AI policy template for small businesses
A simple AI policy is one of the highest value documents a small business can write. It protects you, gives the team confidence, and makes it easier to say yes to new tools. This template covers the basics. Adapt it to your business and check it with your legal advisor.
1. Purpose
We use AI tools to do good work faster. This policy explains what is allowed, what is not, and what we expect of each other when using these tools.
2. Approved tools
Only tools listed on the approved tools page may be used for company work. New tools must be approved by [owner] before use. Free or personal accounts of approved tools are not permitted for company work.
3. Data we will not paste into AI tools
- 01Customer personal data, including names tied to records
- 02Financial information that is not already public
- 03Contracts, legal advice or anything covered by NDA
- 04Login details, passwords or API keys
4. Quality checks
AI output is a draft. Before anything written by AI is sent to a customer, signed, published or used in a decision, a person must read it end to end and take responsibility for it.
5. Disclosure
We do not need to disclose every use of AI internally. We do disclose where it is meaningful, such as when AI is the main author of customer-facing content.
6. Questions
If you are unsure whether a use is allowed, ask [owner] before doing it. We would rather answer one extra question than fix a problem.