Personal AI Usage Policy
Version: 1.1-public Author: Paul Matlock Effective Date: 2026-05-09
Purpose
This policy governs my personal use of AI tools. It exists to protect client data and my own operational security while enabling effective AI use across my work. Publishing it is an act of transparency — if I expect accountability from systems and organizations I work with, I should hold myself to the same standard.
Framework: The 4Ds
All AI use is evaluated against four questions:
| D | Question |
|---|---|
| Delegation | Is this task appropriate to delegate to AI? What is lost by doing so? |
| Description | Is my prompt precise? Have I provided the right context without oversharing? |
| Discernment | Am I evaluating the output critically, or accepting it uncritically? |
| Diligence | Have I verified accuracy, especially for factual claims, code, and security-relevant output? |
AI amplifies my capabilities. It does not replace judgment or professional responsibility.
Data Classification
I apply a four-tier classification to everything before deciding which AI tools, if any, are appropriate:
| Tier | Label | Examples | Permitted Tools |
|---|---|---|---|
| 1 | Public | Blog posts, published reports, matlock.ca content | Any |
| 2 | Personal-Internal | Personal notes, study material, home lab configs | Cloud AI OK |
| 3 | Confidential | Client engagement data, sensitive findings | Local AI only |
| 4 | Restricted | Employer data, regulated data, credentials, PII | No AI tools |
The rule is simple: if it belongs to someone else or could harm them if exposed, it doesn't go into an AI tool.
Hard Prohibitions
These apply regardless of tool, context, or convenience:
- No client or employer data in cloud-based AI
- No plaintext credentials in any AI tool
- No authentication material (passwords, keys, tokens)
- No third-party PII without consent
- No active exploitation via AI — I run all active tools; AI preps and analyzes only
- No AI-generated content presented as factual without independent verification
AI Disclosure
I disclose AI involvement proactively, even for drafts. This means:
- Deliverables I share with others note AI assistance
- Content published here on matlock.ca is subject to the same standard
- The disclosure doesn't mean lower quality — it's an accurate account of my process
Tools I Use
| Tool | Role | Data Ceiling |
|---|---|---|
| Claude (Anthropic) | Primary reasoning and writing | Tier 2 |
| Groq | Fast iteration, report augmentation | Tier 2 |
| Ollama (local) | Confidential-tier work, no data egress | Tier 3 |
| GitHub Copilot | Code suggestions | Tier 2 |
Local execution (Ollama) exists specifically for work that shouldn't leave my machine. Cloud tools are used only for Tier 1–2 data.
Review Cadence
This policy is reviewed when my toolset changes significantly, when relevant governance frameworks update, or annually — whichever comes first.
v1.1-public — redacted for publication. Internal version maintained separately.