Company AvePoint Generative AI Acceptable Use Policy

AvePoint Generative AI Acceptable Use Policy

Version1.2
Date of version:

03/31/2025

Owner:

Christopher Hodum

Approved by:

 

Yi Ning, VP of Information Technology

 

Dana Simberkoff, Chief Risk, Privacy, & Information Security Officer

 

Jay Kiley, Assistant General Counsel (Senior Director, Legal)

 

Classification level:

Confidential

Change History

DateVersionCreated byDescription of change
04/13/20231.0IT TeamInitial document version
05/03/20241.1Christopher HodumAnnual Review
3/31/20251.2Christopher HodumAnnual Review

Generative AI Acceptable Use Policy Purpose

Introduction, Purpose, and Scope

AvePoint, Inc. (“AvePoint,” the “Company,” “we,” “us,” or “our”) has implemented this Generative AI Policy (this “Policy”) to outline guidelines and best practices for the use of generative AI within our organization to ensure the protection of data privacy and confidentiality. All employees and contractors who utilize generative AI must adhere to this policy to ensure the legal, responsible, and ethical use of this technology. This policy applies to all employees and contractors who utilize Generative API within our organization. 2 The purpose of this policy is to provide guidance that limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively. Additionally, this policy provides direction to ensure that Federal regulations are followed, and legal authority is granted for the dissemination and use of encryption technologies outside of the United States.

This Policy is for AvePoint, Inc. internal reference and use only and it may not be shared with external partners, or other third parties, except that this Policy may be shared with external auditors and advisers upon prior written approval from the AvePoint’s Legal Department. Generative AI definition and examples are in Appendix A.

Policy

Data Privacy and Confidentiality

  1. Generative AI, on company devices, must only be used for business purposes, and not for personal use.
  2. All communication with Generative AI should be considered confidential and treated as such.
  3. Employees and contractors must not share any sensitive or confidential information with Generative AI, including but not limited to personal information, financial information, or trade secrets, company policies, any nonpublic information without prior approval of the legal department.
  4. Any data generated by Generative AI must be handled with the same level of confidentiality as any other company data.
  5. Privacy Policy and Terms of use of the Generative AI must be reviewed by legal before any service is used.
  6. There may be specific limitations of use of different Generative AI depending on data being entered.
  7. Use of Generative AI must be reviewed if personal data or nonpublic information is sent to the platform, this process is referred to as a Privacy Impact Assessment.
  8. If obtaining a professional account or Free account a Vendor Risk Assessment must be completed.

NOTE: Please refer to the Data Classification Policy, and/or reach out to AvePoint’s PSR Team (PSR@avepoint.com), should you have any questions as to whether information is considered sensitive or confidential, as well as for additional guidance. This should be done before any information is entered into Generative AI, out of an abundance of caution.

Access to Generative AI

  1. Access to Generative AI is limited to authorized employees and contractors only.
  2. Login credentials must be kept confidential and not shared with anyone else.
  3. Users must log out of Generative AI when not in use and must not allow anyone else to use their account.

Responsible Use of Generative AI

  1. Generative AI must be used in a responsible and ethical manner.
  2. Users must not engage in any behavior that may violate company policies, laws, or ethical standards while using Generative AI.
  3. Users must not engage in any behavior that may harm the reputation of the company or its clients while using Generative AI.
  4. Engineers must not load AvePoint code into Generative AI to Optimize.
  5. Engineers should consider if using code examples by Generative AI may limit protections of the source code.
  6. Before using Output, a trademark or copyright search should be performed by legal (note: US Copyright office will soon be releasing new guidance for generative AI. – See Appendix B – for Some recent legal complaints related to Generative AI.

Data Retention and Deletion

  1. Data generated by Generative AI must be retained for the minimum amount of time required by law or company policy.
  2. Once data is no longer required, it must be deleted as per our data retention and deletion policy.

Reporting

  1. Any suspected breach of data privacy or confidentiality must be reported immediately through the “See Something Say Something” portal.
  2. Any suspected breach of this policy may result in disciplinary action, up to and including termination of employment.

Policy Compliance

Failure to comply with this policy may result in disciplinary action, up to and including termination of employment. The company reserves the right to modify this policy at any time without notice.

Related Standards, Policies and Processes

AvePoint Data Classification Policy

AvePoint Data Handling Policy

AvePoint Privacy and Information Security Policy