IndexableTrust CenterLast reviewed 2026-05-21

Trust Center AI policy template

Use this template to write a calm public AI policy that tells customers what is used, what is not promised, and how vendor evidence is reviewed. Keep it specific enough to be useful and narrow enough to stay accurate.

Download Markdown Download CSV Generate this automatically

Who it is for

Teams publishing a careful AI-use page in a Trust Center or customer security portal.

Template

Trust Center policy sections with 5 starter rows.

Download formats

Markdown for docs, CSV for spreadsheet review.

When to use it

When customers repeatedly ask how your company uses AI vendors.
Before adding AI policy language to a Trust Center.
After changing model providers, AI features, or customer data categories.

How to fill it out

Publish only statements your team can source and review again.
Separate public process language from customer-specific contract commitments.
Add a last reviewed date and owner for every material section.

Trust Center policy sections

Use these rows as a starting point, then replace the example language with your vendor, source, customer data, and owner details.

4 columns

Section: AI vendor scope
Draft text: We use selected AI and SaaS vendors to support product features and internal operations.
Review note: Name production vendors separately from internal employee tools.
Evidence: Vendor inventory and published vendor pages.

Section: Customer data handling
Draft text: Customer data sent to AI vendors is limited to the data needed for the approved workflow.
Review note: List major data categories or link to a maintained subprocessor record.
Evidence: Data-flow note and DPA exhibit.

Section: Model training
Draft text: We review vendor-specific sources before making statements about model training.
Review note: Avoid broad claims unless every product path supports them.
Evidence: AI data-use source links.

Section: Vendor source review
Draft text: We review material AI, DPA, subprocessor, retention, and security source changes at a documented cadence.
Review note: Use a cadence your team can actually operate.
Evidence: Review packet or source review record.

Section: Limit
Draft text: This policy describes our review process and does not replace customer-specific contract terms.
Review note: Route final wording through legal or privacy review.
Evidence: Approved policy owner note.

Section	Draft text	Review note	Evidence
AI vendor scope	We use selected AI and SaaS vendors to support product features and internal operations.	Name production vendors separately from internal employee tools.	Vendor inventory and published vendor pages.
Customer data handling	Customer data sent to AI vendors is limited to the data needed for the approved workflow.	List major data categories or link to a maintained subprocessor record.	Data-flow note and DPA exhibit.
Model training	We review vendor-specific sources before making statements about model training.	Avoid broad claims unless every product path supports them.	AI data-use source links.
Vendor source review	We review material AI, DPA, subprocessor, retention, and security source changes at a documented cadence.	Use a cadence your team can actually operate.	Review packet or source review record.
Limit	This policy describes our review process and does not replace customer-specific contract terms.	Route final wording through legal or privacy review.	Approved policy owner note.

Common mistakes

Turning a public policy into a marketing page.
Saying no customer data is used for training without product scope.
Forgetting internal AI tools that receive customer support or sales data.

Example Trust Center note

We use OpenAI API and Google Workspace Gemini in defined workflows. We review official vendor sources before updating AI data-use, retention, subprocessor, and security statements. Customer-specific terms control if they differ.

AI Vendor Packet organizes review packet evidence and review workflow support. This template is not legal advice.

Related vendor pages

Use these vendor pages to fill in vendor-specific rows before sharing the template with customers or auditors.

OpenAIReview OpenAI API, DPA, privacy, subprocessors, retention, and model training sources for SaaS customer commitments.Google Workspace / GeminiReview Google Workspace / Gemini privacy, terms, DPA, security, and data-use sources for SaaS customer commitments.SlackReview Slack privacy, terms, DPA, security, and data-use sources for SaaS customer commitments.IntercomReview Intercom privacy, terms, DPA, security, and data-use sources for SaaS customer commitments.

Related templates

These templates pair well when the review leads to a customer-facing update, evidence packet, or internal decision.

Customer data not used for training clause checklistUse this checklist before saying customer data is not used for model training. The answer must match the vendor, product, plan, settings, and any feedback or fine-tuning flow.AI vendor monitoring evidence packet templateUse this packet to show what sources were reviewed, what changed, and which customer commitments need follow-up. It is built for a short review meeting, not a long risk committee packet.

Turn this template into a review packet.

Select your vendors, customer commitments, and data categories. AI Vendor Packet turns official-source checks into a review packet your team can keep as evidence.

Generate Trust Center evidence View all templates