Skip to main content
AI tool & vendor evaluation

The demo is polished. The terms are where the risk lives.

AI tool and vendor evaluation from Aun & Co.: data handling, contractual terms, security posture and exit routes assessed before your workflows depend on them.

Choosing an AI vendor is signing a data relationship, and the important part is in the clauses nobody demos: whether your inputs train their models, where the data sits and for how long, which sub-processors touch it, what the liability terms actually leave you, and what exit looks like when you need one. The firm evaluates tools and vendors against a fixed legal battery — the same one it applies before any system touches its own practice — and returns a comparison a decision-maker can act on without reading a single vendor contract.

The work spans
  • Data-handling analysis: training rights, retention, residency, deletion
  • Sub-processor and supply-chain review behind the vendor
  • Contract-terms assessment: liability, warranties, audit, change rights
  • Security and certification posture read against your duties
  • Exit and lock-in analysis: portability, deletion proof, dependencies
  • Two or three tools made the shortlist and the differences that matter are contractual, not functional.
  • A vendor's standard terms arrived as non-negotiable and you need to know if that is acceptable or fatal.
  • Client confidentiality or regulatory duties constrain what any tool may touch, and the vendors' answers are vague.
  • A tool is already embedded in your operations and its terms have never had a legal read.

Every candidate runs the same gauntlet, because comparability is the point: a fixed question set across data handling, terms, security and exit, scored from the documents the vendor actually signs — not the website. Deal-breakers are separated from negotiables, and for the negotiables the firm drafts the amendment asks. The output is a ranked comparison with a recommendation: adopt, adopt-with-amendments, or walk.

04 · What you get

A fixed battery

Every vendor scored against the same legal question set — the evaluation the firm runs on its own tools, applied to yours.

The documents, not the demo

Findings sourced from the terms the vendor will actually sign, where the marketing and the contract routinely disagree.

Amendments drafted

For fixable gaps, the evaluation includes the negotiation asks — turning a risk report into a procurement position.

A typical engagement: a shortlist of three document-AI vendors, functionally similar, evaluated on their paper. One trains on customer inputs by default, one holds data in an unacceptable jurisdiction, one is clean but for a liability cap — which the drafted amendment fixes. The choice makes itself.

Described in abbreviated, anonymised form to preserve client confidentiality.

What should be checked before adopting an AI tool?

Four fronts in order: data handling — training rights, retention, residency; the contract — liability, warranties, unilateral-change clauses; the supply chain — who the sub-processors are; and exit — portability and proof of deletion. Function matters only after all four survive.

Do AI vendors train their models on customer data?

Some do by default, some on opt-out, some contractually never — and the answer often differs between the consumer and enterprise tiers of the same product. The only reliable source is the signed terms, which is precisely what the evaluation reads.

Can vendor terms be negotiated, or are they take-it-or-leave-it?

More is negotiable than vendors suggest, particularly at enterprise tiers: training exclusions, retention limits, liability floors and audit rights are routinely amended. The evaluation identifies which gaps are negotiable and drafts the asks — leverage is highest before signature.

Start a conversation.

The firm replies within one business day.