AI Tool Use Policy

Effective [date] · Industry: [industry] · Applies to all employees and contractors

1. Purpose

This policy sets out how [Company Name] expects its team members to use generative AI tools (ChatGPT, Claude, Gemini, Copilot, and similar) in their day-to-day work. The purpose is to let people use these tools where they add value, without putting confidential company or customer data at risk.

2. Approved tools

The following AI tools are approved for use on company work:

Any AI tool not listed above requires approval from [escalation contact] before first use.

3. What must never be pasted into any AI tool

The following data categories are off-limits — even in licensed or enterprise-tier accounts, unless the tool is explicitly configured for company-grade data handling (private endpoint, no-training mode, under signed contract):

4. Grey areas and how to handle them

If you aren’t sure whether something should be pasted — ask before you paste. Send a quick WhatsApp to [escalation contact]. A 30-second check is cheaper than an irreversible leak.

When in doubt, use the one-minute test: “If this ended up in a competitor’s hands, screenshotted by someone outside the company, or surfaced in a regulatory inquiry — would we regret the paste?” If yes, don’t paste.

5. Consequences of a policy violation

A first violation will be treated as a training opportunity — we meet, we understand, we update. Repeat or intentional violations, or any single violation involving customer data, will be treated as a serious breach and may result in disciplinary action, including termination.

6. Review

This policy will be reviewed every six months. AI tools evolve quickly — what’s safe today may not be next quarter. If a new tool lands in your workflow, raise it at the next team meeting so we can update the approved list.