AI acceptable use policy template for AI tools like ChatGPT and Claude.

This policy describes how employees of [COMPANY NAME] may use generative AI tools. The goal is to capture the productivity benefit of AI while preventing sensitive data from leaving the company environment and ensuring AI use complies with applicable laws and contractual obligations.

This policy applies to all employees, contractors, and third parties operating on [COMPANY NAME] systems or accounts. It covers all generative AI tools, whether browser-based, desktop, mobile, IDE-integrated, or API-accessed, including but not limited to ChatGPT, Claude, and Gemini, and any successor or equivalent tool.

Approved AI tools for company use are listed at [APPROVED AI TOOLS LINK]. Approved tools have been reviewed for data handling, retention, and contractual fit, and are accessed through company-provisioned accounts. Use of unapproved AI tools for company work is prohibited. New tools require review before use; submit a request to [SECURITY TEAM EMAIL].

The following data classes must not be submitted to any AI tool, approved or otherwise, unless explicitly permitted by an exception under section 8:

- Personally identifiable information (PII), including names, addresses, government identifiers, and customer records. - Protected health information (PHI), including patient identifiers, MRNs, and clinical records. - Credentials of any kind: API keys, OAuth tokens, private keys, database connection strings, passwords. - Proprietary source code containing internal architecture references, embedded secrets, or non-public algorithms. - Material non-public information (MNPI), including deal documents, earnings drafts, and forecasts. - Customer data covered by contractual confidentiality obligations. - Privileged legal communications and litigation work product. - Internal codenames, unreleased product details, and competitive strategy.

Employees may use approved AI tools for, among other things:

- Summarization of non-sensitive content. - Drafting and editing of communications, with human review before sending. - Code assistance for non-proprietary or open-source code. - Research, comparison, and explanation of public information. - Brainstorming, outlining, and idea generation.

When in doubt, treat AI as you would treat sending the same content to an external vendor without an NDA.

AI output is not authoritative. Employees are responsible for reviewing, fact-checking, and approving any AI-generated content before it is shared internally or externally, and are accountable for the result as if they had written it themselves. AI must not be used as the sole decision-maker for actions affecting customers, employees, or financial outcomes.

Where a workflow legitimately benefits from AI assistance and would otherwise require sensitive data, employees must redact identifying information before submission. Replace names, identifiers, and specific values with placeholders ('[CUSTOMER]', '[DATE]', '[ACCOUNT]') so the AI tool can help with the underlying question without seeing the sensitive content. The company's AI control platform automates this where possible.

If a business need requires submission of data that would otherwise be prohibited, employees must request an exception in advance from [SECURITY TEAM EMAIL] or [PRIVACY TEAM EMAIL]. Exceptions are time-bound, scoped to specific data and tools, and recorded. Do not act first and ask later.

AI usage is logged at the company level. Logs include user identity, AI tool, timestamps, policy decisions, and detected sensitive-data categories. Logs do not retain prompt content. Log review is performed by [SECURITY TEAM] in accordance with the company's monitoring and privacy policies.

This policy is enforced through both technical controls and management review. Technical controls include browser-level detection, redaction, and blocking of prohibited data in AI prompts. Management review includes follow-up on logged events and escalation of repeated violations. Violations of this policy may result in disciplinary action up to and including termination, and may trigger reporting to regulators or counterparties as required by law or contract.

Employees must complete the AI acceptable use training within [N DAYS] of joining and annually thereafter. Acknowledgement of this policy is required to retain access to approved AI tools.

This policy is reviewed at least annually and on material change to the AI tool landscape, regulatory environment, or company business. Last reviewed: [DATE]. Owner: [POLICY OWNER].

Workflow: support agent pastes a long ticket history into ChatGPT to draft a reply.

Data classes to redact: - Customer name → [CUSTOMER_NAME] - Customer email → [EMAIL] - Customer phone → [PHONE] - Account number → [ACCOUNT] - Ticket ID → [TICKET]

Recommended action: redact-and-continue (one-click). Audit-log every redaction. Hard-block if a credential or government identifier is detected (those should not be in a support ticket; if they are, escalate).

Workflow: clinician pastes a chart note into ChatGPT for a one-paragraph summary.

Data classes to redact: - Patient name → [PATIENT] - Date of birth → [DOB] - MRN / patient ID → [MRN] - Provider name → [PROVIDER] - Address → [ADDRESS] - Claim ID → [CLAIM_ID]

Recommended action: redact-and-review (clinician approves before submission). Hard-block for research workflows that should not have any external AI exposure. Audit-log every event for HIPAA review.

Workflow: engineer pastes a stack trace or a function into Claude for debugging help.

Data classes to handle: - API keys, tokens, private keys → HARD BLOCK (no redaction). Notify the user; rotate the credential. - Database connection strings → HARD BLOCK. - Internal package names → redact → [INTERNAL_PACKAGE] - Internal hostnames → redact → [INTERNAL_HOST] - Customer-specific identifiers → redact → [CUSTOMER]

Recommended action: hard block for credentials, redact-and-coach for internal references, allow general code.

Workflow: analyst pastes a research note or earnings draft into AI for editing.

Data classes to handle: - Deal codenames → HARD BLOCK if on the active list; allow if on the public list. - MNPI markers (deal documents, earnings drafts, watch list entries) → HARD BLOCK. - Customer account numbers → redact → [ACCOUNT] - Counterparty names (restricted list) → HARD BLOCK if on the list.

Recommended action: hard block MNPI categories; redact account-level PII; allow general research-and-drafting workflows. Logs export to surveillance tooling.

Workflow: attorney pastes a draft argument or memo into AI for drafting help.

Data classes to handle: - Client names → redact → [CLIENT] - Matter ID → redact → [MATTER] - Opposing party names → redact → [OPPOSING_PARTY] - Restricted counterparty (active deal) → HARD BLOCK if on list. - Privileged communications markers → HARD BLOCK by default; allow with exception.

Recommended action: redact identifiers, hard block privileged content, allow general drafting and research.