Winterhill

AI, data and governance

Half your team is probably already using ChatGPT. Do you know what they are pasting in?

Customer lists, financials, contracts, source code, HR matters. AI tools are useful and staff are productive with them — but most small businesses have no position on what is allowed, where the data goes or who can see it afterwards.

What Winterhill helps with

  • A plain-English acceptable-use policy your team will actually read — not a 30-page legal document.
  • Approved tooling with proper data handling: Microsoft 365 Copilot, ChatGPT Team or Gemini for Workspace, instead of personal accounts that send your data into someone else’s training pipeline.
  • Tenant-level controls, conditional access and logging across the tools you choose to allow.
  • Short, honest staff briefings on what to paste, what to redact and where the line sits.
  • Lightweight monitoring so you know whether the policy is being followed or quietly ignored.
  • A practical position on AI in customer-facing work: what gets disclosed, what gets reviewed and what is off-limits.

Why this matters now

AI tools have moved from novelty to default in less than two years. Staff are productive with them — but every prompt to a personal ChatGPT account is a small data export, and most small businesses have not yet drawn the line between “great, use it” and “not with that.”

The fix is not to ban AI. It is to put approved, properly-licensed tools in front of staff so they have somewhere safe to use it, plus enough clarity about what is sensitive that they make sensible calls without having to ask every time.

Approved tooling

What good looks like for small teams.

The right platform depends on what you are already using. The shortlist below is what works well for small businesses without buying into something they will outgrow or never use.

Microsoft 365 Copilot

Best fit when the business is on Microsoft 365. Data stays inside the tenant, respects existing permissions, and is covered by the Microsoft commercial data protection terms.

Google Gemini for Workspace

Best fit when the business is on Google Workspace. Gemini integrates with Gmail, Docs and Drive while keeping data within the Workspace tenant.

Claude (Anthropic)

A favourite at Winterhill for writing, analysis and considered, careful output. Anthropic does not train on commercial customer data; Team and Enterprise tiers add SSO, admin controls and usage management.

ChatGPT Team or Enterprise

Best fit when staff already rely on ChatGPT and the business wants to keep that. Prompts are not used for training, with admin controls and usage logging.