Aligning intelligence…
Aligning intelligence…
How Epic Growth builds and governs responsible technology across our ecosystem. Every product we operate follows a shared governance framework rooted in transparency, privacy, and human authority.
Governance Framework v1.3 — Last updated June 2026
Epic Growth operates three products, each with its own governance page documenting how it handles data and AI. The 8 universal principles below apply across all of them.
epicgrowth.com
Marketing site and consultancy showcase. No user-facing AI agents. Collects analytics data (with consent), contact form submissions, and newsletter subscribers (confirmed opt-in).
AI Use
No AI agents. Google Analytics 4 for site analytics.
foundation.epicgrowth.com
Funding intelligence platform with 5 AI agents (Discovery, Preparation, Coordination, Tracking, Compliance) that guide Malta's SMEs through the grant application journey.
AI Use
5 conversational AI agents powered by Anthropic Claude, each with defined autonomy tiers and EU AI Act risk classifications.
mind.epicgrowth.com
AI-powered CRM, business intelligence, and productivity platform for SMEs. Includes AI chat, email management, pipeline tracking, and content tools.
AI Use
AI chat assistant, content generation, email drafting, and business intelligence insights powered by multiple AI providers.
These 8 principles apply to every product and service in the Epic Growth ecosystem, regardless of whether it uses AI agents or not.
Every AI interaction is clearly disclosed. Users are informed they are communicating with an AI system before or at the first interaction. AI-generated content is labelled.
Our systems never fabricate data, grant amounts, or deadlines. When uncertain, they state confidence levels explicitly and distinguish facts from recommendations.
GDPR-compliant by design. We minimise data collection, never transmit data to third parties without consent, and respect the right to erasure.
No system takes irreversible actions without human confirmation. Strategic recommendations are advisory — final decisions always rest with humans.
Automated assessments are objective and criteria-based. Our systems never produce outputs that discriminate based on any protected characteristic.
Every automated output is traceable to its data sources. Decision logs are maintained and audit trails preserved for a minimum of 12 months.
Our systems refuse requests that conflict with our governance framework, applicable law, or ethical standards. Potential harms are flagged before proceeding.
Our AI systems explain their reasoning, methodologies, and limitations when asked. We promote informed decision-making, not dependency.
What epicgrowth.com collects, how we process it, and what we do not do.
We use Google Analytics 4 (GA4) to understand how visitors interact with our site. Analytics cookies are only set after you provide consent via our cookie banner. If you decline, no analytics cookies are placed and no tracking occurs.
GA4 data is used to improve site content and user experience. We track page views, session duration, traffic sources, and conversion events (such as contact form submissions). We do not use this data to build individual user profiles or for personalised advertising.
Our contact form collects your name, email, company name, and message. When you request a consultation we also collect the business context you choose to share — sector, team size, the service you want, where your data lives, your timeline, and how you currently use AI — to prepare for the call. This data is sent via the Gmail API and stored for up to 24 months. Consultation bookings are stored in our PostgreSQL database hosted on Google Cloud Platform (EU, europe-west1).
Newsletter subscribers opt in to Epic Growth Insights via a confirmed double opt-in flow. We store only your email, the date of subscription, and where on the site you signed up. Every email contains a one-click unsubscribe link.
We use this data solely to respond to your enquiry, schedule a consultation if requested, or send newsletter editions you opted in to. We never sell or share your contact data with third parties for marketing purposes.
Some links on this site are affiliate or sponsored links. If we recommend a product or service we believe in, or display a sponsor alongside related content (for example, a sponsored diagram), we may earn a commission when you buy through our link — at no extra cost to you. We keep these honest: every such link is clearly disclosed on the page and marked sponsored so it carries no search-ranking weight, and a sponsor never buys or changes the editorial content next to it. We never sell your data or run personalised advertising.
This marketing website has no conversational AI, no chatbot, and no automated decision-making system. The contact form, the consultation booking flow, and the newsletter signup are static — none of them is an AI system.
Some published content is produced with AI assistance. Most blog posts are drafted with the help of a generative AI tool and then substantively reviewed, edited and signed off by their named human author before publication. The named author holds editorial responsibility for the post. We mark each post's AI-assistance status inline in the post meta line, so you can tell at a glance whether AI was involved in the draft.
Blog audio episodes are generated by Google NotebookLM from the post text. The voices are synthetic. This is covered by the post's AI-assistance marking in the meta line, which applies to both the written post and its generated audio.
Hero and Open Graph images for blog posts and pages are generated by Google Gemini Flash Image to a brief that produces abstract, geometric, non-photorealistic compositions — no real people, no real places, no real events.
For AI-powered services, see the Foundation and EpicMind governance pages — those products operate conversational AI agents and have their own transparency disclosures.
Article 50 of the EU AI Act sets four transparency duties for certain AI systems. Most apply from 2 August 2026; the machine-readable marking duty (50(2)) was delayed to 2 December 2026 by the Digital Omnibus, which the European Parliament approved on 16 June 2026 (formal Council adoption pending). The European Commission published draft implementation guidelines on 8 May 2026. Here is how each duty applies to this site.
When we deliver an AI integration for a client and the client brands the resulting system as their own, that client becomes the provider of that system under Article 3(3) AI Act and inherits the provider duties under 50(1) and 50(2) — see AI Integration for how we surface this in every engagement. This is the operationally most consequential point for any small business considering branded AI.
Our Foundation and EpicMind platforms operate conversational AI agents and carry the Article 50(1) interaction-notice duty directly. They implement first-turn disclosure naming the individual agent and stating it is an AI system, with full detail on their respective governance pages.
Across the Epic Growth ecosystem, our AI systems are classified as Limited Risk or Minimal Risk under the EU AI Act. We do not perform recruitment screening, credit scoring, biometric identification, or any other high-risk AI activity.
Individual risk classifications for each AI agent are documented on the respective platform governance pages.
The Malta Digital Innovation Authority (MDIA) is Malta's designated national competent authority under L.N. 226 of 2025, implementing EU AI Act Article 70. MDIA has enforcement, auditing, and regulatory sandbox powers.
As our AI-powered products mature, we intend to explore MDIA's regulatory sandbox programme and ITAS voluntary certification for the Foundation and EpicMind platforms.
| Review Type | Frequency | Scope |
|---|---|---|
| Regulatory | Within 30 days of any EU AI Act or MDIA update | Compliance framework (all products) |
| Operational | Quarterly | Agent performance & governance rules |
| Foundational | Annually | Full governance framework review |
| Incident-triggered | As needed | Any part relevant to the incident |
| Architecture | Within 7 days of data handling or AI changes | Data handling claims, privacy policy, governance pages |
If you have questions about our governance, want to report a concern, or need to exercise your data rights, please use our contact form. For details on how we handle your personal data, see our Privacy Policy.