Statement of work
Workflow boundary, responsibilities, pricing, usage, rollback, and acceptance criteria.
Trust Center
Safe AI operations come with clear controls, not just a promise.
Here's what sits behind a LatchFlow rollout: clear system boundaries, human approval, data handling, subprocessors, audit-ready records, and a monthly review.
What You Can Ask For
The documents and controls you can review before go-live
Everything here is designed to make sign-off straightforward for an owner, ops director, IT partner, or data-protection reviewer.
Data-processing schedule
Controller/processor roles, permitted data, retention, deletion, access, and subprocessors.
AI governance pack
Approval thresholds, model-use policy, prompt/rule change control, and human escalation map.
Evidence export sample
Representative audit chronology showing source record, approval, write-back, and exception owner.
Open the representative implementation pack to review scope, connected-system responsibility, acceptance gates, support targets, and sign-off structure.
Open Implementation PackData Flow
The connected systems stay visible all the way through the workflow
Inbound channels enter a supervised queue
Email, forms, WhatsApp, and phone transcripts are triaged into a case before any operational action is proposed.
Microsoft 365WhatsApp BusinessTwilio Voice
Source records stay authoritative
Property, tenancy, landlord, repair, renewal, and payment context is checked against the client-approved system of record.
ReapitStreet.co.ukAlto
Workflow tools keep specialist ownership
Repairs, progression, payment, and accounting tools keep their record authority while LatchFlow owns handoffs and exceptions.
FixfloGoodlordPayPropXero
Write-back and audit close the loop
Approvals, drafts, overrides, delivery proof, and write-back health are logged for monthly review and export.
ReapitFixfloGoodlordMicrosoft 365
Operating Controls
Controls that matter more than an impressive AI demo
Legal-sensitive, emergency, vulnerable-occupant, spend-threshold, and low-confidence cases are held for named review.
Access is scoped to the workflow being implemented rather than broad administrative access by default.
Prompts, SOPs, thresholds, and routing rules are versioned through the managed operating review.
Each live workflow needs a pause path, manual fallback, owner, and post-incident review route.
AI drafts, sends, approvals, overrides, and write-back failures are recorded with a replayable chronology.
LatchFlow does not issue legal notices, approve spend, or make regulated decisions without client-defined authority.
Subprocessor Register
Engagement-specific by design, explicit before production data
This register is intentionally conservative. The exact provider list is locked in the SOW before production client data is processed.
Website delivery, preview workspace, lead-capture endpoint, anonymised analytics, and performance metrics.
Active for this siteSends a notification when someone requests an audit.
Set up per clientDrafting, classification, extraction, summarisation, or knowledge assistance where approved.
Defined in SOWCall capture, routing, transcripts, and escalation events where voice is in scope.
Workflow-specificClient-owned records and channels connected only where approved.
Client-controlledNo fake assurance claims.LatchFlow does not currently claim SOC 2, ISO 27001, Cyber Essentials, UK data residency, or formal vendor partnership status. If your organisation needs those controls, we'll agree them before launch.