See also AI Tools List and AI Tool Assessment Request.
IMPORTANT: Please refrain from using the AI tool until ITS identifies sensitivity levels and adds the tool to the AI Tools List.
I am considering [insert AI tool] for possible use in a university setting. Please help me better understand this tool by answering the following: 1. Briefly explain what tasks this tool is designed to support. 2. Provide examples of appropriate higher-education use cases.
3. Are there known examples of universities using this tool?
4. If so, what types of use cases are described publicly? Then help me learn more about the tool: • Does the tool train its models on user prompts, files, or conversations? • Does it retain prompts, files, or chat history? • Does the tool require an account or login? If yes, does it support Microsoft Entra ID for login? • Is user data stored in the United States and is the location clearly disclosed?
• Is user data encrypted in transit and at rest?
• Does the vendor follow recognized security control frameworks (SOC 2, ISO 27001, NIST-aligned)? • Does the tool share user data with third parties, subprocessors, or partners?
• Does the tool limit a user's ability to control who can access their data? • Are the vendor’s privacy policy and terms of service clear about data usage? • Is there a way to delete user data or request deletion?
If you are unsure about any answer, say that the information is unclear. Then suggest where I could verify it (such as the vendor’s website, privacy policy, or trust center).
Finally: • Summarize potential privacy, security, or compliance risks. • Suggest questions I should ask before seeking institutional approval for this tool. • Create a governance-ready summary as a Word document for review by IT or leadership.
