Free template from Sayfe.ai · Take the AI Compliance Assessment
Sayfe.ai
An authorized OpenAI SMB Channel Partner · sayfeai.com

AI Acceptable Use Policy

[Company Name] · Effective date: [Date] · Owner: [Policy Owner / Title] · Version 1.0

1. Purpose

This policy sets out how employees and contractors of [Company Name] may use artificial-intelligence (AI) tools — including ChatGPT, ChatGPT Business, and similar generative-AI services — in a way that is productive, lawful, and protective of our customers, data, and reputation.

2. Scope

This policy applies to all employees, contractors, and temporary staff who use AI tools for any work-related purpose, on any device, whether company-provided or personal.

3. Approved tools

Only company-approved AI tools may be used for work involving company or customer information. As of the effective date, approved tools are: [e.g., ChatGPT Business workspace provisioned by the company]. Use of personal or free AI accounts for work that involves any non-public information is prohibited.

4. Data handling rules

Data typeAllowed in approved AI tools?
Public / marketing contentYes
Internal non-sensitive content (drafts, templates, SOPs)Yes, in the approved workspace
Customer personal data (PII)Only with approval and only in tools contractually barred from training on it
Protected health information (PHI)No — only in a BAA-eligible tool (e.g., ChatGPT for Healthcare / API under a BAA)
Payment / financial account data, secrets, credentialsNever
Privileged or confidential legal materialNo, unless cleared by counsel

5. Required practices

Employees must: (a) verify AI output for accuracy before relying on or sending it; (b) keep a human in the loop for any decision that affects a person (hiring, credit, pricing, customer outcomes); (c) disclose AI-generated content where law or contract requires; and (d) report any suspected data exposure to [security contact] immediately.

6. Prohibited uses

Do not use AI to: make final consequential decisions about a person without human review; generate discriminatory, harassing, or misleading content; impersonate a real person; circumvent security controls; or process data types marked "Never" above.

7. Compliance with law

Our AI use must comply with applicable law, which may include the Colorado AI Act (SB 26-189 / ADMT), the EU AI Act, NYC Local Law 144 and similar automated-employment rules, the FCC consent rules, HIPAA, and federal/state non-discrimination law. The policy owner will review this policy at least every [6 / 12] months.

8. Acknowledgement

I have read and agree to follow this AI Acceptable Use Policy.

Employee name & signature
Date
Tip: pair this policy with the Employee AI Notice and the AI Vendor & Impact Assessment templates (also free from Sayfe.ai) for a complete starter governance set.
Educational template — not legal advice. This template is provided by Sayfe.ai as a free starting point and does not constitute legal advice or create an attorney-client relationship. AI regulations change frequently; have qualified counsel review and adapt this document for your jurisdiction and circumstances before adopting it.

© 2026 Sayfe.ai, an authorized OpenAI SMB Channel Partner (operated by Vandelay Consulting Inc.), Houston, Texas. Reuse and edit freely for your own business. Learn more or book a free 15-minute compliance review at sayfeai.com/compliance-assessment.