Word + Excel + offline builder · for SMBs

Your team already uses AI. You just have nothing in writing about it.

Generate a complete internal AI policy — usage rules, a data-handling matrix, and an approved-tool register — tailored to your company size and industry. Editable Word and Excel, plus an offline builder. Ship it this afternoon; review with counsel before you adopt.

TL;DR

A governance kit for SMBs and founders: master AI policy (Word), employee one-pager, incident form, Excel tool register + data matrix, a 9-industry clause library, an implementation guide, and a run-it-yourself offline generator. Grounded in NIST AI RMF and ISO/IEC 42001.

instant download · editable · yours to keep

Templates, not legal advice. RedHub AI is not a law firm. These are customizable starting points; have qualified counsel review and adapt them before adoption, especially in regulated sectors or if you handle EU/UK/California personal data.

The exposure

Adopting AI without rules is a quiet liability.

Confidential customer data gets pasted into consumer chatbots. AI quietly influences decisions about people with no human check. Nobody agrees on which tools are okay or what data is off-limits. Most small companies have adopted AI and written nothing down — and the gap only matters after something goes wrong.

You don't need a 40-page enterprise framework. You need clear, usable rules your team will actually follow — and a register and data matrix that make the rules concrete.

Shadow AI

Staff use whatever's fastest on personal accounts — no approved-tool list, no record.

Data leakage

Contracts, customer lists, and source code pasted into tools with no data rules.

Ungoverned decisions

AI shaping hiring, lending, or customer outcomes with no required human review.

Try the builder

Tailor a policy — and see your gaps.

Pick your size, industry, and posture, then toggle the tools you use and the data you handle. The builder assembles a tailored draft and runs a readiness check that flags governance gaps before they become incidents.

Live builder · sample

Tailor a policy in 20 seconds

Readiness: NO GAPS DETECTED

Your selections don't raise a red flag. Generate, fill the brackets, and roll it out.

Tailored preview

[COMPANY NAME] — AI Acceptable Use Policy · General / professional services · balanced

Approved tools: Approved tools for anything Internal; Confidential allowed in enterprise tools with correct settings; Restricted prohibited unless explicitly approved.

Data handling: Public → ok everywhere · Internal → approved tools · Confidential → enterprise tools with approval · Restricted → prohibited unless explicitly approved.

Industry rule (General / professional services): Handle personal data in line with applicable privacy laws (GDPR for EU/UK residents, CCPA/CPRA for California) and any rules affecting your clients.

…plus principles, acceptable/prohibited uses, human-oversight, incident reporting, roles, and an acknowledgment page — the full text in the master Word document.

This preview is a taste — and it resets on reload.

The full kit gives you the complete, editable Word policy (20 sections + acknowledgment), the employee one-pager, an incident form, the Excel tool register + data matrix, a clause library for 9 industries, and an offline generator you can rerun anytime — no account, nothing uploaded.

Get the AI Policy Builder — $69

What's inside

A governance system, not a single template.

Six pieces that fit together — the policy, the tools your team uses to follow it, and a generator to tailor it all to your company.

AI Acceptable Use Policy (Word)

The master policy in 20 sections plus an acknowledgment page, with bracketed fields to fill in — scope, approved & prohibited tools and uses, data handling, disclosure, human oversight, incident reporting, and review cadence.

Employee AI Quick Guide (Word)

A one-page do's & don'ts your team will actually read and keep nearby — the policy distilled to a clear Always / Never list.

AI Incident Report Form (Word)

Report misuse or data exposure with a clear follow-up section so issues get logged and closed, not buried.

Tool Register + Data Matrix (Excel)

An approved-tool register, a data-handling matrix, and a new-tool request log with dropdowns — the operational layer your team uses day to day.

Clause library — 9 industries

Healthcare (HIPAA), finance (GLBA), legal, education (FERPA), ecommerce (PCI), recruiting/HR, real estate (fair housing), agency, and software — plus size and posture variants.

Offline generator + implementation guide

A single HTML file that tailors a draft to your company (nothing uploaded), and a one-week rollout plan to get it live and acknowledged.

How it works

Four steps to a policy that's live.

01

Tailor

Open the offline generator, pick size + industry + posture, toggle your tools and data, and generate a draft.

02

Fill the brackets

Add your company name, policy owner, dates, and contacts.

03

Set guardrails

Complete the approved-tool register and data matrix — the part your team uses daily.

04

Roll out

Share the one-pager, collect acknowledgments, set a review date. (Get counsel to review first if you're regulated.)

Grounded, not guessed

The policy's structure and principles align with the dominant responsible-AI references — the NIST AI Risk Management Framework (Govern, Map, Measure, Manage) and ISO/IEC 42001, the first AI management system standard — and the kit includes a dated, sourced note on the EU AI Act timeline, with primary sources cited so you can verify and go deeper.

Who it's for

Clear about the lane. No inflated promises.

Built for you if…

  • You run a small or mid-size business with no in-house legal team
  • You want a policy tailored to your size and industry, not a generic template
  • You need the operational layer too — an approved-tool register and data matrix
  • You're an agency or consultant setting up AI policies for clients

Not for you if…

  • You need formal legal advice for a specific situation — talk to a lawyer
  • You're a large enterprise needing a managed governance/GRC platform
  • You want a policy you can adopt verbatim with no review or edits

Common Questions

The questions operators actually ask before writing an AI policy.

No. These are professionally structured, customizable templates, not legal advice, and using them does not create an attorney-client relationship or guarantee compliance with any law. Laws and AI regulations change and vary by jurisdiction and industry. Have qualified counsel review and adapt the policy before adoption, especially in regulated sectors (healthcare, finance, legal, education) or if you handle personal data of EU, UK, or California residents. Every document says so plainly — holding that standard is the whole point of the kit.

Get the builder

Put your AI rules in writing today.

Instant download, fully editable, yours to reuse — a complete governance kit tailored to your company in an afternoon.

  • Master policy (Word) + one-pager + incident form
  • Excel approved-tool register + data-handling matrix
  • 9-industry clause library + offline generator
  • Templates, not legal advice — built for counsel review
$69

one-time

Secure checkout · instant access

← Browse all Quick Kits Need one deep policy doc? See the AI Usage Policy Kit