Trust, Security & Procurement
Archivers.ai is the AI processing and access layer for archives and museums. It sits in front of your repository or collections system — it is not the system of record. This page answers the questions procurement, IT, and information governance teams ask before any project.
No. Archivers.ai is an AI processing and access layer. It generates and holds draft metadata during processing and review, and it powers staff Explore and public-facing discovery. Your repository, collections management system, or preservation platform (AtoM, ArchivesSpace, Axiell, Modes, Adlib, Preservica, Archivematica, or your own CMS) remains the authoritative system of record.
This is a deliberate design choice. We do not ask you to migrate off a system you already depend on. We ask you to let us process digitised backlogs, map to your standards, and export cleanly into what you already run.
Customer data is stored on infrastructure operated in accordance with UK and EU data-protection expectations. Storage region can be discussed as part of the scoping conversation for institutional projects, particularly where specific residency requirements apply.
Data in transit is encrypted using TLS. Data at rest is encrypted on the underlying storage. Access to production data is restricted to named staff and logged.
You do. Customer collections, source files, generated draft metadata, reviewed metadata, exports, and audit history belong to the customer. Archivers.ai acts as a processor of that data. We do not claim any ownership of your collection, your metadata, or your exports.
Customer collection data is not used to train foundation AI models. We follow the no-training commitments offered by our AI model providers for business and enterprise usage. Where a specific provider policy is relevant to a procurement process, we will share the applicable terms as part of that process.
Aggregated, non-identifying operational metrics (processing volumes, error rates, system health) are used to improve the platform. No customer metadata, file content, or imagery is included in those metrics.
You can delete your data at any time. Deletion takes effect promptly in the working copy, and in backups and operational stores within a defined retention window, after which the data is unrecoverable.
At project end, or at customer request, we will:
Every record processed in Archivers.ai can be exported into one or more of the following open, standards-based formats:
See the Export formats page for annotated examples, and Standards for the underlying schema work.
Archivers.ai is built on the principle that nothing is published without archivist review. Every AI-generated description is a draft until a human reviewer has signed it off. The platform surfaces confidence flags, source evidence, and the AI rationale for every suggestion, so reviewers can make informed decisions quickly.
For institutional projects we agree review policies during scoping — for example, mandatory review for all records in a fonds, sampling-based review for low-risk material, or stricter review for PII-sensitive material.
Archivers.ai uses a small set of well-known large language and vision models to generate draft metadata. The platform is model-agnostic at the application layer: the specific model used for a given task can change as better or more appropriate options become available, and different tasks (text, image, audio) may route to different models.
We prefer providers with strong business-use no-training commitments and transparent safety practices, and we prefer European-based providers where the capability fit is equivalent. For any institutional project, we will disclose the specific models in use as part of the scoping conversation.
Every AI-assisted field carries a per-field confidence indicator based on signals from the underlying model and any supporting evidence (e.g. OCR quality, entity recognition certainty, image classification score). Confidence is shown alongside the suggestion in the review UI, so archivists can prioritise their attention on the fields that matter most.
Confidence flags are advisory. They do not replace archivist judgement, and the platform does not treat any field as “auto-approved” on the basis of a high confidence score.
For every record, Archivers.ai records provenance for AI-assisted fields including model, timestamp, and review state. This includes:
Provenance travels with the record on export — for example, recorded in PREMIS events inside a BagIt package, so that downstream systems can see that AI-assisted cataloguing was used, how it was reviewed, and by whom.
Archivers.ai relies on a small, declared set of sub-processors:
The current list, with purposes and data scope, is shared under NDA for institutional procurement processes. We notify customers of material changes to the sub-processor list before they take effect.
We aim for the Archivers.ai platform UI and any public-facing access products (staff Explore, public discovery portal) to meet Web Content Accessibility Guidelines (WCAG) 2.2 at Level AA as the working target. Where a component does not yet meet that bar, we will say so and share the known gaps, rather than overclaim.
For funded digitisation projects that have specific accessibility requirements, we incorporate those into scoping and export profile configuration.
You can leave at any time. Because Archivers.ai is not the system of record and every record exports in open formats, there is no lock-in at the data layer. On exit:
If you need a specific answer for an IG, IT, or procurement process (DPIA, DPA, sub-processor list, security questionnaire, accessibility statement), the fastest route is to start a scoping conversation and tell us which documents you need.