Your team already uses AI. You just have nothing in writing about it.
Generate a complete internal AI policy — usage rules, a data-handling matrix, and an approved-tool register — tailored to your company size and industry. Editable Word and Excel, plus an offline builder. Ship it this afternoon; review with counsel before you adopt.
TL;DR
A governance kit for SMBs and founders: master AI policy (Word), employee one-pager, incident form, Excel tool register + data matrix, a 9-industry clause library, an implementation guide, and a run-it-yourself offline generator. Grounded in NIST AI RMF and ISO/IEC 42001.
instant download · editable · yours to keep
Templates, not legal advice. RedHub AI is not a law firm. These are customizable starting points; have qualified counsel review and adapt them before adoption, especially in regulated sectors or if you handle EU/UK/California personal data.
The exposure
Adopting AI without rules is a quiet liability.
Confidential customer data gets pasted into consumer chatbots. AI quietly influences decisions about people with no human check. Nobody agrees on which tools are okay or what data is off-limits. Most small companies have adopted AI and written nothing down — and the gap only matters after something goes wrong.
You don't need a 40-page enterprise framework. You need clear, usable rules your team will actually follow — and a register and data matrix that make the rules concrete.
Staff use whatever's fastest on personal accounts — no approved-tool list, no record.
Contracts, customer lists, and source code pasted into tools with no data rules.
AI shaping hiring, lending, or customer outcomes with no required human review.
Try the builder
Tailor a policy — and see your gaps.
Pick your size, industry, and posture, then toggle the tools you use and the data you handle. The builder assembles a tailored draft and runs a readiness check that flags governance gaps before they become incidents.
Live builder · sample
Tailor a policy in 20 seconds
Readiness: NO GAPS DETECTED
Your selections don't raise a red flag. Generate, fill the brackets, and roll it out.
Tailored preview
[COMPANY NAME] — AI Acceptable Use Policy · General / professional services · balanced
Approved tools: Approved tools for anything Internal; Confidential allowed in enterprise tools with correct settings; Restricted prohibited unless explicitly approved.
Data handling: Public → ok everywhere · Internal → approved tools · Confidential → enterprise tools with approval · Restricted → prohibited unless explicitly approved.
Industry rule (General / professional services): Handle personal data in line with applicable privacy laws (GDPR for EU/UK residents, CCPA/CPRA for California) and any rules affecting your clients.
…plus principles, acceptable/prohibited uses, human-oversight, incident reporting, roles, and an acknowledgment page — the full text in the master Word document.
This preview is a taste — and it resets on reload.
The full kit gives you the complete, editable Word policy (20 sections + acknowledgment), the employee one-pager, an incident form, the Excel tool register + data matrix, a clause library for 9 industries, and an offline generator you can rerun anytime — no account, nothing uploaded.
Get the AI Policy Builder — $69What's inside
A governance system, not a single template.
Six pieces that fit together — the policy, the tools your team uses to follow it, and a generator to tailor it all to your company.
AI Acceptable Use Policy (Word)
The master policy in 20 sections plus an acknowledgment page, with bracketed fields to fill in — scope, approved & prohibited tools and uses, data handling, disclosure, human oversight, incident reporting, and review cadence.
Employee AI Quick Guide (Word)
A one-page do's & don'ts your team will actually read and keep nearby — the policy distilled to a clear Always / Never list.
AI Incident Report Form (Word)
Report misuse or data exposure with a clear follow-up section so issues get logged and closed, not buried.
Tool Register + Data Matrix (Excel)
An approved-tool register, a data-handling matrix, and a new-tool request log with dropdowns — the operational layer your team uses day to day.
Clause library — 9 industries
Healthcare (HIPAA), finance (GLBA), legal, education (FERPA), ecommerce (PCI), recruiting/HR, real estate (fair housing), agency, and software — plus size and posture variants.
Offline generator + implementation guide
A single HTML file that tailors a draft to your company (nothing uploaded), and a one-week rollout plan to get it live and acknowledged.
How it works
Four steps to a policy that's live.
Tailor
Open the offline generator, pick size + industry + posture, toggle your tools and data, and generate a draft.
Fill the brackets
Add your company name, policy owner, dates, and contacts.
Set guardrails
Complete the approved-tool register and data matrix — the part your team uses daily.
Roll out
Share the one-pager, collect acknowledgments, set a review date. (Get counsel to review first if you're regulated.)
Grounded, not guessed
The policy's structure and principles align with the dominant responsible-AI references — the NIST AI Risk Management Framework (Govern, Map, Measure, Manage) and ISO/IEC 42001, the first AI management system standard — and the kit includes a dated, sourced note on the EU AI Act timeline, with primary sources cited so you can verify and go deeper.
Who it's for
Clear about the lane. No inflated promises.
Built for you if…
- You run a small or mid-size business with no in-house legal team
- You want a policy tailored to your size and industry, not a generic template
- You need the operational layer too — an approved-tool register and data matrix
- You're an agency or consultant setting up AI policies for clients
Not for you if…
- You need formal legal advice for a specific situation — talk to a lawyer
- You're a large enterprise needing a managed governance/GRC platform
- You want a policy you can adopt verbatim with no review or edits
Common Questions
The questions operators actually ask before writing an AI policy.
No. These are professionally structured, customizable templates, not legal advice, and using them does not create an attorney-client relationship or guarantee compliance with any law. Laws and AI regulations change and vary by jurisdiction and industry. Have qualified counsel review and adapt the policy before adoption, especially in regulated sectors (healthcare, finance, legal, education) or if you handle personal data of EU, UK, or California residents. Every document says so plainly — holding that standard is the whole point of the kit.
A complete governance kit you can use today: an editable Word AI Acceptable Use Policy (20 sections plus an acknowledgment page), a one-page employee 'AI do's and don'ts' guide, an AI incident report form, an Excel workbook with an approved-tool register, a data-handling matrix, and a new-tool request log, a clause library covering nine industries, a one-week implementation guide, and an offline HTML generator that tailors a draft to your company. Instant download, yours to keep.
The offline generator and the clause library adjust the policy by company size (solo/micro, small, mid), risk posture (conservative, balanced, enablement-forward), and industry. Industry blocks add the right rules for healthcare (HIPAA), finance (GLBA/fair-lending), legal (privilege), education (FERPA), ecommerce (PCI), recruiting/HR, real estate (fair housing), agencies, and software.
No. The documents open in Microsoft Word and Excel (or Google Docs/Sheets and other compatible apps). The generator is a single HTML file you double-click to open in any browser; it runs entirely offline and uploads nothing.
Yes. The structure and principles align with the NIST AI Risk Management Framework (Govern, Map, Measure, Manage) and ISO/IEC 42001, the first AI management system standard, and the kit includes a dated, sourced note on the EU AI Act timeline. We cite primary sources so you can verify and go deeper. (AI regulation moves fast — re-confirm the EU AI Act dates at adoption.)
Pick by the job. The AI Governance & Acceptable Use Kit ($39) is a handful of short, lightweight templates across governance topics — a breadth starter. The AI Usage Policy Kit ($129) goes deepest on one authoritative document: a 20-section Acceptable Use Policy plus four supporting appendices in a single Word file, built to fill in and send to counsel. This Builder ($69) is the tailoring engine and the operational layer around the policy: an offline generator that fits a draft to your size and industry, a 9-industry clause library, plus the Excel approved-tool register and data-handling matrix your team actually uses day to day, an incident form, and the employee one-pager. Want one comprehensive policy doc? Get the Kit. Want to generate a tailored policy and run it operationally? Get the Builder.
The included implementation guide walks you through it in about a week at an SMB pace: name an owner and inventory your AI tools, tailor the policy, complete the register and data matrix, get sign-off (and counsel review if you're regulated), then share the one-pager and collect acknowledgments.
Founders, operators, and small or mid-sized teams that have adopted AI tools but have nothing in writing governing them. It's also a strong leave-behind for consultants and agencies setting up clients responsibly in an afternoon instead of a quarter.
Get the builder
Put your AI rules in writing today.
Instant download, fully editable, yours to reuse — a complete governance kit tailored to your company in an afternoon.
- Master policy (Word) + one-pager + incident form
- Excel approved-tool register + data-handling matrix
- 9-industry clause library + offline generator
- Templates, not legal advice — built for counsel review
← Browse all Quick Kits Need one deep policy doc? See the AI Usage Policy Kit