The message arrived at 9:14 on a Wednesday morning. Two sentences. “We bought ChatGPT Team last week. Are we safe now?”
The owner sending it runs a service company with fifty-two employees, real client records, real contracts, real money moving through real accounts. Wants to move on AI. Bought the safer paid version. Now the CFO is asking whether the sales team can start pasting customer emails into it. The owner does not know how to answer.
That is the shape of the question every operator is holding right now.
The plain answer is: safer than a pile of personal ChatGPT accounts under employees’ Gmail addresses, maybe. Governed, no. The paid account gives the owner walls, keys, and visibility. It does not write the rule for what the team can carry into the room.
Here’s the thing. A paid AI account is a control surface. It is not a policy. And most AI governance in $1M-$20M companies fails at exactly that seam. The CEO buys a safer room and never writes the house rules.
The rooms I have been sitting in
I have spent the last three months in rooms full of CEOs asking practical AI questions. Not curious questions. Practical ones. What are our people allowed to paste? Which tool is the approved one? Who owns the account if the employee leaves? What happens when the wrong customer detail ends up in a prompt?
That is a shift. A year ago the same rooms were asking whether AI was interesting. Now they are asking what their team is allowed to do with it on Monday. Inspiration created motion. Motion is now waiting on rules.
Right? The market has already moved past “is AI real.” It is stuck on “what are we allowed to do with it.” And the trap most owners are stepping into is treating a paid account purchase as the answer to that whole question.
The habit: buying the safer tool and skipping the house rules
This piece is not anti-paid-tool. Buy the paid account. Please. It matters. Company-controlled logins, admin visibility, no training on your data, less risk that a departing employee walks off holding a personal account with your customers inside it. Those are real wins.
The habit I want to name is different. It is the moment a CEO signs the ChatGPT Team invoice, tells the leadership team “we’re safe now,” and skips the part where somebody has to decide which company data belongs in the room and which does not.
The paid account can lock the room. It cannot tell the team:
- Whether a customer’s full email thread is safe to paste in.
- Whether employee performance notes can be summarized.
- Whether a proposal draft with pricing can be pasted into a chat window at all.
- Whether medical, insurance, or legal client details ever go near a model.
- Whether the sales rep’s personal Claude account counts as an approved workflow.
Those are five separate decisions. None of them get made by upgrading a subscription. All of them have to be made by the owner or someone the owner names to hold the pen.
The gap is not knowledge. Most owners could sit down for twenty minutes and write a workable first rule for their company. The gap is that nobody scheduled the twenty minutes. So the paid account gets bought, the anxiety gets a temporary answer, and the team keeps deciding case-by-case in the moment.
Case-by-case with company data is not a policy. It is a coin flip with a receipt.
The governance card
The reason this feels harder than it is: most owners have been told AI governance requires a policy document. Twelve pages. Legal review. Board resolution. That is a full-year project pretending to be a first move.
The first move is a card. Five lines. Half a page.
| Line | Question |
|---|---|
| Data | What kind of information is this? |
| Tool | Which AI tools are approved for this kind of work? |
| Account | Whose account owns the work and the access? |
| Workflow | What jobs is this tool allowed to help with? |
| Owner | Who answers when the rule is unclear or something breaks? |
Data, tool, account, workflow, owner. If one line is blank, you do not have a policy yet. You have an intention.
The card is the beginning of what our Professional Recipe calls Guardrails, the third of the seven ingredients, and the one AI governance most often skips. Guardrails are not decoration on a finished system. They are the part of the recipe that tells the station what not to touch, what not to say, what not to send. The other ingredient this piece leans on is Context, ingredient two, the situation-specific details of the individual job. What kind of information are we handling right now? Context tells the station what belongs in this order. Guardrails tell the station what to refuse.
Notice what is not on the card. There is no legal language. No security architecture diagram. No audit schedule. No compliance framework. Those are useful eventually. They are not the first rule. The first rule is the sentence a CEO can explain to their team Monday morning without a lawyer on the call.
“For customer email replies, the approved tool is ChatGPT Team, on our company account, only after we remove names and account numbers. Marta owns the rule.”
That is a policy. Five lines. Fits on an index card. Your team can operate against it tomorrow.
The three-color data rule
The governance card decides what the room is for. The three-color rule decides what walks through the door.
Pick one workflow. Customer email replies, proposal drafting, meeting summaries, SOP cleanup. Any workflow you touch every week that involves customer or company information. Then write three lines.
Green. Safe to use in approved AI tools with no additional handling.
- Public marketing copy and website language.
- Generic templates and blank SOP structures.
- Job descriptions written for public postings.
- A fake example built from scratch.
Yellow. Allowed only after names, private details, pricing, or client records are removed first.
- A customer email summarized after the name, address, and account number are stripped.
- A proposal draft cleaned of pricing and client identifiers.
- Employee notes turned into a generic pattern without private details.
- Internal SOPs that describe process but not credentials or customer records.
Red. Does not go into AI unless the owner has approved the exact tool, the exact account, the exact workflow, and named the reason.
- Client records.
- Employee files.
- Passwords, keys, credentials, tokens.
- Proprietary pricing, contract terms, private margins.
- Medical, insurance, legal, or financial client details.
- Anything you would not want forwarded to the wrong inbox.
That last line is the whole test in plain language. If you would not want it in the wrong inbox, it is not green. Not compliance training. Not a security workshop. One question the team can ask itself before pasting.
Yeah. That is the ingredient the paid account never had. The paid room does not know the difference between your public rate card and your private contract pricing. Your team does. You need them to hold the line.
The Open Door Problem
Skip the Guardrail and you land in the exact failure mode we named for this in Quality Control: The Open Door Problem. The station accepts every ingredient that lands on the counter because nobody told it what was forbidden. The customer sent the raw email? Onto the counter. The rep pasted the whole proposal with pricing? Onto the counter. The office manager needed a quick summary of the medical file? Onto the counter.
The AI does not have a taste for what belongs in the recipe and what does not. It has whatever your team is willing to hand it. That is not a model problem. That is a room problem. The Open Door Problem does not get solved by upgrading the model, changing vendors, or buying another seat. It gets solved by writing the rule at the door.
The Monday Move
Before you approve another AI tool this month, write a three-color data rule for one workflow. Customer email replies is a good default. Pick the workflow you touch most often that involves customer or company information.
Draft the three lines. Green, yellow, red. Ten to fifteen examples in each. Aim for language your team can pattern-match against without reading a policy manual.
Then name the owner of the rule. One person. Not a committee. Not “leadership will decide.” One name next to the card. That is the person your team goes to when the situation is not on the list.
Then stop. Do not try to write the policy for the whole company in one sitting. One workflow, one data rule, one owner. That is the first move. The second workflow gets its own rule next month. Which will be easier because your team already knows how the pattern works.
Does that make sense? The point is not to draft the perfect handbook. The point is to prove the paid account is not doing the job you think it is doing. The paid account can lock the room. You still have to decide what the team can carry through the door.
So.
Buy the paid account. Then write the rule.
If you cannot describe your first data rule out loud in one minute to somebody on your team, the paid account is doing less than you think. Not because ChatGPT Team is failing. Because the tool was never the policy.
The paid account can lock the room. The owner still has to decide what the team can carry through the door.
Data, tool, account, workflow, owner. One card. One workflow. One owner. Monday morning.
Original framework. Distilled from client work.
Framework spine: The Professional Recipe, ingredients 2 (Context) and 3 (Guardrails), with Quality Control’s Open Door Problem as the failure mode this piece is preventing. Read the Professional Recipe.
~ source material · Original framework. Distilled from client work.
