Business · Policy

A simple AI use policy for small business

A one-page policy any small business can adopt, approved tools, clear data rules, and who reviews what.

Jack Stephens, Founder & Principal Advisor

By Jack Stephens, Founder & Principal Advisor

Updated 6 min read

The short version. A workable small-business AI policy fits on one page and answers five questions:

  1. Which tools and accounts are approved?
  2. What may and may not be shared with AI?
  3. Which tasks need human review before use?
  4. Who do I ask when I'm unsure?
  5. Who's responsible for the result? (The person using it.)

The one-page template

Adapt this to your business:

  • Approved tools: [your chosen assistant], on a business-tier account. Don't use personal AI accounts for company work.
  • Keep out of AI: passwords, financial account numbers, customer and employee personal data, confidential contracts. (See what never to share with AI.)
  • Always human-reviewed: anything sent to customers, anything involving money, legal or HR, and any external publication.
  • When unsure: ask [owner / manager] before pasting it in.
  • Accountability: you're responsible for checking AI output before you use it.

How to roll it out

Share it in one short meeting, post it where people work, and revisit it as your use grows. Pair it with hands-on training, see how to train your team, and the full method in our business AI guide.

Frequently asked questions

What should a small business AI use policy include?

Approved tools and accounts, what may and may not be shared with AI, which tasks require human review before use, who to ask when unsure, and a note that staff are responsible for what they submit. One page is enough to start.

Do I really need an AI policy for a small business?

Yes. Without one, employees quietly use personal AI accounts and may paste in confidential data. A simple, one-page policy prevents the most common and costly mistakes.

How long should an AI use policy be?

One page. A short, readable policy people actually follow beats a long document nobody reads. You can expand it later as your use grows.

What should employees never put into AI?

Passwords, full financial account numbers, customer or employee personal data, and confidential legal or contract details, unless a properly configured business account is in place.

Based on policies we write for real small-business engagements; data-handling guidance from the FTC.

Want this written for your business?

A basic AI-use policy is part of every Business AI Foundation. Start with a free fit call.

See business implementation Book a free fit call