📅 Book free call
Mindiam · AI Policy Template · mindiam.com
Home/Resources/AI Policy Template
RESOURCE · FOR ANY AU BUSINESS

The 1-page AI policy template

Five decisions, in plain English. Works for any Australian business - a cafe, an accounting firm, a 200-person team. Keeps you onside with Australia's privacy, consumer and AI rules. Done in a 30-minute chat.

By Ben Rogers · Mindiam · ~5 min read

An AI policy doesn't need 14 pages

It needs one.

Five decisions. A 30-minute chat. Signed the same day.

This is the floor - the least any Australian business should have written down, whether you're five people or five hundred. Healthcare, finance and government add more on top. Everyone starts here.

Keeps you onside with: Australia's AI guidance Privacy law Consumer law

Why a small business needs this

Three plain reasons:

  • The risk is already running. Someone on your team pasted something into ChatGPT this week. If that was customer data, the privacy obligation is yours now - not later when you "do AI properly".
  • It's the cheapest protection you can buy. One page, half an hour, no lawyer. Set that against the cost of one data slip you have to report, or a complaint about something AI wrote to a customer.
  • People are starting to ask for it. Tender forms and insurers now ask "do you have a written AI policy?". One page is a yes. Nothing is a no.

the five decisions

1
Allowed tools
Which AI tools the team may use
2
Off limits
Three lines nobody crosses
3
Customer info
One sentence on what is OK
4
Who checks
The role that signs off AI work

1. Allowed tools

List the AI tools your team may use for work, and which paid plan. Aim for about three. More than six and nobody can keep track.

Be specific - "ChatGPT Team plan", not "ChatGPT" on its own. Add any tool built into software you already use, and note for each one whether customer information can go near it.

The reason to bother: free versions often use what you type to improve their AI; paid plans do not, but confirm yours. Check the tool's current terms - don't guess.

2. Off limits

Three short rules anyone can check themselves against. These fit almost any Australian business:

  • No customer personal details into a public AI tool - including free versions and any that keep your chat history.
  • No money, legal or medical content goes out without a person checking it.
  • No AI-written content pretending a person wrote it where a customer would care - reviews, testimonials, expert opinions.

Privacy law covers the first two. Consumer law covers the third: if AI writes something misleading to a customer, that's on you, the same as if you wrote it. Spelling it out lets staff ask "can we do this?" instead of guessing.

3. Customer info

One sentence. Pick the one that fits you:

  • Tight: "No customer information goes into any AI tool, ever." Best if you hold sensitive data.
  • Allowed, with a guard: "Customer information goes through one named tool and nowhere else, set up so it's not used to train the AI and they delete it if you cancel."

If you allow it, name who double-checks and how often: "checked every three months by [role]". AI tools change their terms - that check is all that stands between your policy and a breach you have to report.

4. Who checks

Name a role, not a person - office manager, head of operations, whatever fits.

They don't read everything. They sign off what matters: anything regulated, anything that makes a real claim about your business, anything going to a customer for the first time.

This is the part an auditor or a big client looks for first: a named person responsible for what the AI sends out. It's also what Australia's AI guidance asks for.

5. Review date

Two short lines on the page:

  • Reviewed: [date]. Next review: [in six months].
  • Version: 1.0. Owner: [role]. Signed: [name + role].

A policy with no review date is dead the day a tool changes its terms. Six months is often enough to catch changes without becoming a chore.

What this one page doesn't cover

It's the floor on purpose. You may need to add:

  • Industry rules - finance, healthcare or professional-body requirements. One extra page, at most.
  • If something goes wrong - what a staff member does if they put customer data somewhere they should not have. Three lines: stop, tell [role], write down what happened.
  • Adding a new tool - one sentence: "a new AI tool needs [role]'s sign-off after a two-week trial; the checklist is the AI Tool Buyer's Checklist."
The version that ships on a Friday and gets reviewed in six months beats the one still stuck in legal a year later.
Mindiam editorial
Built around Australia's Voluntary AI Safety Standard

The 30-minute version

Get three people in a room: whoever signs contracts, plus two people who use AI day to day.

Take the worksheet below. Fill in each of the five as you talk. Sign it at the end. Done.

Want a second set of eyes? Our AI Strategy service runs this with you, and our AI Automations service sets up the allowed tools properly once you sign the policy. How we work: our editorial standards.

Fill this out · keep it on file

Our 1-page AI policy

Business: ____________________________ Date: ____________ Owner (role): ____________________

1. Allowed tools
Which AI tools the team may use for work, and which paid plan. Aim for about three.
2. Off limits
Three rules anyone can check: no customer details into public AI; money/legal/medical gets a person to check it; no AI content pretending a person wrote it.
3. Customer info
One sentence. Either “none into any AI tool”, or “through a single named tool, set up so it's not used to train the AI”.
4. Who checks
A role, not a person. Signs off anything regulated, any real claim about the business, anything new going to customers.
5. Review date
Reviewed [date]. Next review [in six months]. Version 1.0. Signed [name + role].
Filled it out?
We'll pressure-test it free.
Send us your draft on a 15-minute call. We'll check the five fields against your industry's exposure - retail, professional services, healthcare, trades - and flag the gaps before a regulator does. No deposit, no pitch.
Book a call