ModelCharter

Free tool

The AI usage policy generator

Answer a few questions and get a tailored AI usage policy you can adopt today. It adapts to your industry, how permissive you want to be, what data your team handles, and the rules you are held to. No signup: copy, download or save as PDF.

Live preview, updates as you type

Our company AI Usage Policy

Effective 2026-06-27. Owner: Head of Operations.

This is Our company's policy on the use of artificial-intelligence tools at work. Please read it before using any AI tool for your job.

1. Purpose & scope

This AI Usage Policy applies to all employees, contractors and anyone acting on behalf of Our company who uses artificial-intelligence tools. This includes general assistants (such as ChatGPT, Claude and Gemini), AI features built into software you already use, and any tool that sends our data to a third-party model.

It covers how these tools may be used, what data may and may not be entered into them, and who to ask when you are unsure.

2. Our approach to AI

Our company supports the responsible use of AI tools. This policy explains what is allowed, what is not, and the steps everyone must follow to protect our data and our customers.

  • Use AI to assist your work, not to replace your judgement. You remain accountable for anything you produce with AI.
  • Never enter data into an AI tool that you would not be comfortable sending to an untrusted third party.
  • When in doubt, ask before you paste.

3. Approved tools

Our company keeps a register of AI tools and the status of each. Only use tools that are Approved for the data you are working with.

The approved-tools list is maintained separately and shared with all staff. If a tool is not on it, treat it as not yet approved.

To request a new tool, contact the Head of Operations. New tools are assessed for how they handle our data before approval.

4. What you may and may not put into AI tools

The single most important rule is controlling what data leaves the company.

  • Never enter customer data, confidential business information, trade secrets or unreleased plans into any AI tool.
  • Never enter personal data (names, emails, customer records or any information that identifies an individual) into an AI tool.
  • Never enter credentials, API keys, passwords or secrets.
  • Assume anything you type into a consumer AI tool may be retained by the vendor and, on free tiers, used to train their models.

5. Transparency & disclosure

Be honest about AI's involvement in your work.

  • Clearly tell people when they are interacting with an AI system rather than a person (e.g. an AI chat or phone agent).
  • Label AI-generated or substantially AI-edited images, audio and video where it could mislead.
  • Do not present AI output as the reviewed work of a named expert without their review.

6. Regulatory obligations

The following apply to us specifically:

  • SOC 2: AI tools are governed as subprocessors. Confidential data must not be entered into unapproved tools, and staff acknowledgement of this policy is recorded as evidence.

7. Responsibilities & breaches

The Head of Operations owns this policy, maintains the approved-tools register, and is the point of contact for questions and tool requests.

Everyone is responsible for following this policy. Suspected data exposure through an AI tool must be reported to the Head of Operations immediately so it can be contained.

Breaches may lead to loss of AI-tool access and, for serious or repeated breaches, disciplinary action.

This policy takes effect on 2026-06-27 and will be reviewed at least annually.

AI usage policy questions, answered

What should an AI usage policy include?
At minimum: who it applies to, which AI tools are approved, what data may and may not be entered into AI tools, transparency and disclosure rules, any regulatory obligations (EU AI Act, GDPR, HIPAA, SOC 2), and who owns the policy and handles breaches. ModelCharter's generator produces all of these, tailored to your answers.
Is this AI usage policy template free?
Yes. The generator is free with no signup. You can copy the policy, download it as Markdown, or save it as a PDF. Treat it as a strong starting point, and have your own legal or compliance advisor review it before adopting.
How is this different from a static template?
A static template is one-size-fits-all. This generator changes the actual clauses based on your industry, risk stance, what data your team handles, your approved tools and which regulations apply, so you get a policy that fits your company, not a generic document.