AI usage policy template for small businesses

By Chrysti Reichert, independent AI trainer in Central Florida • Published

Your AI policy should fit on one page. Not a 40-page manifesto nobody reads. A traffic light: what's allowed, what needs a yes from a manager, and what's flat-out banned.

Here's what actually happens without one. Someone on your team pastes a client contract into a free AI tool to "summarize it real quick." Someone else drops in customer records. Nobody meant any harm. They just never got told where the line is.

So draw the line. Copy the template below, fill in the blanks, and you have a working policy this afternoon. The honest part: writing the policy is the easy 20%. Getting your team to actually follow it is the other 80%, and that's a training problem, not a document problem.

The one-page template (copy this)

Fill in the bracketed parts. Keep it short on purpose. A policy people can read in two minutes is a policy people actually follow.

[Company name] AI usage policy

1. Why we use AI. We use AI tools to work faster and think better, for example drafting, research, summarizing, and customer support. AI assists the work. A person stays responsible for it.

2. Approved tools. Use these: [ChatGPT Team, Microsoft Copilot, Claude, your tools here]. Do not use random free AI tools for work data unless they are approved.

3. Always allowed. Drafting, brainstorming, summarizing public or internal non-sensitive material, learning, and rewriting your own writing.

4. Needs a manager's approval first. Anything customer-facing that ships without review, anything that touches regulated work (legal, finance, medical), and using a new tool not on the approved list.

5. Banned. Pasting customer or patient data, contracts or NDA-covered material, passwords, financial account details, proprietary code, or unreleased plans into any public AI tool. Presenting AI output as fact without checking it. Using AI to make a final decision about a person (hiring, firing, credit).

6. The data rule. If you would not email it to a stranger, do not paste it into a public AI tool.

7. When AI is wrong. Assume it can be confidently wrong. Check anything that informs a decision. The person who used it owns the result. Questions go to [name].

Want this as an editable doc, customized to your tools and industry? I'll build it with you on a call.

Why one page beats a binder

The federal guidance backs the short version. The NIST AI Risk Management Framework is about governing real risks, mapping where AI is used, and keeping a human in the loop. The Small Business Administration tells small businesses to weigh AI's benefits against its risks and be clear about how it's used. The FTC has been warning companies not to make AI claims they can't back up. None of that requires a giant document. It requires a clear one.

A long policy fails the moment it's longer than people's patience. A one-pager that names the three or four things that would actually hurt you, the client data, the contracts, the unchecked output, does more than a binder nobody opens.

The part the template can't do for you

Here's the honest thing. A policy on a shared drive changes nothing by itself. People follow the rule when they understand why it's there and what good use looks like. That's the training, and it's most of what I do. I help teams write the policy and then practice the judgment behind it: when to trust AI, when to check it, and what never goes in the box.

If you want the policy and the habit that makes it real, that's a workshop. If you just want the template above, take it. It's yours, no email required.

Questions teams ask before booking

What should a small business AI usage policy include?

Keep it to one page with six parts: why you use AI, which tools are approved, what is always allowed, what needs a manager's approval, what is banned, and a rule for what company data may never be pasted into a public AI tool. A short traffic-light policy beats a long governance binder no one reads.

Do small businesses really need an AI policy?

Yes, if anyone on your team uses AI, which is almost everyone now. Without a policy, people quietly paste customer data, contracts, and source code into free tools. A one-page policy prevents the expensive mistakes without slowing anyone down.

What should never be pasted into a public AI tool?

Customer or patient data, anything covered by a contract or NDA, passwords and credentials, financial account details, proprietary code, and unreleased plans. If you would not email it to a stranger, do not paste it into a free AI tool.

Who can help me set up an AI usage policy?

AI Evolution helps small and mid-size teams write a practical AI usage policy and train people to follow it, as part of hands-on AI workshops. The policy is the easy part; getting the team to actually use it is the training. Central Florida and remote.

Keep reading

How to catch AI mistakes and hallucinations
AI training for non-technical teams
AI risk and governance
See team workshops

Want the policy and the habit that makes it stick?

I'll help you customize this to your tools and industry, then train your team to actually follow it. Independent, flat-fee, no upsell.

Book a free discovery call See team workshops