Skip to main content

AI Transparency Log

Last updated: 2026-05-06

What is this page?

This is a complete public list of every AI system Smoothly operates. Some are visible to you in the product; others run internally to build, review, and harden Smoothly itself. We list them all here so you can see exactly where AI is used, what data it processes, and whether the system is compliant with EU AI Act Article 50 transparency obligations (Regulation (EU) 2024/1689, hard activation 2 August 2026).

För dig på svenska: Detta är en komplett publik lista över varje AI-system Smoothly driver. Några ser du i produkten; andra kör internt för att bygga, granska och säkra Smoothly själv. Vi listar alla här så du kan se exakt var AI används, vilken data det behandlar och om systemet uppfyller EU:s AI Acts Artikel 50 transparenskrav (Förordning (EU) 2024/1689, hård aktivering 2 augusti 2026).

For more detail on how Article 50 maps to specific Smoothly features, see the full disclosure at /legal/ai-act-disclosures. A machine-readable feed of this exact same data is at /api/ai-transparency.

Customer-facing AI / Kundvänd AI

These AI systems produce output you can see or interact with. Each is annotated with a Smoothly badge in the product where possible (look for the "AI was used here" chip).
Dessa AI-system producerar utdata du kan se eller interagera med. Varje är märkt med en Smoothly-badge i produkten där det är möjligt (sök efter "AI användes här"-chippet).

customer-builder-chat

Customer-facing / Kundvänd

Compliant / Uppfyller krav
Purpose (English)
Generates websites and applications from your prompts; the heart of Smoothly.
Syfte (Svenska)
Genererar webbplatser och applikationer från dina prompts; kärnan i Smoothly.
Models / Modeller
  • anthropic/claude-opus-4-7
  • anthropic/claude-sonnet-4-6
Data processed / Data som behandlas
  • Customer prompt text
  • Customer-uploaded images
  • Customer project files (DSL, schema, copy)
Where used / Var det används
Customer-facing builder UI (/builder, /chat)
AI Act classification / AI Act-klassificering
Limited risk / Begränsad risk (Art. 50)
Article 50 marker / Markör enligt Artikel 50
Builder UI is overtly AI-driven (Article 50(1)). Generated content carries AI-disclaimer footer; chatbot disclosure default-on per ai-act-disclosures.md §4.5.

asset-generators

Customer-facing / Kundvänd

In progress / Pågående
Purpose (English)
Generates and edits images, illustrations, icons, and other static assets used inside your project.
Syfte (Svenska)
Genererar och redigerar bilder, illustrationer, ikoner och andra statiska tillgångar som används i ditt projekt.
Models / Modeller
  • anthropic/claude-sonnet-4-6
Data processed / Data som behandlas
  • Customer prompt text
  • Customer-uploaded reference images
  • Brand-tokens metadata
Where used / Var det används
Asset wizard, generate-image endpoint, figma-import (/api/assets, /api/generate-image, /api/figma-import)
AI Act classification / AI Act-klassificering
Limited risk / Begränsad risk (Art. 50)
Article 50 marker / Markör enligt Artikel 50
C2PA Content Credentials embedding pipeline targeted for July 2026 (Phase 3 per ai-act-disclosures.md §3). HTML meta-tag + Schema.org JSON-LD markers shipped first.

composition-pre-step

Customer-facing / Kundvänd

Compliant / Uppfyller krav
Purpose (English)
Classifies your prompt and routes it to the right specialised builder pipeline (e-commerce, portfolio, SaaS dashboard, etc.) before generation begins.
Syfte (Svenska)
Klassificerar din prompt och dirigerar den till rätt specialiserad pipeline (e-handel, portfolio, SaaS-dashboard, etc.) innan generering börjar.
Models / Modeller
  • anthropic/claude-haiku-4-5-20251001
Data processed / Data som behandlas
  • Customer prompt text (only)
  • Auto-classified capability tags (generated, ephemeral)
Where used / Var det används
Pre-generation routing (src/lib/ai/chat-classifier.ts, complexity-inference.ts, persona-detector.ts)
AI Act classification / AI Act-klassificering
Limited risk / Begränsad risk (Art. 50)
Article 50 marker / Markör enligt Artikel 50
Routing decision is logged and surfaced to the customer in the builder UI; covered by general AI-driven-Service disclosure (Article 50(1)).

template-publish-gate

Customer-facing / Kundvänd

Compliant / Uppfyller krav
Purpose (English)
Verifies your project does not leak personal data before it goes onto the public template marketplace; binary pass/fail.
Syfte (Svenska)
Verifierar att ditt projekt inte läcker personuppgifter innan det publiceras på den publika mallmarknadsplatsen; binärt godkänt/ej godkänt.
Models / Modeller
  • anthropic/claude-sonnet-4-6
Data processed / Data som behandlas
  • Sanitised template manifest (DSL primitives + schema only)
  • Sanitiser whitelist diff
Where used / Var det används
Marketplace publish flow (post-whitelist sanitiser pass)
AI Act classification / AI Act-klassificering
Limited risk / Begränsad risk (Art. 50)
Article 50 marker / Markör enligt Artikel 50
Disclosed in ai-act-disclosures.md §8.2. Fail-closed posture: AI gate rejects on Anthropic outage; customer can revise + retry. No human review during the gate (lawful under GDPR Art. 22 because customer-data-only and customer-can-resolve).

Internal AI (engineering pipeline) / Intern AI (teknisk pipeline)

These AI systems do not interact with customer data directly; they run inside Smoothly's own engineering pipeline (code review, planning, security audits, legal-doc sync). We list them anyway for full transparency.
Dessa AI-system interagerar inte direkt med kunddata; de körs inuti Smoothlys egen tekniska pipeline (kodgranskning, planering, säkerhetsaudit, juridisk dokumentsynkning). Vi listar dem ändå för full transparens.

code-review-trio

Internal pipeline / Intern pipeline

Not applicable / Ej tillämpligt
Purpose (English)
Reviews every Smoothly code change for safety, security, and correctness across three independent reviewer agents before merge.
Syfte (Svenska)
Granskar varje Smoothly-kodändring för säkerhet, trygghet och korrekthet via tre oberoende granskare före merge.
Models / Modeller
  • anthropic/claude-opus-4-7
  • future: openai/gpt-5.5 (cross-provider trio per ADR-074)
  • future: google/gemini-2.0 (cross-provider trio per ADR-074)
Data processed / Data som behandlas
  • Smoothly's own code diffs
  • Pull-request titles and bodies
  • No customer data
Where used / Var det används
Internal engineering pipeline (scripts/ai-trio-reviewer.ts, scripts/plain-english-review.ts)
AI Act classification / AI Act-klassificering
Minimal risk / Minimal risk
Article 50 marker / Markör enligt Artikel 50
Operates on internal code only; no customer interaction. Disclosed for transparency per ai-act-disclosures.md §8.3.

plan-agent

Internal pipeline / Intern pipeline

Not applicable / Ej tillämpligt
Purpose (English)
Generates a structured Problem / Root cause / Proposed solution spec for every Class 2/3 task before code is written.
Syfte (Svenska)
Genererar en strukturerad Problem / Grundorsak / Föreslagen lösning-spec för varje Class 2/3-uppgift innan kod skrivs.
Models / Modeller
  • anthropic/claude-opus-4-7
Data processed / Data som behandlas
  • Task description from WORK_QUEUE.md
  • Relevant ADR documents
  • No customer data
Where used / Var det används
Pre-build planning step (scripts/plan-agent.ts)
AI Act classification / AI Act-klassificering
Minimal risk / Minimal risk
Article 50 marker / Markör enligt Artikel 50
Internal planning artefact only. Specs land in docs/specs/ and are reviewed by trio + human admin for Class 3.

smak-agent

Internal pipeline / Intern pipeline

Not applicable / Ej tillämpligt
Purpose (English)
Reviews UI/UX/design/copy changes against Smoothly’s brand voice and design system; informational comments only (shadow mode).
Syfte (Svenska)
Granskar UI/UX/design/copy-ändringar mot Smoothlys brand voice och designsystem; endast informativa kommentarer (shadow mode).
Models / Modeller
  • anthropic/claude-opus-4-7
Data processed / Data som behandlas
  • PR diffs touching UI/UX surfaces
  • docs/smak-agent/fredrik-examples.md training set
  • No customer data
Where used / Var det används
Engineering pipeline (scripts/agents/smak-agent.ts) — flag-only, never blocks merge
AI Act classification / AI Act-klassificering
Minimal risk / Minimal risk
Article 50 marker / Markör enligt Artikel 50
Shadow-mode taste/aesthetic check on internal PRs only. Promotion to gating layer requires ≥70% accuracy threshold per ADR-074 Decision #7 L4.

continuous-security-agent

Internal pipeline / Intern pipeline

Not applicable / Ej tillämpligt
Purpose (English)
Daily diff of security advisors (Supabase + npm audit + secret-scan) producing autonomous security PRs when new findings appear.
Syfte (Svenska)
Dagligt diff av säkerhetsadvisors (Supabase + npm audit + secret-scan) som producerar autonoma säkerhets-PRs när nya fynd dyker upp.
Models / Modeller
  • anthropic/claude-opus-4-7
Data processed / Data som behandlas
  • Supabase advisors lint set
  • npm audit JSON output
  • trufflehog secret-scan results
  • No customer data
Where used / Var det används
Engineering pipeline (scripts/continuous-security.ts) — cron 02:00Z daily
AI Act classification / AI Act-klassificering
Minimal risk / Minimal risk
Article 50 marker / Markör enligt Artikel 50
Operates on internal infrastructure metadata only. Output is a security PR, never auto-merged for trust-boundary fixes.

ai-incident-responder

Internal pipeline / Intern pipeline

Compliant / Uppfyller krav
Purpose (English)
On critical Sentry/Vercel/CodeRabbit alerts, AI investigates first and either resolves (rollback, fix-PR) or escalates to a human.
Syfte (Svenska)
Vid kritiska Sentry/Vercel/CodeRabbit-larm undersöker AI först och antingen löser (rollback, fix-PR) eller eskalerar till människa.
Models / Modeller
  • anthropic/claude-opus-4-7
Data processed / Data som behandlas
  • Sentry event payloads
  • Vercel deployment logs
  • CodeRabbit review summaries
  • May incidentally contain customer-context fields in error stacks
Where used / Var det används
Engineering pipeline (scripts/ai-incident-responder.ts)
AI Act classification / AI Act-klassificering
Limited risk / Begränsad risk (Art. 50)
Article 50 marker / Markör enligt Artikel 50
Customer-context fields in error stacks are scrubbed before LLM call. Audit trail in docs/audit/incident-decisions.jsonl. Fail-open posture: agent unavailability falls back to human escalation.

admin-ai-summarize

Internal pipeline / Intern pipeline

Compliant / Uppfyller krav
Purpose (English)
Summarises raw user prompts and capability-cluster patterns for internal admin dashboards (capability-gap detection).
Syfte (Svenska)
Sammanfattar råa användarprompts och capability-cluster-mönster för interna admin-dashboards (capability-gap-detektering).
Models / Modeller
  • anthropic/claude-sonnet-4-6
Data processed / Data som behandlas
  • De-identified customer prompt text
  • Aggregated capability tags
  • No PII (scrubbed at ingest per Privacy Policy §5)
Where used / Var det används
Admin dashboards (/api/admin/capability-clusters, /api/admin/raw-prompts-summary)
AI Act classification / AI Act-klassificering
Limited risk / Begränsad risk (Art. 50)
Article 50 marker / Markör enligt Artikel 50
PII scrubbing runs at ingest before any LLM call. Aggregated outputs only — no individual user records. Admin-side decisions reviewed by human before product action.

Questions? Email legal@smoothly.dev.

Frågor? Mejla legal@smoothly.dev.