Ingenuiti AI Usage Policy
Scope
This policy establishes the guardrails for how Ingenuiti employees use Artificial Intelligence (AI) in their work. We adopt a risk-based approach to ensure our use of AI is valid, safe, secure, accountable, transparent, and fair.
This policy applies to:
- All employees, contractors, and vendors.
- All AI tools, whether developed internally or purchased (e.g., Gemini, Spark, or ElevenLabs).
Core Principles
We do not use AI blindly. Every AI tool we use must strive to meet these standards:
- Validity: The AI must actually solve the problem it claims to solve.
- Safety & Privacy: No AI tool should leak our data or our client’s data.
- Accountability: A human is always responsible for the AI’s output.
Approved & Prohibited Use
Approved Use Cases
We encourage the use of AI for the following low-risk tasks to improve efficiency:
- Neural Machine Translation, to be followed by a professional linguist who edits the draft.
- Drafting marketing, training, or other content, provided it is reviewed by a human.
- Generating Speech and/or Video, presuming the output is reviewed for content/linguistic accuracy.
- Summarizing internal meeting notes, provided it is reviewed by a human.
- Generating coding boilerplate, provided it is security-scanned and tested for usability before release.
Prohibited Use Cases
To manage high risks, the following uses are strictly prohibited:
- Do not use Public Models: Only use approved AI Models, see below for more information. Proprietary and client information may not be used in any model that trains based on submitted data, which is done in all free models.
- No Sensitive PII: Do not submit sensitive Personally Identifiable Information into AI, such as Government IDs, Biometric data, financial information, etc.
Avoid submitting full names to models where possible. - No Automated Decision Making: AI will not be the final decision-maker for Hiring, Promotions, or Firing. It can be used to provide a high-level analytical summary, to aid in the decision by the management team.
- Specified clients have contractual requirements that prevent their data, documents, or information from being added to any AI Model. To view a list of these clients, click here.
AI Output Review and Responsibility
We require human verification to mitigate risk.
- AI as a First Draft: All output generated by an AI tool must be considered a first draft or preliminary data only.
- Mandatory Review: The responsible employee must fully and critically review, verify, and approve the AI output before it is used for any of the following purposes:
- Sending to a client or external partner.
- Making a critical business decision (e.g., financial, strategic, operational).
- Making it publicly available for marketing, sales, or any other external communication.
If you use an AI tool to complete a task, you are responsible for the output, not the AI. “The AI made a mistake” is not an acceptable excuse.
Authorized AI Tools and Approval Process
Authorized Use: Ingenuiti employees are only authorized to use the AI tools listed in here.
New Tool Requests: If an employee identifies a potential business need for a new AI tool not currently on the approved list, they must submit a formal request via the IT Service Desk ticketing system for review and approval before use. The request must include:
- What is your expected use case?
- What data will you feed it?
- Does the vendor use our data to train their models? (Review their Terms of Service).
- What happens if the AI gives the wrong answer? (Risk Assessment).
Transparency & Disclosure
Internal: If you use AI to generate a significant portion of your work product, you must disclose this to your manager.
External: When interacting with clients via AI (e.g., chatbots), we will clearly disclose that they are speaking with an AI, not a human.
Incident Reporting
If you suspect an AI tool has leaked data, report it immediately to the IT Service Desk ticketing system pursuant to our Incident Management Procedure.