1) Purpose and Scope
This policy governs how employees, contractors, and subprocessors use AI systems (Microsoft Copilot for Microsoft 365, Google Gemini, and OpenAI ChatGPT, including API integrations) when handling internal data and client data. It applies to all devices, accounts, and workflows used for company business.
2) Definitions
- PII: Personally identifiable information such as names, emails, phone numbers, addresses, device IDs.
- Sensitive data: PII plus financial data, credentials, PHI, student data, minors data, or any data under contract or regulation.
- AI systems covered: Microsoft Copilot for Microsoft 365, Gemini in Workspace and Google Cloud (Vertex AI), ChatGPT Enterprise or Team, and the OpenAI API.
3) Laws, Standards, and Contracts
We comply with applicable laws and frameworks where clients operate, including the Colorado Privacy Act and any contractual DPAs, BAAs, or SCCs. Client contracts prevail where stricter.
4) Data Classification
- Public: Marketing content and public docs.
- Internal: Non public but low risk items such as generic process docs.
- Confidential: Client names, asset metadata, system configs, invoices.
- Restricted (Sensitive): PII, PHI, credentials, payment data, minors data, or client IP marked confidential.
5) Allowed Use Matrix
| Data class | Gemini Workspace | Gemini (Vertex AI) | ChatGPT Enterprise or Team | OpenAI API | Personal or free AI tools |
|---|---|---|---|---|---|
| Public | Allowed | Allowed | Allowed | Allowed | Not for company work |
| Internal | Allowed | Allowed | Allowed | Allowed | Not for company work |
| Confidential | Allowed with redaction and approval | Allowed with project controls | Allowed with redaction and approval | Allowed with zero data retention and contract controls | Not for company work |
| Restricted (Sensitive) | Prohibited | Permitted only under DPA or BAA, encryption, access controls, and project isolation | Prohibited | Permitted only with zero data retention, regional controls, and explicit client consent | Not for company work |
Redaction means removing PII, secrets, hostnames, tenant IDs, keys, or uniquely identifying context before prompt submission. Zero data retention is a vendor mode where prompts and outputs are not retained for logging.
6) Prohibited Content in Prompts
- Passwords, secrets, API keys, tokens, private certificates.
- Full client datasets or exports. Use small representative samples after redaction.
- Content protected by attorney client privilege or marked do not disclose.
- Children or minors data or biometric data unless the contract allows it and compliance has signed off.
7) Client Consent and Disclosures
Use AI with client data only when one of the following is true:
- The MSA or SOW or DPA or BAA explicitly authorizes AI processing for defined purposes, or
- The client has provided written consent referencing this policy and the specific workflow.
8) Data Residency and Cross Border Transfer
- Prefer US data processing for US only clients and EU or EEA processing for EU clients.
- Use vendor features to constrain regions where available (Vertex AI project regions, OpenAI regional endpoints if enabled).
- Execute SCCs or relevant mechanisms for cross border transfers and keep a Record of Processing per client.
9) Prompt, Output, and Retention Rules
- Default: retain only metadata (timestamp, user, purpose, tool) in our PSA or ITSM. Do not store full prompts or outputs that contain client data.
- If tickets require retention of AI outputs, store them in the client record with the same classification as the source data.
- All outputs must be fact checked and scanned for malware before use.
- Outputs are drafts. Technicians validate before delivery.
10) Vendor Configuration
Gemini (Workspace and Google Cloud): Use paid enterprise offerings. Disable optional data sharing where available. For Vertex AI projects, enable governance controls (project isolation, IAM, logging, DLP) and configure regions.
OpenAI (ChatGPT Enterprise or Team and API): Use company owned accounts with SSO and role based access. For API workloads handling Confidential or Restricted data, enable Zero Data Retention for eligible endpoints and avoid logging payloads in application logs. Set organization wide data controls so prompts and outputs are not used for training.
Microsoft Copilot for Microsoft 365: Use tenant controls, label sensitivity, and restrict plugin or connector permissions according to least privilege. Review audit logs and activity explorer regularly.
Maintain a current Vendor Register with sub processors, regions, retention defaults, and security attestations.
11) Security Controls
- Identity: SSO and MFA for all AI tools. Least privilege via groups.
- Network: Allowlist official endpoints. Block unknown AI sites.
- Data loss prevention: Enforce clipboard and attach controls and use DLP for web and email.
- Redaction gateway: Prefer middleware that scrubs PII and secrets before API submission.
- Prompt safety: Train staff to spot prompt injection and data exfiltration attempts.
- Malware scanning: Scan AI generated files and scripts before use.
- Logging: Centralize access logs and alert on anomalous use.
12) Human in the Loop and Quality
- All AI outputs provided to clients require human review.
- Technicians remain accountable for accuracy, licensing, and policy compliance.
- For code or scripts, require peer review and testing in non production before deployment.
13) Incident Response
Treat unauthorized AI disclosure as a potential data incident. Steps: contain, preserve logs, assess data classes and jurisdictions, notify clients per contract or law, report to regulators if required, and update controls after a post mortem.
14) Training and Enforcement
- Mandatory onboarding and annual refresher on this policy and vendor settings.
- Quarterly spot checks of prompts and outputs for compliance.
- Violations may result in access revocation and disciplinary action.
15) Exceptions
Exceptions must be approved by the Security or Privacy lead with justification, scope, compensating controls, and an expiration date.
Appendix C: Vendor Register (snapshot)
| Vendor | Product | Use case | Regions | Default retention | Training on data | Contract |
|---|---|---|---|---|---|---|
| Microsoft | Copilot for Microsoft 365 | AI assistance in Microsoft 365 apps | US tenant region | Admin set | Not used for training outside tenant | Microsoft DPA |
| Gemini (Workspace) | Drafts and Docs help | US or EU | Admin set | Off by default | MSA and DPA | |
| Vertex AI or Gemini | API workflows | Project region | Configurable | Off by default | DPA and SCCs | |
| OpenAI | ChatGPT Enterprise or Team | Drafts and help | US or EU | About 30 days (admin) | Not used for training | Enterprise terms |
| OpenAI | API | Server to server | Endpoint region | 0 to 30 days (ZDR) | Not used for training | DPA or SCCs |
| Microsoft | Microsoft 365 | Productivity and collaboration | US tenant region | Admin set | Not used for training outside tenant | Microsoft DPA |
| Microsoft | Intune | UEM or MDM | US tenant region | Admin set | N/A | Microsoft DPA |
| Cloudflare | Edge security | DNS, CDN, WAF | Global edge | Service defaults | N/A | DPA and SCCs |
| HubSpot | CRM | Leads and forms | US tenant | Admin set | N/A | DPA and SCCs |
| Formspree | Forms relay | Web form submissions | US | Admin set | N/A | DPA |
| Monday.com | Project management | Tasks and users | US tenant | Admin set | N/A | DPA and SCCs |
| Azure | Cloud infrastructure | Internal systems | US regions | Admin set | N/A | DPA and SCCs |
| AWS | Cloud infrastructure | Internal systems | US regions | Admin set | N/A | DPA and SCCs |