In plain English
We use AI to help with internal work like ticket triage and drafting. We don’t paste secrets or regulated data into chat tools. When sensitive processing is needed, we use enterprise services with strict controls and where available zero-data-retention endpoints. AI outputs are drafts: a human reviews before anything goes to clients.
1) Purpose and Scope
This policy governs how employees, contractors, and subprocessors use AI systems (Microsoft Copilot for Microsoft 365, Google Gemini, and OpenAI ChatGPT, including API integrations) when handling internal data and client data. It applies to all devices, accounts, and workflows used for company business.
2) Definitions
- PII: Personally identifiable information such as names, emails, phone numbers, addresses, device IDs.
- Sensitive data: PII plus financial data, credentials, PHI, student data, minors data, or any data under contract or regulation.
- AI systems covered: Microsoft Copilot for Microsoft 365, Gemini in Workspace and Google Cloud (Vertex AI), ChatGPT Enterprise or Team, and the OpenAI API.
3) Laws, Standards, and Contracts
We comply with applicable laws and frameworks where clients operate, including the Colorado Privacy Act and any contractual DPAs, BAAs, or SCCs. Client contracts prevail where stricter. We align our oversight with recognized guidance that emphasizes accountability and human review.
Accountability: The Security/Privacy lead owns this policy and performs an at-least annual review. We document AI risks, mitigations, and evidence of human oversight in our QA process.
Regulatory note (Colorado): We monitor Colorado SB24-205 (high-risk AI obligations) taking effect February 1, 2026, and will align where applicable.
4) Data Classification
- Public: Marketing content and public docs.
- Internal: Non public but low risk items such as generic process docs.
- Confidential: Client names, asset metadata, system configs, invoices.
- Restricted (Sensitive): PII, PHI, credentials, payment data, minors data, or client IP marked confidential.
5) Allowed Use Matrix
| Data class | Gemini Workspace | Gemini (Vertex AI) | ChatGPT Enterprise or Team | OpenAI API | Personal or free AI tools |
|---|---|---|---|---|---|
| Public | Allowed | Allowed | Allowed | Allowed | Not for company work |
| Internal | Allowed | Allowed | Allowed | Allowed | Not for company work |
| Confidential | Allowed with redaction and approval | Allowed with project controls | Allowed with redaction and approval | Allowed with zero-data-retention (ZDR) on eligible endpoints and contract controls | Not for company work |
| Restricted (Sensitive) | Prohibited | Permitted only under DPA/BAA, encryption, access controls, and project isolation | Prohibited | Permitted only with ZDR on eligible endpoints, regional controls, and explicit client consent | Not for company work |
Redaction means removing PII, secrets, hostnames, tenant IDs, keys, or uniquely identifying context before prompt submission. Zero-data-retention is a vendor mode where prompts/outputs are not retained for logs.
6) Prohibited Content in Prompts
- Passwords, secrets, API keys, tokens, private certificates.
- Full client datasets or exports. Use small representative samples after redaction.
- Content protected by attorney-client privilege or marked do not disclose.
- Children/minors data or biometric data unless the contract allows it and compliance has signed off.
7) Client Consent and Disclosures
Use AI with client data only when one of the following is true:
- The MSA/SOW/DPA/BAA explicitly authorizes AI processing for defined purposes, or
- The client has provided written consent referencing this policy and the specific workflow.
8) Data Residency and Cross-Border Transfer
- Prefer US processing for US-only clients and EU/EEA processing for EU clients.
- Use vendor features to constrain regions where available (e.g., Vertex AI project regions, OpenAI regional endpoints if enabled).
- Execute SCCs or relevant mechanisms for cross-border transfers and keep a Record of Processing per client.
9) Prompt, Output, and Retention Rules
- Default: retain only metadata (timestamp, user, purpose, tool) in our PSA/ITSM. Do not store full prompts/outputs that contain client data.
- If tickets require retention of AI outputs, store them in the client record with the same classification as the source data.
- All outputs must be fact-checked and scanned for malware before use.
- Outputs are drafts. Technicians validate before delivery.
10) Vendor Configuration
OpenAI (ChatGPT Enterprise & API): Business data from ChatGPT Enterprise isn’t used for training. API inputs/outputs may be retained for up to ~30 days for abuse detection unless we request/enable Zero-Data-Retention (ZDR) on eligible endpoints.
Microsoft Copilot for Microsoft 365: Operates within Microsoft’s enterprise data boundaries and Microsoft Graph with tenant controls, auditing, and retention policies.
Gemini for Google Workspace: Enterprise controls/governance for Workspace tenants with confidentiality commitments and admin settings appropriate for business use.
We disable optional data sharing where offered, enforce SSO/MFA and least-privilege access, and maintain a current vendor register with regions, retention defaults, and security attestations.
11) Security Controls
- Identity: SSO and MFA for all AI tools. Least privilege via groups.
- Network: Allowlist official endpoints. Block unknown AI sites.
- DLP: Enforce clipboard/attachment controls and use DLP for web and email.
- Redaction gateway: Prefer middleware that scrubs PII/secrets before API submission.
- Prompt safety: Train staff to spot prompt injection/data-exfiltration attempts.
- Malware scanning: Scan AI-generated files and scripts before use.
- Logging: Centralize access logs and alert on anomalous use.
12) Human in the Loop & Quality
- All AI outputs provided to clients require human review.
- Technicians remain accountable for accuracy, licensing, and policy compliance.
- For code/scripts, require peer review and testing in non-production before deployment.
Accuracy & claims: AI can be wrong. We validate outputs and avoid marketing statements that overstate accuracy or safety.
13) Incident Response
Treat unauthorized AI disclosure as a potential data incident. Steps: contain, preserve logs, assess data classes/jurisdictions, notify clients per contract or law, report to regulators if required, and update controls after a post-mortem.
14) Training and Enforcement
- Mandatory onboarding and annual refresher on this policy and vendor settings.
- Quarterly spot checks of prompts and outputs for compliance.
- Violations may result in access revocation and disciplinary action.
15) Exceptions
Exceptions must be approved by the Security or Privacy lead with justification, scope, compensating controls, and an expiration date.
Appendix C: Vendor Register (snapshot)
| Vendor | Product | Use case | Regions | Default retention | Training on data | Contract |
|---|---|---|---|---|---|---|
| Microsoft | Copilot for Microsoft 365 | AI assistance in Microsoft 365 apps | US tenant region | Admin set | Not used for training outside tenant | Microsoft DPA |
| Gemini (Workspace) | Drafts and Docs help | US or EU | Admin set | Off by default | MSA and DPA | |
| Vertex AI or Gemini | API workflows | Project region | Configurable | Off by default | DPA and SCCs | |
| OpenAI | ChatGPT Enterprise or Team | Drafts and help | US or EU | About 30 days (admin) | Not used for training | Enterprise terms |
| OpenAI | API | Server-to-server | Endpoint region | 0–30 days (ZDR) | Not used for training | DPA or SCCs |
| Microsoft | Microsoft 365 | Productivity and collaboration | US tenant region | Admin set | Not used for training outside tenant | Microsoft DPA |
| Microsoft | Intune | UEM/MDM | US tenant region | Admin set | N/A | Microsoft DPA |
| Cloudflare | Edge security | DNS, CDN, WAF | Global edge | Service defaults | N/A | DPA and SCCs |
| HubSpot | CRM | Leads and forms | US tenant | Admin set | N/A | DPA and SCCs |
| Formspree | Forms relay | Web form submissions | US | Admin set | N/A | DPA |
| Monday.com | Project management | Tasks and users | US tenant | Admin set | N/A | DPA and SCCs |
| Azure | Cloud infrastructure | Internal systems | US regions | Admin set | N/A | DPA and SCCs |
| AWS | Cloud infrastructure | Internal systems | US regions | Admin set | N/A | DPA and SCCs |