Free directory Updated July 2026 · 25 tools

AI Tool Risk Directory

Which AI tools are safe for work? Every tool below gets a tier verdict — Approved, Limited, or Prohibited — plus the facts a compliance or IT lead actually needs: does it train on your data, what does it retain, what can an admin control, and what certifications it can show.

Verdicts are our generic recommendation for a 50–500 person company that handles client or regulated data, based on publicly documented vendor terms as of July 2026. Click any tool for the full breakdown — including HIPAA/BAA status and healthcare, financial-services, and legal risk notes.

Approved (10) Limited (12) Prohibited (3)
ToolTier verdictTrains on your data?Certifications
ChatGPT (free)
OpenAI · General assistant
Limited Depends on plan
ChatGPT Plus
OpenAI · General assistant
Limited Depends on plan
ChatGPT Enterprise
OpenAI · General assistant
Approved No SOC 2 Type 2
Claude (claude.ai free)
Anthropic · General assistant
Limited Depends on plan
Claude for Work / API
Anthropic · General assistant
Approved No SOC 2 Type 2
Microsoft Copilot for M365
Microsoft · Productivity suite AI
Approved No Inherits Microsoft 365 compliance portfolio (SOC 1/2/3, ISO 27001, and others per Microsoft’s Trust Center)
GitHub Copilot
GitHub (Microsoft) · Code assistant
Limited Depends on plan GitHub publishes SOC reports and ISO certifications for its platform
Google Gemini (personal)
Google · General assistant
Prohibited Yes
Google Gemini for Workspace
Google · Productivity suite AI
Approved No Inherits Google Workspace compliance portfolio (ISO 27001, SOC 2/3, and others per Google’s compliance documentation)
Grammarly (free)
Grammarly · Writing assistant
Limited Depends on plan
Grammarly Business
Grammarly · Writing assistant
Approved No SOC 2 Type 2 +
Otter.ai
Otter.ai · Meeting transcription
Limited Depends on plan SOC 2 Type 2
Notion AI
Notion · Workspace AI
Approved No SOC 2 Type 2 +
Midjourney
Midjourney · Image generation
Limited Yes
DALL·E (OpenAI Images)
OpenAI · Image generation
Limited Depends on plan Follows the certifications of the OpenAI plan used (see ChatGPT Enterprise)
Perplexity
Perplexity AI · AI search
Limited Depends on plan SOC 2 Type 2 advertised for Enterprise Pro
Canva AI / Magic Write
Canva · Design & content
Limited Depends on plan SOC 2 Type 2 +
HubSpot AI (Breeze)
HubSpot · CRM / marketing AI
Approved No SOC 2 Type 2 +
Salesforce Einstein
Salesforce · CRM / platform AI
Approved No Inherits Salesforce’s compliance portfolio (SOC 1/2/3, ISO 27001, and others per Salesforce’s compliance documentation)
DeepSeek
DeepSeek (Hangzhou) · General assistant
Prohibited Yes
Meta AI
Meta · General assistant
Prohibited Yes
Zoom AI Companion
Zoom · Meeting AI
Limited No SOC 2 Type 2 +
Slack AI
Slack (Salesforce) · Workspace AI
Approved No Inherits Slack/Salesforce compliance portfolio (SOC 2, ISO 27001, and others per Slack’s security documentation)
Adobe Firefly
Adobe · Image generation
Approved No SOC 2 +
Fireflies.ai
Fireflies.ai · Meeting transcription
Limited Depends on plan SOC 2 Type 2

This is the generic list. A hospital, a hedge fund, and a marketing agency should not classify these tools identically. The $79 policy kit produces a tier list tailored to your industry, size, and data — plus the acceptable use policy, acknowledgment form, and manager FAQ that make it enforceable.

And this page is a snapshot. Vendor data policies change quietly. The $149/mo Monitor plan re-checks the landscape monthly, alerts you when a tool’s data policy changes, and regenerates your kit — so your tier list is never a year out of date.

How we classify tools

We never list a certification we can’t find in the vendor’s published documentation — where something isn’t publicly documented, the tool page says exactly that.

Already have an AI policy? See how many of these tools it actually covers: run the free policy gap check →. Not sure where your company stands overall? Take the 2-minute exposure scorer →.

Get the full policy kit

$79 one-time

A 4-document AI policy kit — acceptable use policy, tool tier list, acknowledgment form, manager FAQ — that classifies all of these tools for your company, industry, and data. Generated in about 10 minutes.

Generate my policy kit →

Keep it current with Monitor

$149/mo

We re-check vendor terms monthly, alert you when any tool’s data policy changes, and regenerate your kit so it never goes stale. This directory is a snapshot — Monitor is the live feed.

See Monitor plan →