AI governance framework — relevant to all tool categories
Before you can govern AI use in your organization, you need to know what your staff are actually using. Based on our work with Maine organizations, here's a practical rundown of the most common workplace AI tools and what you should know about each.
ChatGPT (OpenAI)
What it is: A conversational AI that can draft writing, answer questions, summarize content, and generate ideas. Comes in a free version and paid ChatGPT Plus ($20/month).
What to know: The free version uses your conversations for training by default. This matters — if a staff member pastes a client's financial details to ask for help analyzing them, that data could theoretically surface in other users' conversations. Paid ChatGPT Plus has a toggle to disable training, but it's off by default.
Bottom line: Fine for generic writing tasks. Not fine for anything with client data, financials, or HR information.
Microsoft 365 Copilot
What it is: AI built directly into Word, Excel, Outlook, PowerPoint, and Teams. Requires a paid license on top of Microsoft 365 ($30/user/month).
What to know: This is the safest enterprise AI option because Microsoft contractually commits not to use your data for training. It operates within your organization's Microsoft tenant and respects your existing security permissions. If your staff member asks Copilot to summarize emails, it only sees emails they already have access to.
Bottom line: The enterprise-ready option. Worth the cost if you want AI use without the data privacy headaches.
Grammarly
What it is: Writing assistant that checks grammar, suggests edits, and now generates content with its own AI features. Free tier and paid Business tier.
What to know: The free version sends your writing to Grammarly's servers for analysis. The Business tier has stronger data protections and agrees not to use your content for training. Most Maine professional services firms we work with should be on Business.
Bottom line: Useful, but everything typed with Grammarly enabled is sent to Grammarly. Check your license tier.
Canva AI (Magic Studio)
What it is: AI features inside Canva — image generation, background removal, text-to-design, writing assistance. Available on Canva Pro and Teams ($15-30/month).
What to know: Canva is generally good about data practices — they don't use your designs for AI training by default. The main risk is copyright: AI-generated images occasionally incorporate elements from copyrighted source material. Don't use AI-generated Canva images for commercial printing without checking.
Bottom line: Low-risk for most use cases. Watch out for commercial image usage.
Google Gemini (and Google Workspace AI)
What it is: Google's AI assistant, now embedded into Gmail, Docs, Sheets, and the standalone Gemini app.
What to know: Similar to Microsoft — the enterprise Workspace version has strong data protections and contractual commitments. The free consumer Gemini does use your conversations for improvement. If your organization is on Google Workspace Business Standard or above, you're probably fine.
Bottom line: The enterprise Workspace version is safe. The free consumer app is not appropriate for work data.
Otter.ai and Meeting Transcription Tools
What it is: AI that joins your Zoom or Teams meetings and produces transcripts and summaries.
What to know: These tools record and process meeting audio — which may include confidential information, client discussions, or protected topics. Many states (including Maine) have two-party consent laws for recording. If your staff are running these on client calls without disclosure, you may have a legal problem.
Bottom line: Check consent and disclosure rules. Update your meeting etiquette to announce when AI transcription is active.
Claude (Anthropic)
What it is: A conversational AI similar to ChatGPT, built by Anthropic with a focus on helpfulness and safety. Available in free and paid tiers.
What to know: Claude has relatively strong privacy practices — Anthropic does not use consumer conversations for training by default. For organizations, Anthropic offers Claude for Work with additional protections.
Bottom line: A solid alternative to ChatGPT with slightly better default privacy practices. Still requires judgment about what data goes in.
How to Use This
Your first step as an organization: survey your staff anonymously to find out which of these are in use. Then decide which ones fit your risk tolerance and which ones need licensing changes or usage restrictions.
We help organizations work through exactly this evaluation. Our AI Process Audit includes a tools inventory and risk mapping. Or book a free discovery call to discuss your specific situation.