How Skolkoll uses AI

Where AI is actually used on Skolkoll, what controls are in place — and, just as importantly, what the AI does not do. We describe only what is actually built.

Skolkoll uses AI in exactly one place: the assistant Kollen, which answers questions about school statistics in a chat. Everything else on the site — the numbers, the calculations, the pages and the email we send — is produced without AI. This page is an open account of how it all fits together, what safeguards exist and where the limits are. We would rather understate than overstate: a control that is not built is not listed here.

1. Where we use AI

Kollen — the assistant that answers questions about schools

Kollen is an AI-based chat that answers questions about a school, or about school statistics in general. When you ask a question, it is sent — together with the relevant page context — toAnthropic (USA) via their Claude API, which generates the answer. The model that answers isClaude (Sonnet). Kollen requires you to actively consent before the chat starts, and the answers are built on the verified data Skolkoll has already calculated — not on anything the AI makes up.

Anthropic processes your messages as a subprocessor and may retain the content for up to 30 days for security purposes. Skolkoll does not store the message content permanently. The full data-protection details are in theprivacy policy and inData protection and subprocessors.

Outreach email involves no AI at all

Skolkoll occasionally sends email to schools and providers, for example in pilot outreach. It is important to be clear: no AI is involved in composing or sending this email. The messages are built from a deterministic template in which predefined {{variable}} fields are filled in with data from our own registers. There is no language model in that path — every message is predictable and auditable, and no AI writes the text for a recipient.

AI never sets any numbers

All statistics on Skolkoll — merit scores, SALSA results, eligibility rates, the Skolkoll score and every other key metric — are calculated deterministically from source data from agencies such as Skolverket, SCB and Kolada. The AI plays no part in producing, altering or selecting any of it. When Kollen mentions a number, it comes from the verified source data, not from the model. How the numbers are calculated is documented openly on the method page.

2. What controls are in place

Several layers of safeguards surround Kollen. Some are hard guarantees; others are deliberately described as "best-effort" because they can let something through in edge cases — we would rather be honest about the limits than promise more than the code delivers.

Grounding in verified data

On a school page, the server injects the school's verified Skolkoll data as context before the question reaches the model. The system prompt explicitly tells the model to answer "I don't have data for that right now"rather than guess, and to never invent statistics or school names that are not in its context. The source data is the source of truth; the model is expected to stay within it.

Input sanitisation

All fields in the school context are sanitised before being built into the prompt, so that content in the data cannot be interpreted as instructions to the model.

Scoped to school questions

The prompt includes an instruction to ignore attempts to inject new instructions and to answer only questions about schools and school statistics. This is a mitigation, not a guarantee — it reduces the risk of manipulation but cannot rule it out entirely.

Best-effort topic screening

Before a question is answered, it is first classified by a faster model (Claude Haiku) as on-topic or off-topic. This is a best-effort control: if the classification fails, the question is allowed through rather than wrongly blocked (it "fails open"). We therefore never describe it as a safeguard that blocks everything inappropriate. Separately, a circuit breaker can temporarily disable the whole AI chat if the main model fails repeatedly — an availability safeguard, not part of the topic screening.

Request integrity (HMAC signing)

The assistant's messages are signed with HMAC and re-verified on subsequent requests. If a message has been tampered with, the request is rejected. This means the conversation history cannot be forged in transit.

Rate limits

Requests are limited in several ways: a short-term per-IP burst limit, a daily limit and — for signed-in users — a monthly quota. This protects the service against overload and abuse.

Audit logging with a hashed IP

For every AI request, a pseudonymised record is written to the ai-audit-log collection: a SHA-256 hash of your IP address (not the full address), the length of the question and answer (not the content), the school-context code, status and a timestamp. Records are tagged with a TTL of90 days and deleted thereafter. No message content is logged.

An always-visible "AI can be wrong" disclaimer

Every answer from Kollen is automatically appended on the server with a source-and-fallibility disclaimer —"AI-generated summary based on data from Skolverket, SCB and Kolada via Skolkoll.se. Kollen may make mistakes — verify important information." In addition, the chat interface shows a permanent disclaimer carrying the same call to verify:

"Kollen drivs av AI (Claude, Anthropic). Kan göra fel — verifiera viktig information."(Kollen is powered by AI (Claude, Anthropic). It can make mistakes — verify important information.)

The disclaimer is deliberate and permanent. The numeric reasonableness check we run internally is alog — it does not correct or block answers. So the disclaimer stands as the visible safeguard: the source data is the source of truth, the model is grounded on it, and you are always asked to verify important information.

Explicit, revocable consent

Kollen does not start until you have actively consented. You can revoke consent at any time via the "Revoke AI consent" button in the chat. The conversation itself is stored only for the browser session and disappears when you close the tab; the consent remains until you actively revoke it.

3. What the AI does not do

We keep this page honest about the limits: the topic screening fails open, and the instruction to answer only school questions is a mitigation rather than a guarantee. If a safeguard is improved or added, this page is updated accordingly.

Transparency · Privacy policy · Method · Security