AI Usage Policy for The Typing Works Limited

Artificial Intelligence (AI) Use Policy

The Typing Works Limited
Reviewed: February 2026

1. Purpose and Scope

This policy sets out the governance framework, controls, and responsibilities for the use of generative Artificial Intelligence (AI) within The Typing Works Limited.

It ensures compliance with:

  • UK GDPR
  • Data Protection Act 2018
  • IASME Cyber Assurance requirements
  • Sector-specific confidentiality obligations (including legal, medical, academic and research sectors)

This policy applies to all employees, directors, contractors, and freelance transcribers engaged by The Typing Works Limited.

It covers all AI tools and systems, including but not limited to:

  • Speech-to-text engines
  • Large Language Models (LLMs)
  • Grammar and writing assistance tools
  • Summarisation tools
  • Any automated system capable of processing language, audio, or text

2. Definitions

Artificial Intelligence (AI)
Automated systems capable of performing tasks that typically require human intelligence.

Machine Learning (ML)
AI systems that identify patterns and improve performance based on data.

Automated Transcription
Machine-generated text created from audio or video recordings.

Human-Edited Transcription
Transcription produced entirely by a human without AI assistance.

Personal Data
Information relating to an identifiable individual (UK GDPR, Article 4).

Special Category Data
Sensitive personal data requiring enhanced protection (UK GDPR, Article 9).

Client Data
Any audio, video, text, document, or metadata provided by or on behalf of a client.

3. Approved Use Cases

The Typing Works Limited operates a strict no-AI-processing rule for client data.

AI tools may be used only where no client data is inputted or processed.

Permitted uses include:

  • Grammar queries using fully generic examples
  • Research into terminology, acronyms, or specialist vocabulary
  • Productivity tools that do not process, store, or reference client information

The following uses are not permitted, even partially:

  • Automated first-pass transcription
  • Speaker diarisation
  • Automated timestamping
  • Grammar or formatting suggestions based on client content
  • AI-based quality assurance checks involving client data
  • Summaries or topic extraction
  • Translation of client material using AI
  • Any AI-assisted content generation involving client material

4. Prohibited Use Cases

The following are strictly prohibited:

  • Uploading or inputting client audio, text, documents, or metadata into any AI tool
  • Using AI systems that store, retain, or reuse submitted data for training purposes
  • Using AI to fabricate, infer, or “fill in” unclear audio
  • Using AI for identity recognition, voice recognition, profiling, or surveillance
  • Translating or summarising client content using AI
  • Using personal accounts, personal devices, or unapproved platforms to process client material
  • Using AI tools that are not demonstrably UK GDPR compliant
  • Using any AI tool without prior approval from a Director

Any breach of this section constitutes a data protection incident.

5. Data Privacy and Security Requirements

  • No client data may be processed by AI tools under any circumstances.
  • All systems and processes must comply with UK GDPR principles, including:
    • Lawfulness, fairness, and transparency
    • Purpose limitation
    • Data minimisation
    • Accuracy
    • Storage limitation
    • Integrity and confidentiality
  • All client data must be encrypted in transit and at rest.
  • Data must not be transferred outside approved systems.
  • Retention and deletion must follow internal policy and client contractual agreements.
  • Special category data (including legal, medical, and research material) requires enhanced safeguards.
  • Any proposed change to AI usage must undergo a documented Data Protection Impact Assessment (DPIA) before implementation.

6. Human Oversight and Quality Control

  • All transcription work must be completed and verified by a human.
  • AI-generated output must never be delivered to clients.
  • Transcribers remain fully responsible for accuracy, context, and interpretation.
  • Human judgement must always be applied when audio is unclear, ambiguous, or incomplete.

The Typing Works Limited is committed to human-produced transcription services.

7. Transparency with Clients

The Typing Works Limited confirms that:

  • No client data is processed using AI systems.
  • All transcription services are delivered by human professionals.
  • AI tools may be used only for non-client-data administrative or research tasks.

Any future change to this position will be communicated clearly to clients in advance.

8. Vendor and Tool Approval Process

Before any AI-related tool is approved for internal use, Directors must assess:

  • UK GDPR compliance
  • Data handling, retention, and deletion policies
  • Information security controls
  • Whether the tool trains on user-submitted data
  • Contractual guarantees and liability provisions
  • Supply chain and third-party risk
  • Results of a DPIA (if applicable)

All approved tools are reviewed at least annually.

9. Employee and Freelancer Responsibilities

All personnel engaged by The Typing Works Limited must:

  • Comply fully with this policy
  • Use only Director-approved tools and systems
  • Maintain strict confidentiality
  • Report any actual or suspected breach immediately
  • Complete mandatory AI and data-protection training
  • Sign the AI Compliance Declaration (as set out in the Governance Pack)

Failure to comply may result in disciplinary action and termination of contract.

10. Training and Competency

  • All employees and freelancers receive training on this policy before undertaking work.
  • Training is refreshed annually or when regulatory changes occur.
  • Directors monitor compliance and maintain training records.

11. Ethical Principles

The Typing Works Limited commits to:

  • Protecting client confidentiality above operational convenience
  • Avoiding bias in any AI-related internal process
  • Ensuring fairness, accuracy, and integrity
  • Prohibiting AI-based surveillance or profiling
  • Maintaining professional standards in all services delivered

12. Incident Reporting and Breach Response

An AI-related incident includes:

  • Any instance of client data being inputted into an AI tool
  • Any unauthorised AI usage
  • Any suspected or confirmed data exposure

Incidents must be reported immediately to rebecca@thetypingworks.com

We will respond immediately and always within 12 hours of notification.

Where required under UK GDPR or contractual obligations, clients will be notified without undue delay using established communication channels.

13. Policy Review and Updates

  • This policy is reviewed annually.
  • Updates are approved by the Board of Directors.
  • Changes are communicated to all employees, contractors, and relevant clients.

If you would like, I can also:

Scroll to Top