# Trust Center AI policy template

Last reviewed: 2026-05-21

AI Vendor Packet organizes review evidence and workflow support. This template is not legal advice.

## Who this is for

Teams publishing a careful AI-use page in a Trust Center or customer security portal.

## What this template is for

Use this template to write a calm public AI policy that tells customers what is used, what is not promised, and how vendor evidence is reviewed. Keep it specific enough to be useful and narrow enough to stay accurate.

## When to use it

- When customers repeatedly ask how your company uses AI vendors.
- Before adding AI policy language to a Trust Center.
- After changing model providers, AI features, or customer data categories.

## Trust Center policy sections

| Section | Draft text | Review note | Evidence |
| --- | --- | --- | --- |
| AI vendor scope | We use selected AI and SaaS vendors to support product features and internal operations. | Name production vendors separately from internal employee tools. | Vendor inventory and published vendor pages. |
| Customer data handling | Customer data sent to AI vendors is limited to the data needed for the approved workflow. | List major data categories or link to a maintained subprocessor record. | Data-flow note and DPA exhibit. |
| Model training | We review vendor-specific sources before making statements about model training. | Avoid broad claims unless every product path supports them. | AI data-use source links. |
| Vendor source review | We review material AI, DPA, subprocessor, retention, and security source changes at a documented cadence. | Use a cadence your team can actually operate. | Review packet or source review record. |
| Limit | This policy describes our review process and does not replace customer-specific contract terms. | Route final wording through legal or privacy review. | Approved policy owner note. |

## How to fill it out

- Publish only statements your team can source and review again.
- Separate public process language from customer-specific contract commitments.
- Add a last reviewed date and owner for every material section.

## Common mistakes

- Turning a public policy into a marketing page.
- Saying no customer data is used for training without product scope.
- Forgetting internal AI tools that receive customer support or sales data.

## Example Trust Center note

We use OpenAI API and Google Workspace Gemini in defined workflows. We review official vendor sources before updating AI data-use, retention, subprocessor, and security statements. Customer-specific terms control if they differ.

## Generate this automatically

Use the AI Vendor Packet scanner to generate this template from selected vendors, customer data categories, and customer-facing commitments.