Skip to main content
RoBlueprintRoBlueprint

Guide

AI policy template for small teams (a one-page AUP)

Your team is already using AI at work. The only question is whether they're doing it with guardrails. Here's a one-page acceptable-use policy you can actually adopt - written in English, not legalese.

Why you need one (even at 8 people)

Two things you don't want: customer data sitting in a free chatbot somewhere, or contracts and pricing leaking via a personal account. A one-page policy plus a 15-minute team meeting covers 95% of the risk for a small business.

Long policies don't get read. Short, specific ones do. The version below is the one I hand to clients to start from.

The template (copy and adapt)

AI ACCEPTABLE USE - [COMPANY NAME]
Effective: [DATE]   Owner: [NAME]

We use AI tools to work faster and better. This page is how
we do that without creating problems for our customers or
our company.

1. APPROVED TOOLS
   Use only the AI tools on the approved list:
   - [e.g. ChatGPT Business via company SSO]
   - [e.g. Claude for Work via company SSO]
   - [e.g. Fathom for meeting notes]
   Personal accounts are not approved for work use.
   New tools? Ask [owner] before piloting.

2. WHAT YOU CAN PASTE IN
   - Public information about our company or industry.
   - Internal drafts, notes, brainstorms, marketing copy.
   - Code snippets that contain no secrets or credentials.

3. WHAT YOU CANNOT PASTE IN
   - Customer PII (names + contact + anything sensitive).
   - Pricing, contracts, or proposals tied to a named customer.
   - Employee personal info, performance, or compensation.
   - Credentials, API keys, passwords - ever.
   - Anything covered by an NDA.

4. HUMAN IN THE LOOP
   - AI drafts are drafts. A person reviews before it goes
     to a customer, vendor, partner, or the public.
   - Numbers, dates, names, and quotes must be verified
     against the source.

5. ATTRIBUTION
   - You don't need to label every AI-assisted email.
   - You do need to label AI-generated images, code that
     ships to production, and public-facing analysis.

6. WHEN IN DOUBT
   Ask [owner] in #ai-questions. There are no dumb
   questions here - we'd rather pause for 30 seconds
   than ship something we can't take back.

7. CONSEQUENCES
   Honest mistakes: we fix and learn.
   Repeated or willful violations: standard discipline
   per the employee handbook.

Signed: ______________________   Date: __________

How to roll it out

  1. Adapt the bracketed parts. Keep it one page.
  2. Run a 15-minute all-hands. Read it together. Take questions.
  3. Have every employee sign once. Re-circulate annually.
  4. Create a #ai-questions channel. Make it psychologically safe to ask.
  5. Review the approved-tools list every quarter.

A few things to know

  • This is not legal advice - if you're in a regulated industry (healthcare, finance, legal), have counsel review.
  • Free consumer chatbots train on your inputs by default. Paid business tiers usually don't. That's the single biggest reason to standardize on approved tools.
  • The policy that gets enforced is the policy people remember. Short wins.

Adopt this and you've handled the AI-governance question that's probably been nagging at you - in an afternoon, not a quarter.

More guides on the guides index.

Related

Keep exploring

Next step

Want this applied to your business?

Grab 30 minutes and we'll talk through what's slowing your team down and where AI actually fits.

Book a 30-min callrob@roblueprint.com