Your team is already pasting data into ChatGPT and Claude. This free self-assessment scores your AI data-exposure and compliance risk in two minutes — and shows you exactly where you're exposed.
What kinds of data do people at your company enter into AI tools? · select all
Select all that staff have pasted, uploaded, or typed into any AI assistant.
Which AI tools are in use across your team? · select all
Are these business/enterprise accounts or personal accounts?
Do you have signed enterprise terms or a DPA with your AI vendors?
A Data Processing Agreement governs how the vendor may handle your data.
Have you disabled model training / set zero data retention where available?
How is access to AI tools controlled?
Do you have any DLP or monitoring for data entered into AI tools?
e.g. a browser-level guardrail, CASB, or endpoint DLP that inspects AI prompts.
Do you have a written AI usage policy?
Have employees been trained on safe AI use?
Is there a designated owner or committee for AI risk?
What industry are you in?
Where do you operate or hold data from? · select all
0/12 answered · answer at least 6
What we assess
Five dimensions of AI data exposure.
🗂️
Data sensitivity
What kinds of regulated or proprietary data are entering AI tools — the core of your exposure.
🛂
Tool sanctioning
Enterprise accounts with controls vs. shadow AI on personal, free accounts.
📜
Vendor terms
DPAs, enterprise terms, and whether model training and retention are switched off.
🔐
Access controls
SSO, allowlists, and whether any DLP inspects what staff send to AI.
🏛️
Governance
A written policy, employee training, and a designated owner for AI risk.
⚖️
Compliance mapping
Your gaps mapped to the EU AI Act, GDPR, HIPAA, and CCPA — with a remediation plan.