requirements (see /docs/BIAS-IMPACT-ASSESSMENT.md)
Review Cadence
Quarterly evaluation; A3 + D3 evaluation tests serve as regulatory canaries
Future Work
Synthetic test cohort evaluation planned to measure fairness across client segments
Health Score Accuracy: Depends on data completeness; clients with <3 meetings and no Stripe connection will have lower-confidence scores
Churn Prediction: Requires minimum 30 days of history per client
Transcription Quality: Depends on audio quality and speaker diarization accuracy
Language Support: Sentiment analysis is English-only in v1.0
Recursive Learning: Self-calibration requires 50+ client outcomes—not available until enough outcome data has accumulated
Contact for Questions
Review Cycle
Quarterly assessment of model performance, bias indicators, and regulatory changes. The next major model-card update lands either when a regulatory change occurs (continuous monitoring) or on the next quarterly cycle, whichever comes first.
Last review: May 24, 2026 · Next scheduled: August 2026
Regulatory Monitoring
Active continuous monitoring for: