How using AI impacts your Privacy Policy: what you need to know 

As more and more businesses start using AI for writing email replies, chatbots, research, and creating website content, you may be wondering whether your website policies need to disclose whether or not you are using AI. The answer is (of course), it depends. Whether your website policies need to disclose the use of AI really depends on how you are using AI, the type of AI that you are using, and whether you are inputting personal information into the AI. Since businesses may use AI in a myriad of ways, this article will present different scenarios and discuss whether each scenario and use requires policy disclosures. Please note that this article will only discuss the policy implications of using AI, but you should be aware of the risks of providing company and personal information to AI tools, such as the risk that this information could be used to train the AI, thus potentially making it publicly available to others. 

Scenario 1: using AI for general questions or research 

Many businesses use AI tools for answering general questions and for performing general research. For example, a business may ask an AI: “what’s the best way to market a florist business in Chicago?”, “how can I improve my website’s SEO score?”, “what is the best bookkeeping software for plumbers?” or other, similar questions. In this scenario, the business is just asking general questions and is not inputting any personal information (e.g. names and email addresses of customers) into the AI. In this scenario, the business would not need to update their website policies to disclose the use of AI as such use does not affect nor involve the website visitor in any way. 

Scenario 2: using AI to generate text, images or videos for the website 

Some businesses may use AI tools to generate website copy (e.g. to write blog posts or to write your “pricing” page), create images or to create videos for their websites. In this scenario, no personal information is shared with an AI, but individuals visiting the website may see AI-generated content. The following are the main considerations for this scenario: 

1. Watermarks: some AI tools that generate images or videos are required to place a watermark or warning that the image or video is AI-generated. The purpose of this warning is to ensure that an individual can quickly tell that the image or video is not real. If the AI tool provides a watermark on the video or image stating that it is AI-generated, then you must leave that watermark in place. In addition, if you are required by the EU AI Act to provide a notice on AI-generated videos or images, then you will want to ensure that you do so. 
2. Notice on AI-generated text: the EU AI Act can require websites that provide AI-generated text (i.e. website copy) to include a notice that the text was generated using AI. For AI-generated content, this disclosure must be provided in a way that a user would actually notice it. This means that the disclosure must be provided on the content itself (e.g. within a blog post) or clearly adjacent to it (e.g. UI indicator). Usually, disclosing this warning within policies (e.g. your website’s Terms of Service) is not enough to meet this standard as many website visitors will read a blog post or the content of a website page without reading the website’s policies, thereby missing this disclosure. 

Adding the AI-generated content notice to your website policies will not help you meet the actual requirements of the EU AI Act set forth above. However, if you are using Termageddon and would like to add this notice to your policies anyways, you can do so by following the steps outlined below: 

1. Log in at policies.termageddon.com; 
2. Click on your license; 
3. Click “Edit” next to “Review and Override Policy Text”; 
4. Select the policy to which you’d like to add your text (e.g. Terms of Service); 
5. Simply type in your text into an existing section or click the “+” icon to create a new section and add your text; 
6. When you have finished adding your text, click “Go to Policy Dashboard”. 

Scenario 3: Personal information is shared with AI tools 

Lastly, certain businesses may use AI tools in such a way that personal information is shared with those AI tools. Examples of such uses can include: 

1. An AI chatbot that interacts with website visitors. A customer may input their personal information (e.g. name and email address) when speaking to the chatbot; 
2. An AI that helps answer customer questions in your ticketing software. The AI may gain access to the customer’s personal information such as name, email, purchasing history, payment information, address, and more; 
3. An AI that helps you answer emails. The AI may gain access to the customer’s personal information such as name, email, phone number, and anything else they input into the email or have in their email signature; 
4. An AI that helps you send invoices, process customer payments, and undertake collections. The AI may gain access to the customer’s personal information such as name, email, address, payment information, and more; 
5. Inputting customer information into an AI to help you reply to emails, resolve customer issues, create email marketing campaigns and more. 

There are almost unlimited number of ways in which personal information can be shared with an AI tool but, if the AI gains access to your customer’s personal information such as names, emails, phone numbers, payment information, physical addresses and more, then you are sharing personal information with the AI tool. This is by far the riskiest approach to using AI, at least from a privacy perspective. 

At the time of writing this article, there are many privacy laws that require businesses to list the categories of third parties with whom they share personal information. However, with the recent changes that go into effect on July 1, 2026, the Connecticut Data Privacy Act is the first privacy law to specifically require businesses that need to comply with this law to state whether they collect, use, share, or sell personal information to train large language AI models. Whether or not Connecticut’s privacy law applies to you, you will want to make sure that your Privacy Policy states that you are using personal information to train large language AI models, sharing it with AI models, or selling it to train AI models. If you are using Termageddon for your website policies, you can do so by following the steps below: 

1. Log in at policies.termageddon.com; 
2. Click on your license; 
3. Click “edit” next to Data Type Questions; 
4. Select the piece of personal information that is being processed by AI (e.g. name). On the left side, make the appropriate selections. For example, for “purpose for collecting this information”, you can select “training large language AI models”, or for “what categories of third parties have you shared this personal information with”, you can select “large language artificial intelligence models”. 
5. Click “next” and your Privacy Policy will be updated accordingly. 

Final Thought

In conclusion, whether your website policies need to acknowledge your use of AI depends upon how you use the AI and whether or not you input or share personal information with the AI. For companies sharing personal information with AI tools, you will want to update your Privacy Policy to state that personal information will be used to train AI and that it will be shared with AI tools, as stated above.