Questions to Ask Your AI Customer Support Outsourcing Vendor

When outsourcing AI-powered customer support, businesses must ensure their vendor meets legal, security, and operational standards. Selecting the right partner requires asking the right questions—especially when compliance, data privacy, and contractual obligations are at stake. In this Q&A, our legal and information security teams outline key questions to ask your AI customer support outsourcing vendor, helping you navigate regulatory risks, safeguard customer data, and ensure a seamless service experience.

11 Must-Ask Questions to an AI Vendor

AI Model:

Q1: What data sets will be input into the AI system, and do they comply with GDPR requirements for lawful processing?

Ans: Our AI system uses data that you provide, data that your customers provide (via email, chat, text, and telephone interactions), to you and is based on your customer's consent.  We retain or discard conversational data upon request to comply with GDPR.

Q2: How do you train your AI system and what are your sources of training data?

Ans: Our AI system is trained on your knowledge base and information you provide, such as your company's frequently asked questions, website information, return policy, and shipping, payment, and warranty information.  We do not train on any public Internet information.

Q3: Would my data be commingled with other customers’ data, or are you able to retain it in a dedicated/segmented manner?

A: We retain your data in a dedicated, encrypted/secure tenant, isolated from the data from our other customers.

‍

Reliability:

Q4: Explain the measures taken to ensure the integrity and security of your AI model(s) throughout the development and deployment process.

Ans: Our development and deployment pipelines are subject to regular audits and third-party penetration testing to validate the overall integrity of the AI system.

Q5: Outline your data retention and deletion policies, and the measures you take to ensure data is securely erased when no longer needed, or when upon the request by a customer.

A: We have a strict data retention policy, where your data is securely deleted after the agreed-upon period of time or at your request.

‍

Transparency:

Q6: Are you sourcing data from third-party providers?

A: No. Our AI system only uses your company's data (such as your knowledge base data and your customers' email, chat, text and telephone interactions with you); in other words, we only use data you provide.

Q7: Outline your incident response and remediation procedures in the event of an AI security incident.

A: In the event of an AI security incident, we have a well-documented, audited, and tested incident response plan. This includes immediate mitigation actions, root cause analysis, and transparent communication with affected customers as required.

Q8: Does your AI tool claim any rights to user inputs?

A: No, our AI tool does not claim any rights to your company's inputs or content generated by your end customers. Our terms and conditions clearly state that you retain full control and rights over your proprietary data, creative works, and other intellectual property. We do retain the right to use anonymized data for product enhancement purposes.  This anonymized data is never shared or sold.

‍

Compliance and Regulatory Alignment:

Q9: Outline the compliance frameworks and standards your AI tool aligns with, such as data protection regulations, AI ethics guidelines, or industry-specific requirements.

A: Our AI tool is designed to align with industry-leading compliance frameworks, such as SOC2, and relevant data protection regulations (e.g., GDPR, CCPA, HIPAA). Our legal team monitors regulatory developments, and works with our product and engineering teams to ensure integration of new requirements into our development and deployment processes.

Q10: Explain the certifications, audits, or third-party assessments that have been conducted to validate the security and integrity of your AI tool.

A: Our AI tool has undergone third-party audits and certifications, including ISO 27001 for information security management and SOC2, Type 2. These assessments provide independent validation of our security measures. (LINK to trust center).

Q11: Do you have insurance for AI-related losses or claims?

A: We have comprehensive insurance coverage including policies for errors and omissions and cyber liability.

‍

Need Outsourcing Help? Talk to Us!

If you're considering outsourcing your customer service but have many questions, Crescendo is here to help. We understand that choosing the right vendor can be overwhelming, which is why we assist you in identifying key factors to consider, from operational efficiency to compliance requirements. Our dedicated team of legal experts ensures that you are aware of all relevant legal implications, helping you mitigate risks and make informed decisions before committing to an outsourcing provider. Reach out to Crescendo today to get expert guidance and seamless implementation support.

References to consider

• Subprocessors list LINK