Pilot program

30 days. Written criteria.
No ambiguity.

Mandate pilots are structured so you know exactly what you are evaluating and what a successful outcome looks like before the pilot begins. Success criteria are agreed in writing before day one.

Request a pilot conversation How Mandate works

Who this is for

Canadian organizations where sensitive data in AI tools is a real and present risk, not a hypothetical.

If you lead security, IT, compliance, legal, or privacy, this is the conversation.

Financial services Healthcare Legal Accounting HR & professional services SaaS

How a pilot works

Four steps. No surprises.

Every pilot follows the same structure. The criteria drive every conversation, not pressure to convert. If the pilot doesn't produce a clear answer, we're not interested in running it.

  1. Discovery conversation

    A 30-minute call to understand your environment: what AI tools your organization uses, how traffic flows, what data your people work with, and what you need to prove to auditors, counsel, or leadership. We'll tell you honestly if a Mandate pilot is the right fit at this stage.

  2. Kickoff and written criteria

    Before day one, we agree in writing: which connector path we're using, which traffic we're routing through Mandate, and the specific measurable outcomes that define a successful pilot for your program. There's no "let's see how it goes."

  3. 30 days on real traffic

    Policy enforcement and audit logging are live on the traffic you've routed through Mandate. Your admin can see policy decisions and audit records from day one. We're available throughout for configuration questions and to make sure the deployment is working as designed.

  4. Day 31 evaluation

    We evaluate the pilot against the criteria agreed at kickoff. If criteria are met, we discuss a paid arrangement starting day 31. If you need more time, we can extend in writing. There's no surprise billing and no pressure. The criteria drive the conversation.

Prerequisites

Four things that need to be true

  • Sensitive data in AI tools is a live concern, not a hypothetical

    Your organization is already using AI tools, or your people are, with or without IT's knowledge. The question of where that data goes, whose legal reach applies to it, and whether “we’re on a Canadian region” is a satisfying answer to your auditors or counsel: that’s the context Mandate is built for. If this is a future problem you’re planning around, we’re probably too early.

  • You’ll have a straight 30-minute conversation first

    We assess fit honestly and will tell you in the call if a pilot doesn’t make sense right now. We cover the AI tools in use, how traffic flows, what data types are at risk, and what you’d need to show at day 31. If the fit isn’t there, better to know in 30 minutes.

  • One person who can configure a connection

    The gateway path requires changing one API base URL. The forward proxy path requires a network-level proxy setting. No software is distributed to employees. The configuration conversation typically takes under an hour.

  • Stakeholder agreement before day one

    IT, security, and the relevant department stakeholders need to agree on which traffic gets routed and what success looks like. Success criteria require someone with the authority to approve them. This can’t be a skunkworks project. The pilot needs to matter to the people who will act on the results.

Evaluation structure

Typical success criteria

Success criteria are specific to your organization and agreed at kickoff. Common examples from past pilots, each measurable, observable, and agreed before day one.

  • Policy trigger volume

    Number of warn, redact, or block events per week on routed traffic. Establishes a baseline your security and compliance program can act on and report against.

  • Audit log accessibility

    Admin can retrieve a timestamped, structured record for any given day within the pilot window on demand. No hunting. No manual reconstruction. The record exists or it doesn't.

  • Coverage target

    A defined percentage of target AI traffic successfully routed through Mandate by the end of the pilot. Agreed at kickoff based on your connector path and deployment constraints.

  • Risk event reduction

    Measurable decrease in high-risk-content events (e.g., PII in prompts) compared to pre-pilot baseline where data is available. Demonstrates governance impact, not just that traffic is flowing through the system.

We're not interested in pilots that don't produce a clear answer. Success criteria exist so day 31 is a decision, not a negotiation.

What happens next

After the pilot

Day 31 is a structured conversation, not a sales call. The criteria you agreed at kickoff are the only thing that matters.

Criteria met

We move to a paid subscription or annual arrangement starting day 31. Pricing is based on the scope of your deployment: connectors used, users covered, and tier. We discuss the right structure during the pilot, not after.

Criteria not met

We'll tell you why and what would need to change. We don't push you to convert when the pilot hasn't delivered the results it was designed to produce. The criteria are the arbiter.

Talk to the person
who built the product.

Email or call to request a discovery conversation. Mention that you're interested in the pilot program and briefly describe your organization type and the AI tools your team uses. That helps us make the first call productive.

Contact us Read the FAQ

contact@mandateco.ca  ·  1-905-630-1908