Run: Acceptable Use of AI Policy

This policy establishes the rules for using AI tools in a way that protects company information, supports accurate and fair work products, and reduces legal, operational, and reputational risk.

This policy applies to all employees, contractors, interns, temporary workers, and other personnel who use company systems or company data, or who use AI tools for work-related purposes. It applies to use on company devices, personal devices used for work, and any AI tool used to create, edit, summarize, translate, analyze, or generate work-related content.

Employees may use AI tools only for legitimate business purposes and only when the tool has been approved by the company or the employee has received written authorization from the appropriate manager, IT, legal, or compliance contact. Permitted uses may include: - Drafting internal documents, outlines, and first-pass communications - Summarizing non-confidential materials - Brainstorming ideas and improving grammar or readability - Assisting with coding, data analysis, or translation when reviewed by a qualified person Employees must not represent AI-generated content as human-authored work without review, and they remain responsible for the accuracy, legality, and appropriateness of any output they submit, send, or rely on.

Employees must not enter confidential information, personal data, customer data, employee data, trade secrets, source code, security details, credentials, or other restricted information into any AI tool unless the tool has been expressly approved for that data category and the use has been authorized. Before using an AI tool, employees must: - Confirm whether the tool stores prompts, trains on inputs, or shares data with third parties - Use the minimum necessary information - Remove names, account numbers, identifiers, and other sensitive details when possible - Follow all company privacy, records retention, and data security requirements If a prompt or output may contain personal data, employees must handle it in accordance with applicable privacy laws such as GDPR, CCPA/CPRA, and any internal data-handling procedures.

All AI-generated output must be reviewed by a human before it is used externally, relied on for business decisions, or incorporated into final work products. Employees must verify that the output is: - Factually accurate and current - Complete and contextually appropriate - Free from hallucinations, fabricated citations, or unsupported claims - Consistent with company standards, brand requirements, and legal obligations Additional review is required for content involving employment decisions, customer communications, legal or financial analysis, safety matters, or any other high-impact use. Employees must escalate uncertain or risky outputs to a manager, legal, HR, compliance, or IT contact as appropriate.

Employees must not use AI tools in a way that creates or reinforces unlawful bias or discrimination. This includes decisions or recommendations affecting hiring, promotion, discipline, compensation, scheduling, accommodations, or other employment actions. When using AI for work-related analysis, employees must: - Check for biased, stereotyped, or exclusionary language - Avoid prompts or outputs that rely on protected characteristics unless legally required and reviewed for compliance - Use judgment to ensure outputs do not disadvantage individuals based on race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, disability, genetic information, or other protected status Any suspected bias, discriminatory output, or adverse impact must be reported promptly.

The following uses are prohibited unless expressly approved in writing by the company: - Entering confidential or regulated data into an unapproved AI tool - Using AI to make final employment decisions without meaningful human review - Generating or submitting false, misleading, plagiarized, or deceptive content - Using AI to bypass security controls, authentication, or access restrictions - Creating harassing, discriminatory, threatening, defamatory, or unlawful content - Uploading third-party content in violation of copyright, license, or contractual restrictions - Using AI outputs as legal, medical, tax, or financial advice without qualified review

**Employees / Policy Holders**: Use only approved tools, protect confidential information, review outputs carefully, and report concerns. **Managers**: Ensure team members understand the policy and escalate questionable use cases. **HR / Legal / Compliance**: Review high-risk employment, privacy, or discrimination-related uses and investigate reported issues. **IT / Security**: Maintain the approved tool list, access controls, and security review process. **Policy Holder**: Each employee is responsible for complying with this policy and for any AI-assisted work they submit or approve.

Violations of this policy may result in access restrictions, retraining, documented warning, removal of AI tool privileges, a performance improvement plan (PIP), or other disciplinary action up to and including termination, consistent with applicable law and company policy. Nothing in this policy is intended to interfere with protected concerted activity under NLRA Section 7, wage and hour rights under the FLSA, reasonable accommodation rights under the ADA, or other legally protected rights.

**California employees:** Follow applicable California privacy requirements, including the CCPA/CPRA, when personal information is involved. **New York employees:** Any reporting or retaliation concerns must be handled consistently with applicable whistleblower protections, including New York Labor Law Section 740 where applicable. **All U.S. employees:** Employment-related uses of AI must be reviewed for compliance with EEOC guidance, Title VII, the ADA interactive process, and FLSA classification and overtime requirements. Where local law provides greater protection than this policy, the local law controls.

This policy will be reviewed at least annually and updated as needed to reflect changes in technology, business practices, and applicable law. The company may revise approved tools, data restrictions, review requirements, or disciplinary procedures at any time.