AI Policy & Privacy Checklist Skill
Turn AI app ideas, workflows, data flows, user permissions, uploads, prompts, automations, and product features into privacy-aware checklists, safety reviews, policy drafts, disclosure notes, and risk-reduction actions.
AI Policy & Privacy Checklist Skill is a free, reviewed AI skill for safety, privacy & compliance. Turn AI app ideas, workflows, data flows, user permissions, uploads, prompts, automations, and product features into privacy-aware checklists, safety reviews, policy drafts, disclosure notes, and risk-reduction actions. It works with ChatGPT, Claude, Gemini and is ready to use out of the box.
- • The skill does not provide legal advice, privacy certification, security certification, compliance certification, GDPR guarantees, HIPAA guarantees, SOC 2 claims, ISO claims, or regulatory approval.
- • It cannot verify legal obligations, vendor terms, storage behavior, retention rules, security controls, user consent, or compliance status without confirmed information.
- • Generated policy text, disclosures, and safety checklists should be reviewed by the responsible legal, privacy, security, or compliance expert when accuracy matters.
About this skill
AI Policy & Privacy Checklist helps founders, product builders, AI app creators, no-code builders, developers, agencies, admins, educators, and teams review AI products, agents, automations, and internal workflows for privacy and safety risks before launch. It transforms rough product notes, user flows, data handling descriptions, upload workflows, admin actions, and agent behavior into practical safety checklists, privacy questions, data minimization notes, disclosure drafts, permission checks, moderation rules, risk ratings, mitigation steps, and launch review items. It is built to be genuinely useful without overstepping into legal or compliance certification: it never claims GDPR, HIPAA, SOC 2, or other regulatory compliance, and it consistently marks missing information as unknown rather than inventing policies, retention periods, or security controls. This makes it a practical first pass for responsible AI product development, while clearly pointing to legal, privacy, security, or compliance experts for anything regulated or high-stakes.
What it does
This skill reviews AI app ideas, features, agents, and workflows described by the user and produces a structured privacy and safety review covering data collected, storage and access notes, permission risks, AI output risks, sensitive data risks, risk ratings, mitigation actions, open questions, and whether expert review is needed, using placeholders and clarifying questions wherever information is missing rather than inventing details or claiming compliance.
What is included
- SKILL.md — concise runtime instructions for the AI assistant
- workflow.md — step-by-step workflow for reviewing AI privacy and safety before launch
- ai-privacy-risk-framework.md — framework for data categories, data flows, AI output risks, permission risks, sensitive use cases, risk levels, and mitigations
- policy-and-disclosure-guide.md — guide for AI disclosures, privacy notice questions, consent prompts, internal AI policies, public product disclosures, and policy drafting safety
- safety-review-checklist.md — checklist for data minimization, transparency, user control, permissions, AI output safety, prompt and agent safety, storage, retention, vendors, and launch readiness
- output-templates.md — reusable formats for AI privacy reviews, launch checklists, product questions, disclosure drafts, internal policies, agent reviews, developer fix prompts, and missing information requests
- examples.md — realistic input and output examples for AI privacy, policy, and safety reviews
How to use it
1. Download the ZIP file for this skill 2. Extract the files to a folder on your computer 3. Open your AI assistant, coding assistant, product planning tool, documentation tool, project management tool, or design tool 4. Upload or paste the skill files if supported 5. Share the AI feature, user roles, data collected, uploads, generated outputs, AI provider, storage behavior, admin permissions, sharing behavior, deletion behavior, and target users 6. Redact passwords, API keys, private tokens, personal data, medical data, financial data, customer records, logs, screenshots, prompts, datasets, and confidential information before sharing 7. Ask the assistant to apply the AI Policy & Privacy Checklist Skill
Examples
I am building an AI app where users upload documents and ask questions about them. The AI answers based on the uploaded files. Admins may review flagged content. I need a privacy and safety checklist before launch. I do not know the final storage or retention rules yet.
AI privacy review summary: The feature has meaningful privacy considerations because users upload documents that may contain personal, confidential, or sensitive information. Storage and retention rules are not provided, so the launch checklist should treat them as open questions. Key risks: Users may upload passwords, API keys, private customer data, medical data, or financial data. The AI may generate inaccurate answers from uploaded documents. Admins may access flagged content, so admin visibility should be clearly defined. Retention behavior is not provided. Recommended mitigations: Add an upload warning telling users not to upload secrets or sensitive personal data. Define whether files are stored, for how long, and who can access them. Add a note that AI answers may be incomplete or inaccurate. Require human review before using outputs for important decisions. Limit admin access to authorized team members only. Create a deletion or removal process if relevant. Launch readiness: Needs privacy wording, storage clarification, retention clarification, and permission review before launch.
Known limitations
- The skill does not provide legal advice, privacy certification, security certification, compliance certification, GDPR guarantees, HIPAA guarantees, SOC 2 claims, ISO claims, or regulatory approval. - It cannot verify legal obligations, vendor terms, storage behavior, retention rules, security controls, user consent, or compliance status without confirmed information. - Generated policy text, disclosures, and safety checklists should be reviewed by the responsible legal, privacy, security, or compliance expert when accuracy matters. - The skill should not be used to process or expose passwords, API keys, private tokens, medical records, financial records, government IDs, customer data, confidential logs, or sensitive personal data. - AI-assisted privacy and safety review does not replace formal security testing, legal review, compliance audit, penetration testing, or data protection assessment.
