Assess
Assess Overview AI Readiness Sprint Comprehensive Discovery Sprint Portco Value-Creation Diagnostic
Enable
Enable Overview Executive Briefing Deal Team Intensive Guided Launch Reinforcement: Make It Stick Partner & IC Review Associate Class Onboarding Credit-Team Intensive Portfolio Company Cohorts
Build
All Build Capabilities
Foundation
Secure Platform Rollout Data Foundation AI Operating System Custom Build
PE & Allocators
Market & Deal Radar AI Deal Screener Deal Execution Copilot Portfolio Nerve Center Investor Reporting Engine Public Markets Engine Thematic Research Autopilot AI Diligence
Private Credit
Borrower Intelligence Covenant Tracking Portfolio Risk Monitoring Credit-Memo Automation
Portfolio Companies
Finance Back-Office Roll-Up Standardization Contract Intelligence QBR & Flash Reports Post-Merger Integration Sales-Call Coaching Board Pack
Sustain
AI Operating Partner Retainer Tiers & Pricing Portfolio-Wide Program
Govern
Govern Overview Adviser & SEC Governance Portco Secure Adoption
Research
Screening Report ($5,000) Public Markets Monitoring Benchmark: 4 AI Tools vs. One Company
Resources
Blog White Papers Guides
Tools
AI Readiness Diagnostic ROI Calculator AI Use Case Finder AI Model Evals All Tools
About
Founder Our Approach The Full Methodology
Contact
Govern · Portfolio Companies

Let the Company Use AI Without Betting the Company

A secure AI adoption policy for the operating companies a GP owns: an acceptable-use policy, shadow-AI discovery, data-handling rules, safe use of tools like Claude and Claude Cowork, and the sector rules that apply (healthcare HIPAA, and the rest). Scoped to company size, and a GP can roll it across the portfolio. This is the portfolio-company lane, distinct from the adviser and SEC governance the fund needs (that is AI Governance).

A secure AI adoption policy starts from a fact most GPs already suspect: the people at your portfolio companies are using AI right now, with or without permission. Pasting contracts into a chatbot. Summarizing customer tickets. Writing code with an assistant nobody approved.

Banning it does not work; they just hide it. The job is to make the safe path the easy path: clear rules about what data goes where, which tools are approved, and what is off-limits. Most of the value is preventing one bad day, the customer database pasted into a free tool, the regulated record sent somewhere it should never go.

By Dr. Leigh Coney, Founder of WorkWise Solutions

Shadow AI
Already In Your Portfolio Companies
One Policy
The Document Everyone Signs
Scoped
To Company Size, Portfolio-Wide Available
Honest
What Is Safe, Not What Sounds Safe
What's Included

Five Things the Company Walks Away With

Written for the people who actually use the tools, not a binder for the shelf. Short enough that staff read it, specific enough that it answers the real questions.

Scoped to company size. A GP can sponsor it across the portfolio for one consistent standard. The fastest way to find where AI also helps the business, not just where it is a risk, is the Portfolio Company Value-Creation Diagnostic ($8,500).

Ongoing upkeep across the portfolio runs through the AI Operating Partner retainer.

Acceptable-Use Policy

The one document everyone signs. Which tools are approved, what they can be used for, and the lines nobody crosses. Plain language, not legalese.

Shadow-AI Discovery

A short audit of what people are already using, the personal accounts, the browser extensions, the AI features inside SaaS the company pays for. You cannot govern what you have not found.

Data-Handling Rules

What is safe to put into an AI tool and what is not, by data type: customer records, contracts, source code, financials. The rules tied to the tools the company actually uses.

Safe Use of Claude and Claude Cowork

How to use the tools the team has chosen without overestimating their privacy. What an Enterprise or Team plan does and does not protect, written so staff understand the difference.

Sector Rules Where They Apply

HIPAA for healthcare, and the equivalents in finance, legal, or any business handling sensitive customer data. We add the rules your company's sector requires rather than a generic template.

The Honest Part

"Nothing Is Ever Stored" Is the Wrong Promise

A lot of AI policies fail because they sell a comfort that is not true. Staff are told the enterprise tool is private, so they paste in anything, because someone implied nothing is ever stored. Then a security reviewer or a regulator asks a precise question, and the comfort falls apart.

A policy that teaches people the real boundaries beats one that promises safety it cannot deliver. People follow rules they understand. They route around rules built on a fiction.

What we actually teach

  • On Enterprise and Team plans, your inputs are not used to train public models. That part is true and worth knowing.
  • But standard chat retention still applies. Data is stored under the provider's retention settings, not gone when you close the tab.
  • True zero-data-retention is a narrow, approval-gated setting for API and developer setups, not the consumer apps or standard chat most teams use day to day.
  • So the rule is simple: decide what is safe to put in based on what is actually stored, not on a slogan.
Which Lane Is This

The Portfolio-Company Lane, Not the Adviser Lane

Governance splits in two because two different entities are exposed. This page is one of them.

This Page · The Operating Company

Secure AI Adoption

For the businesses a GP owns. The risk is staff and data: shadow AI, what goes into which tool, sector rules. Scoped per company, sponsorable across the portfolio.

The Other Lane · The Adviser

Adviser & SEC Governance

For the fund itself. The risk is the regulator and the LP: AI use policy, supervision, Reg S-P, disclosures, DDQ answers, a mock exam. From $9,500.

Not sure which you need, or need both? The Govern door lays out both lanes side by side.

Frequently Asked Questions

Secure AI Adoption FAQ

What is shadow AI?

Staff using AI tools the company never approved: personal ChatGPT or Claude accounts, browser extensions, and AI features baked into SaaS apps people already pay for. It is already happening in most portfolio companies. The real exposure is data: people pasting customer records, contracts, or source code into tools with no rules about what is allowed.

Is our data safe in tools like Claude?

Honest answer: on Enterprise and Team plans, your inputs are not used to train public models. But standard chat retention still applies. Data is stored under the provider's retention settings, not erased the moment you close the tab. True zero-data-retention is a narrow, approval-gated setting for API and developer setups, not the consumer apps or standard chat most teams use. The policy's job is to teach people what is and is not safe to put in, not to promise that nothing is ever stored.

Do we still need this if our fund already has an AI policy?

Yes. The fund's policy governs the adviser: supervision, Reg S-P, disclosures. A portfolio company is a different entity with its own data, its own staff, and often its own regulators. Secure adoption is the operating-company lane, distinct from the adviser and SEC governance the fund needs. Different entity, different risk, different document.

What about healthcare or other regulated sectors?

The policy adds the sector rules that apply: HIPAA for healthcare, and the equivalents in finance, legal, or any business handling sensitive customer data. The acceptable-use rules change by sector, so we scope them to the company rather than handing over a generic template.

Let the Company Use AI Safely

A 30-minute call to scope it to your company, or your whole portfolio, and find the shadow AI already in use.

Book a Call

Where It Connects

Govern

The Govern Door

Both governance lanes side by side: adviser and SEC for the fund, secure adoption for the portfolio.
Assess

Portfolio Company Value-Creation Diagnostic

Where AI moves the number at a portco, not just where it is a risk. $8,500, credits forward.
Enable

Portfolio Company Cohorts

Train the staff once the rules are set, so safe use becomes the habit, not the exception.
Sustain

AI Operating Partner Retainer

Keep each company's policy current across the portfolio as tools and rules change.
What You Get