Which AI tools are safe for work? Every tool below gets a tier verdict — Approved, Limited, or Prohibited — plus the facts a compliance or IT lead actually needs: does it train on your data, what does it retain, what can an admin control, and what certifications it can show.
Verdicts are our generic recommendation for a 50–500 person company that handles client or regulated data, based on publicly documented vendor terms as of July 2026. Click any tool for the full breakdown — including HIPAA/BAA status and healthcare, financial-services, and legal risk notes.
| Tool | Tier verdict | Trains on your data? | Certifications |
|---|---|---|---|
| ChatGPT (free) OpenAI · General assistant |
Limited | Depends on plan | — |
| ChatGPT Plus OpenAI · General assistant |
Limited | Depends on plan | — |
| ChatGPT Enterprise OpenAI · General assistant |
Approved | No | SOC 2 Type 2 |
| Claude (claude.ai free) Anthropic · General assistant |
Limited | Depends on plan | — |
| Claude for Work / API Anthropic · General assistant |
Approved | No | SOC 2 Type 2 |
| Microsoft Copilot for M365 Microsoft · Productivity suite AI |
Approved | No | Inherits Microsoft 365 compliance portfolio (SOC 1/2/3, ISO 27001, and others per Microsoft’s Trust Center) |
| GitHub Copilot GitHub (Microsoft) · Code assistant |
Limited | Depends on plan | GitHub publishes SOC reports and ISO certifications for its platform |
| Google Gemini (personal) Google · General assistant |
Prohibited | Yes | — |
| Google Gemini for Workspace Google · Productivity suite AI |
Approved | No | Inherits Google Workspace compliance portfolio (ISO 27001, SOC 2/3, and others per Google’s compliance documentation) |
| Grammarly (free) Grammarly · Writing assistant |
Limited | Depends on plan | — |
| Grammarly Business Grammarly · Writing assistant |
Approved | No | SOC 2 Type 2 + |
| Otter.ai Otter.ai · Meeting transcription |
Limited | Depends on plan | SOC 2 Type 2 |
| Notion AI Notion · Workspace AI |
Approved | No | SOC 2 Type 2 + |
| Midjourney Midjourney · Image generation |
Limited | Yes | — |
| DALL·E (OpenAI Images) OpenAI · Image generation |
Limited | Depends on plan | Follows the certifications of the OpenAI plan used (see ChatGPT Enterprise) |
| Perplexity Perplexity AI · AI search |
Limited | Depends on plan | SOC 2 Type 2 advertised for Enterprise Pro |
| Canva AI / Magic Write Canva · Design & content |
Limited | Depends on plan | SOC 2 Type 2 + |
| HubSpot AI (Breeze) HubSpot · CRM / marketing AI |
Approved | No | SOC 2 Type 2 + |
| Salesforce Einstein Salesforce · CRM / platform AI |
Approved | No | Inherits Salesforce’s compliance portfolio (SOC 1/2/3, ISO 27001, and others per Salesforce’s compliance documentation) |
| DeepSeek DeepSeek (Hangzhou) · General assistant |
Prohibited | Yes | — |
| Meta AI Meta · General assistant |
Prohibited | Yes | — |
| Zoom AI Companion Zoom · Meeting AI |
Limited | No | SOC 2 Type 2 + |
| Slack AI Slack (Salesforce) · Workspace AI |
Approved | No | Inherits Slack/Salesforce compliance portfolio (SOC 2, ISO 27001, and others per Slack’s security documentation) |
| Adobe Firefly Adobe · Image generation |
Approved | No | SOC 2 + |
| Fireflies.ai Fireflies.ai · Meeting transcription |
Limited | Depends on plan | SOC 2 Type 2 |
This is the generic list. A hospital, a hedge fund, and a marketing agency should not classify these tools identically. The $79 policy kit produces a tier list tailored to your industry, size, and data — plus the acceptable use policy, acknowledgment form, and manager FAQ that make it enforceable.
And this page is a snapshot. Vendor data policies change quietly. The $149/mo Monitor plan re-checks the landscape monthly, alerts you when a tool’s data policy changes, and regenerates your kit — so your tier list is never a year out of date.
We never list a certification we can’t find in the vendor’s published documentation — where something isn’t publicly documented, the tool page says exactly that.
Already have an AI policy? See how many of these tools it actually covers: run the free policy gap check →. Not sure where your company stands overall? Take the 2-minute exposure scorer →.
A 4-document AI policy kit — acceptable use policy, tool tier list, acknowledgment form, manager FAQ — that classifies all of these tools for your company, industry, and data. Generated in about 10 minutes.
Generate my policy kit →We re-check vendor terms monthly, alert you when any tool’s data policy changes, and regenerate your kit so it never goes stale. This directory is a snapshot — Monitor is the live feed.
See Monitor plan →