Legal
Model Governance, Training Sources & Copyright
This statement summarises how Bee models and adapters are sourced, trained, evaluated, released, and governed. It is HEOSSI's public copyright-compliance policy and general-purpose AI training-content summary, proportionate to the information currently available to us.
1. Model architecture and provenance
- Bee combines third-party foundation models, HEOSSI-trained LoRA/domain adapters, routing and safety systems, retrieval, and optional external generation providers. The exact model served depends on tier and route and is disclosed through the models and facts surfaces.
- Upstream model weights remain subject to their upstream licences. HEOSSI does not claim authorship of an upstream foundation model merely because Bee routes to or adapts it.
2. Training-content summary
- Main categories used for HEOSSI adapters and evaluations include: synthetic instruction and correction data produced by contracted teacher models; HEOSSI-authored domain and safety examples; openly licensed datasets mirrored with source metadata; public-domain government data such as vulnerability and biomedical metadata; scholarly metadata and abstracts from sources such as OpenAlex and arXiv subject to source terms; attributed Wikipedia summaries; and user interactions only after explicit Improve Bee opt-in.
- Representative public dataset families referenced by the pipeline include OpenOrca/SlimOrca, Dolly, OpenHermes-style instruction data, OpenAlex metadata, arXiv metadata/abstracts, Wikipedia CC BY-SA material, NVD/CISA vulnerability data, and PubMed/NCBI records. Inclusion in the pipeline configuration does not mean every item was used in every released adapter.
- We do not publish confidential dataset contents or security-sensitive offensive research corpora. Model cards and release records identify material sources and licence information available for the specific release.
3. Copyright and rights reservations
- Training ingestion must record source and licence/provenance metadata where available. We prefer public-domain, permissively licensed, attributed, synthetic, or rights-cleared sources and exclude sources known to prohibit the intended use.
- We honour machine-readable rights reservations and lawful opt-outs that apply to text-and-data mining where technically detectable and legally required. Crawlers must identify themselves, respect access controls, and must not bypass paywalls, authentication, robots controls, or technical protection measures.
- Rights holders may identify a work or dataset and request investigation or future-training exclusion at bee-dmca@heossi.com. Provide the work, source URL or dataset identifier, rights basis, and enough information to locate it.
4. Evaluation and release governance
Adapters are evaluated for task quality, unsafe cyber behaviour, prompt injection, secret leakage, tenant isolation, hallucinated claims, and relevant restricted-domain risks before release. Release gates and signed facts provide evidence of tested claims; passing an internal evaluation is not a certification or guarantee of error-free output.
5. Known limitations and downstream duties
Models may hallucinate, reproduce biases, emit similar material, or fail under adversarial input. Deployers must test for their context, provide human oversight, disclose AI interaction where required, preserve logs appropriate to risk, and comply with sector rules. Bee shared tiers are not authorised as the sole decision-maker for legally significant decisions.
6. Serious incidents and corrective action
Report security incidents to bee-security@heossi.com, illegal-content issues to bee-abuse@heossi.com, and copyright issues to bee-dmca@heossi.com. We may disable a model or feature, revoke a release, change routing, add mitigations, notify affected customers, preserve evidence, and cooperate with competent authorities where legally required.
7. EU AI Act posture
Where HEOSSI qualifies as a provider placing a general-purpose AI model on the EU market, we intend this policy and training summary to support the copyright and transparency duties applicable to that role. Technical documentation, downstream information, representative appointment, systemic-risk assessment, and incident-reporting duties are tracked separately and will be completed when legally triggered. This statement does not claim conformity before those controls are complete.
8. Updates
We update this summary when a materially different model family, data-source category, training method, or legal obligation enters production. Model-specific cards and signed release records control where they provide more precise information.
Questions about this document? Contact bee-legal@heossi.com. Service of process: bee-legal@heossi.com (HEOSSI (Pte.) Ltd., Singapore).
Counter-signed copies on request. The text on this page is the canonical published version. For procurement teams that need a counter-signed copy of the Terms, DPA, or Order Form, email bee-legal@heossi.com. Where there is conflict between this page and an executed counter-signed agreement, the counter-signed agreement controls.