Compliance Documentation Generator

# Technical Documentation: AI sales email assistant

## System purpose
Accelerate drafting while keeping human approval before sending.

## Architecture
Corelyx represents this AI system as a governed workflow graph. The editor graph is translated into a validated workflow schema, then executed by the runtime with run-level evidence and approval records.

## Models used
- GPT-4.1

## Data flows
Data sources:
- CRM
- email templates

Personal data processed: Yes
Special category data processed: No

## Training information
Customer workflow execution does not imply model training by Corelyx. Model-provider training behavior must be reviewed against the configured provider and workspace policy.

## Evaluation methods
- Confirm workflow schema validation before publication.
- Review risk classification and owner fields.
- Test approval gates for high-impact actions.
- Review audit logs after representative runs.

## Known limitations
- Automated classification is a governance aid and must be reviewed by accountable owners.
- Model output may be inaccurate or incomplete.
- Third-party provider obligations depend on the configured connector and model provider.

## Human oversight process
Human approval before sending. High-impact actions should pause for reviewer approval before external side effects occur.

## Monitoring process
Review run logs, policy-check results, approval decisions, failures, overrides, and provider changes at least every 180 days.

## Incident response process
Suspend the workflow, preserve relevant logs, notify business and technical owners, assess data-protection impact, document mitigations, and record the final decision.

## Version control
Documentation is generated from the current inventory record and workflow schema. Changes should be tracked through Corelyx program versions and exported evidence packs.