WITS Foundation AI Governance Policy

Effective July 1, 2026 · Last updated May 27, 2026 · Version 1.0

This policy explains how the WITS Foundation uses artificial intelligence (AI) in its products and services, what data flows through those systems, where that data is processed, and how educators and school districts can trust the use of AI to support classroom instruction without compromising student privacy or pedagogical responsibility.

It is written to be understood by educators, parents, school administrators, and district procurement officers. It is also the canonical reference that legal counsel and privacy officers can rely on when assessing WITS for adoption.

1. Where WITS uses AI

WITS uses AI in two specific contexts. Both are limited, well-scoped, and reviewable.

1.1 The AI Educator Co-Pilot (beta)

The Co-Pilot is an AI-powered assistant that generates draft lesson activities for educators implementing the WITS program. It accepts a grade level, a WITS or LEADS strategy (such as “Walk away” or “Talk it out”), and an optional context note from the teacher. It returns a draft lesson plan aligned with WITS pedagogy.

The Co-Pilot is currently available in supervised beta to 15 to 20 schools that have opted in. It is not available to all subscribers, and content generated is reviewed by Amrita Singh (program coordinator) before any output is referenced externally.

1.2 The Voice Support Line

When educators or school staff call the WITS support line, calls may be handled by an AI voice assistant for routine inquiries (account questions, FAQ topics, locating resources). Complex matters are routed to a human team member or recorded for human review.

The voice assistant does not handle student data and does not have access to subscriber accounts beyond identifying the caller by phone number.

2. What WITS does not do with AI

To be clear about boundaries:

  • WITS does not use AI to assess, score, or grade students
  • WITS does not use AI to make decisions about individual students (placement, discipline, behavioral classification, support recommendations)
  • WITS does not use AI to analyze student work or student communication
  • WITS does not train AI models on student data or classroom recordings
  • WITS does not share student data with AI providers, regardless of how the system is used
  • WITS does not use AI to generate communications sent to parents without human review

This is by design. The Co-Pilot exists to reduce educator workload on lesson preparation. It does not extend into student assessment or evaluation.

3. Where data is processed

3.1 The Co-Pilot architecture

When an educator submits a Co-Pilot generation request, the request travels through the following pipeline:

  1. The educator’s browser sends the request (grade, strategy, optional note) to lessons.wits.foundation, hosted on Canadian infrastructure operated by WITS Foundation
  2. The WITS routing service (LiteLLM) selects the appropriate AI model
  3. The model returns generated text to the WITS service
  4. The service formats and returns the lesson plan to the educator

For the beta period, the underlying AI models used are:

Model Provider Region Use
Azure OpenAI GPT-4o Microsoft Azure Canada East (Toronto) Primary generation
Azure OpenAI GPT-5.5 Microsoft Azure Canada East (Toronto) Beta evaluation

Azure Canada East is a Microsoft region located in Toronto, Ontario. Data processed in this region remains in Canada and is subject to Canadian data residency commitments under Microsoft’s Azure Canada agreements.

WITS has the option to swap in a self-hosted model running on WITS infrastructure (NVIDIA Tesla T4 GPU located in British Columbia). When this is enabled, generation does not leave WITS-controlled hardware.

3.2 Voice support architecture

The voice support line uses Twilio for telephony, ElevenLabs for voice synthesis (US-based provider, no PII transmitted), and Azure OpenAI for natural language understanding (Canada East region). Call transcripts are stored in the Zammad helpdesk system, hosted on WITS infrastructure in Canada.

4. What data goes to AI systems

The Co-Pilot receives only:

  • Grade level (a number 1-12 or “K”)
  • WITS or LEADS strategy name (one of nine fixed values)
  • Optional context note (free text, written by the educator)

The Co-Pilot does not receive:

  • Student names, ages, or any identifying information
  • Student academic records or behavioral data
  • The educator’s name, school name, or district (these are passed only to log usage, not to the AI model itself)
  • Any uploaded files, images, or attachments
  • Any conversation history beyond the current request

If an educator types student-specific information into the optional context note, that data passes to the AI model. The Co-Pilot interface displays a clear warning before submission asking educators not to enter student-identifying details. Compliance with this warning is the educator’s professional responsibility.

5. Data retention

Data type Retention Where stored
Co-Pilot input (grade, strategy, note) 90 days for audit PostgreSQL on CT104 (WITS infrastructure, Canada)
Co-Pilot output (generated lesson) 90 days for audit; longer if saved to user’s library PostgreSQL on CT104
Co-Pilot per-user usage counts 13 months for reporting PostgreSQL on CT104
Voice call transcripts 90 days, then deleted Zammad on CT208 (WITS infrastructure, Canada)
Voice call recordings Not retained (real-time only) Not stored
Model interaction logs at Azure Microsoft’s policy (typically 30 days, redacted) Azure Canada East

After the retention period, data is permanently deleted from WITS systems. Microsoft Azure retention is governed by Microsoft’s own data processing terms, which WITS has reviewed and accepted under the Azure subscription agreement.

6. Human review

The Co-Pilot is supervised throughout the beta period. Specifically:

  • Pre-launch curation: lesson plans generated during the beta are reviewed by Amrita Singh before any are presented as recommended in the portal
  • Per-school monitoring: beta cohort schools have a designated WITS contact who reviews aggregated usage and outputs monthly
  • User reporting: every Co-Pilot output includes a “Report concern” link that emails program staff. Concerns are reviewed within 5 business days
  • Override: educators are reminded that generated content is a draft and that pedagogical judgment remains with the educator

WITS does not currently make Co-Pilot outputs available in real time to non-beta subscribers. Expansion beyond the beta cohort requires sign-off from Andy Telfer and a re-review of this policy.

7. Bias, safety, and quality

7.1 Inappropriate content

The Co-Pilot uses Azure OpenAI’s content safety filters, which block generation of explicit violence, sexual content, hate speech, and self-harm content. These filters are not configurable by WITS. If a generation is blocked, the educator receives a generic “Please rephrase your request” message.

In addition, WITS has implemented topic guardrails that prevent the model from generating content outside its scope (such as legal advice, medical diagnosis, or political commentary).

7.2 Accuracy

Generated lesson plans are drafts. WITS does not represent that every generated plan is pedagogically appropriate without review. Educators are expected to read and adapt the output to their classroom context. The Co-Pilot interface includes a banner stating this expectation on every output.

7.3 Bias

AI models can reflect biases present in their training data. WITS acknowledges this and applies the following safeguards:

  • The Co-Pilot has been instructed via system prompt to use inclusive, culturally responsive language
  • Examples and references in generated content are drawn from WITS-approved literature and resources
  • Indigenous content is flagged for human review before publication or recommendation
  • Educators in the beta are surveyed quarterly on perceived bias in outputs

If bias issues are identified, WITS will adjust the system prompt and, if necessary, restrict the model from generating in affected categories until corrections are validated.

8. Opt-out and access rights

8.1 For educators

Educators can opt out of Co-Pilot usage at any time. There is no penalty and no reduction in other WITS services. Opting out removes the user’s account from beta access and deletes all Co-Pilot interaction history within 30 days.

Educators may request a copy of their Co-Pilot generation history by emailing [email protected]. Requests are fulfilled within 30 days.

8.2 For schools and districts

A school principal or district administrator can request that all educators at their school or district be excluded from the Co-Pilot beta. Such requests are honored within 5 business days.

District procurement teams may request a technical and legal review session with WITS staff before adopting any AI-enabled feature. Contact [email protected] to schedule.

8.3 For parents

Parents who wish to inquire about AI use in their child’s WITS classroom should contact their school directly. WITS does not maintain a direct relationship with families.

9. Incident response

If an AI-related incident occurs (data breach, unintended disclosure, prolonged unavailability, generation of harmful content despite safeguards), WITS commits to:

  • Containing the incident within 24 hours of detection
  • Notifying affected schools within 72 hours
  • Providing a written incident report within 14 days
  • Reporting to the Office of the Privacy Commissioner of Canada and provincial privacy regulators if personal information is implicated

The WITS incident response procedure is documented separately and reviewed annually.

10. Compliance frameworks

This policy aligns with the following Canadian and international frameworks:

  • Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Personal Information Protection Act of British Columbia (PIPA BC)
  • Canada’s Anti-Spam Legislation (CASL) for AI-generated email communications
  • The Office of the Privacy Commissioner of Canada’s “Principles for responsible, trustworthy and privacy-protective generative AI technologies” (December 2023)
  • The Treasury Board of Canada’s Directive on Automated Decision-Making (where applicable, noting that WITS does not currently make automated decisions about individuals)

WITS engages BLG (Borden Ladner Gervais LLP) for ongoing legal review of AI deployments and privacy compliance.

11. Changes to this policy

This policy is reviewed at minimum annually and whenever a substantive change is made to an AI system in WITS products. Changes are communicated to subscribers via email at least 30 days before taking effect.

Version history is maintained at the policy changelog.

12. Contact

Topic Contact
Privacy questions about this policy [email protected]
Co-Pilot beta opt-out [email protected]
District procurement review [email protected]
Reporting an AI-related concern [email protected]
General inquiries [email protected]

Appendix A: Glossary

AI (Artificial Intelligence): software that performs tasks typically requiring human intelligence, such as language understanding or text generation. The AI systems WITS uses are based on large language models.

Beta: a limited, supervised release of a feature to a small group of users before general availability.

Co-Pilot: the WITS AI-powered lesson planning assistant.

LiteLLM: a software service that routes requests to different AI models. WITS uses LiteLLM to control which model handles which request and to maintain consistent logging and access control.

LLM (Large Language Model): an AI system trained on large volumes of text to generate human-like language. Examples used by WITS include Azure OpenAI GPT-4o.

PIPEDA / PIPA BC: Canadian and British Columbia privacy laws governing how organizations handle personal information.

System prompt: internal instructions given to an AI model that shape its behavior. The WITS Co-Pilot system prompt directs the model toward inclusive, age-appropriate, WITS-aligned content.

Appendix B: Technical reference for procurement reviewers

This section provides the technical depth a district CIO or privacy officer may need.

B.1 Data flow diagram

Educator browser
    HTTPS POST {grade, strategy, note}
[lessons.wits.foundation - WITS infrastructure, BC, Canada]
    Validates JWT (educator must be authenticated subscriber + beta opt-in)
    Logs request to PostgreSQL CT104
    HTTPS POST to LiteLLM proxy
[LiteLLM proxy - WITS infrastructure, BC, Canada]
    Selects model by routing rule (default: Azure GPT-4o)
    HTTPS POST to Azure OpenAI endpoint
[Azure OpenAI - Microsoft Canada East, Toronto, Ontario]
    Processes request
    Returns generated text
[LiteLLM proxy]
    Returns response to lessons service
[lessons.wits.foundation]
    Logs response, applies branding to lesson PDF
    Returns to educator browser

B.2 Authentication and authorization

  • Educator must hold an active WITS subscription
  • Educator’s account must have beta-opt-in flag set
  • Generation requests use a short-lived JWT issued by the WITS portal
  • JWT contains user ID, school ID (NocoDB), and beta flag, signed with the WITS private key
  • The CT119 service validates JWT signature and expiry before forwarding

B.3 Audit trail

Every generation request is recorded with:

  • Timestamp (UTC)
  • User ID (WordPress)
  • School ID (NocoDB)
  • Strategy and grade
  • Hash of optional context note (not the note itself)
  • Model selected
  • Response time
  • Token usage (input/output)

Audit data is queryable by program staff and reviewable in monthly compliance summaries.

B.4 Network and infrastructure

WITS infrastructure relevant to the Co-Pilot:

  • CT119 (lessons.wits.foundation): FastAPI application, Python 3.12, runs on a Proxmox cluster in Burnaby, BC
  • CT104 (PostgreSQL 17): database for audit logs, runs on the same cluster
  • CT106 (LiteLLM proxy): model routing, runs on the same cluster
  • CT110 (Ollama, optional): local model inference on NVIDIA T4 GPU, used if Azure becomes unavailable

All traffic between the educator browser and lessons.wits.foundation is TLS 1.2+ encrypted. All traffic between WITS services and Azure is TLS-encrypted. No data is transmitted unencrypted.