Build your policy matrix
Design a real policy: for each combination of AI tool and data type, choose a policy action. Click cells to cycle through actions.
| Data Type \ AI Tool | ChatGPT | GitHub Copilot | Claude | Gemini (Shadow) |
|---|
Allow
Prevent
Redact
Detect
Block
Ask
Recommended baseline
Click "Show Recommended" to see a best-practice policy and compare with yours.
Loading...
Loading...
Think Deeper
Try this:
Your policy blocks PII in ChatGPT but allows it in Claude. A user asks why. What's your answer?
Different AI services have different data retention policies. Claude (with a business plan) offers zero-retention by default. ChatGPT's data practices differ by tier. Policy should reflect the actual risk of each service, not apply blanket rules. This is why per-app, per-data-type policies are necessary.
Cybersecurity tie-in: Policy design is the bridge between technology and governance.
A CISO doesn't need to understand embeddings — they need a clear matrix showing which data types
are protected, which tools are governed, and what action is taken in each case.