A plain-language policy the HR team will actually read. It exists so the team can use Claude on Team with confidence — clear on what's fine, what isn't, and what an admin can see. This covers HR's own work in the HR team's Claude Team workspace. If HR also owns the company-wide AUP, the same handful of rules scale up. Replace the bracketed parts with [Company]'s details and review with your counsel before adopting.
This policy is short on purpose. These are the few lines you stay inside.
Claude on Team is approved for the HR team's everyday work: drafting policies and job descriptions, summarizing, comp and headcount analysis, research, light HRIS scripting. You don't need permission to use it well. You do need the handful of rules below, because the data HR handles is sensitive even when it isn't secret. This applies to everyone on the HR team using Claude for [Company] work — staff and contractors alike. (For how we sort that data, see the data-classification framework.)
Almost everything HR will use falls into one of these.
| Kind of data | Examples | Rule |
|---|---|---|
| Open | Job descriptions, policies, public information, your own drafts | Use freely in the HR team workspace |
| Sensitive | Pay, performance, reviews, employee personal data | Only in the HR team's Claude Team workspace, need-to-know |
The line is simple: if it identifies a person or would be awkward to leak, treat it as sensitive — and sensitive data only goes in the HR team's Team workspace, never a personal account.
These don't belong in any chat — company workspace or not.
Raw identifiers and secrets you don't need for the task — Social Security numbers, bank or account numbers, passwords, API keys, access tokens. Other people's confidential data — a vendor's, a partner's, a colleague's — unless it genuinely belongs in the work. Anything a contract or client forbids sharing with outside tools. Health-plan PHI, if [Company] has it — Team is not BAA-covered, so plan-side health data never goes in the HR team's Team workspace. It needs a separate, BAA-covered path (Enterprise or the API/Bedrock), which is a company / compliance / IT decision — not the HR team's call. Ask before using it.
Where you use Claude matters as much as what you put in.
Sensitive work goes in the HR team's Claude Team workspace — signed in with your [Company] account, not your personal Claude, not a free account, not another AI tool. The Team workspace is the one that doesn't train on our content by default and contractually, and that [Company] administers — central admin, SSO with domain capture, per-member usage limits, and org and user spend caps. If you're not sure you're in it, ask before you paste.
It's fast, and it can be wrong. You're accountable for the result either way.
Confirm facts, figures, and quotes before you send or act on them. Claude can produce a plausible wrong answer.
Never base a final hiring, pay, discipline, or termination decision on Claude's output alone — a human makes the call. Watch for bias, too: AI can reflect skew in its training or your prompt, and you're responsible for a fair result, not just a human-made one.
You're responsible for what you publish, send, or act on — the same as any work you put your name to. Work you create with Claude belongs to [Company], and you disclose AI assistance where a client or the law requires it.
Here's exactly what an admin can see — plainly, so you don't wonder.
[Company] administers the workspace. On Team, the Primary Owner runs central admin — managing seats, setting spend caps, and accessing workspace data through the controls Team provides. Assume an admin can see your work; "incognito" or temporary chats aren't a private channel from [Company]. This isn't about watching you — it's how any company system works. Treat your Claude Team workspace like any other company system, not a private notebook. (If [Company] ever moves the HR team onto Enterprise — a company / compliance / IT decision — admins gain finer-grained visibility, including full conversation export through the Compliance API; the same disclosure holds.)
Use Claude for real HR work. Keep sensitive data in the HR team's Team workspace and raw identifiers out of it entirely. Check the output before you rely on it, and let a person make decisions about people. Remember an admin can see it.
That's it. The rest is ordinary good judgment.
The Sprint adapts this policy to [Company], classifies your data, picks and costs the plan, and trains the team — so the rules land with the rollout, not after it.
This is my AI-for-HR practice — one of three I run, alongside Total Rewards and HR Systems. They’re separate practices; you can hire me for any one of them on its own.
Start a conversation →No cost to start.
Owner: [HR lead — the HR team's Team workspace admin] · Effective: [date] · Made a mistake or not sure? Tell [contact]. Early is always better than quiet.
AI for HR · Start here / 1 Data / 2 Plan / 3 Cost / 4 Rules
A template, not legal advice. Scoped to the HR team on Claude Team; if HR also owns [Company]'s company-wide AUP, the same handful of rules scale up. Adapt the bracketed items to [Company]'s plan and practices and review with your benefits and employment counsel before adopting. Admin-visibility specifics depend on your plan and configuration — confirm at support.claude.com. This is the fourth piece of the AI for HR series; the overview shows how the pieces fit.