Across The Company, we thrive on creativity, collaboration, and a good dose of technology. From Google Hangout banter to late-night Canva fixes, from spreadsheets to Teams marathons, or GPT, Mid Journey and Gemini, our work depends on secure and responsible use of IT resources, sometimes, without realizing the responsibility that comes with it.
Our IT & Usage of AI policy ensures that our tech assets, work tools, data, files and cloud tools are used wisely and ethically, while also addressing the exciting (and sometimes unpredictable) role of AI in our workflows.
As a Company, when we take on business, we also have to adhere to a number of water-tight non-disclosure agreements, data protection laws, and internal standards. Plus, there are a number of things that are required to protect data transfer, create a safe online working space and prevent phishing.
But it’s not just about keeping hackers away. It’s also about protecting our clients’ trust, team members’ information, and our own ability to work without having to face unwelcome surprises.
This policy isn’t meant to be a buzzkill, it’s meant to keep our systems, client data, and ideas safe. Think of it as a digital code of conduct that protects what we build together.
All Full-Time, Part-Time team members, Freelancers, Consultants, Counsellors, Service Providers, and Interns across Never Grow Up, Yellow Seed, SPRD, and Good Wave Foundation (“The Company”).
It also extends to any external partner, vendor, or service provider who accesses Company systems or handles Company data on our behalf like printers and or coding partners.
This policy applies to all devices, tools, data transfer mechanisms like email, Google drive, Adobe and every other digital or technology service or product we use. This includes but is not limited to:
Company laptops, desktops, mobile phones, and personal devices used for work.
Everyday collaboration platforms like Hangouts, Canva, Teams, Google Workspace, Figma, Adobe Creative Suite or any other official work tool.
Company-managed networks, VPNs, Websites, Platforms and cloud storage.
Any form of Agency or client data, whether stored, shared, or transmitted. From campaign decks to spreadsheets, if it’s made for The Company or a client, it’s Company property.
AI tools such as ChatGPT, Gemini, or Copilot, or any other AI tool, when used to solve internal or client problems, for and during course of work.
Rule of thumb: If you’re using something for work, this policy applies, no exceptions.
If you remember only one section from this policy, make it this one. These rules keep everything safe and apply to all technology usage:
Business First: Company-issued devices and tools are provided primarily for business purposes. Keep personal use minimal to protect data and avoid security lapses.
Client data is confidential: No screenshots, personal uploads, or saving client data on unapproved folders or personal drives.
No piracy, ever: Unlicensed or pirated software is a direct security and legal risk. Plus, this is a matter of zero tolerance.
Use work tools professionally: Canva, Freepik, Paid GPT / Gemini / Perplexity, and Google Workspace are for official purposes only. Embedded AI offerings that come bundled with other software are also for professional use only.
Avoid foreign devices: Don’t connect random USBs or external drives unless approved.
Passwords = Private: Never share credentials through Chats or on WhatsApp. Request HR managed access instead.
Secure your connection: Avoid public Wi-Fi; use your hotspot or VPN on work devices.
Stay alert: If something looks off, a suspicious link, phishing email, or file, inform Shared Services within 24 hours.
AI is powerful, inspiring, and occasionally a little overconfident. Across The Company, we encourage the use of AI tools to make work faster, better and more creative - whether that’s brainstorming campaign lines, structuring a report, or sparking ideas for social posts. But AI is a research co-pilot, and never for confidential data processing.
You must never input or upload client data, reports, financial information, or sensitive Company or client information into AI tools unless the tool is specifically approved and secure.
Even then, apply caution and common sense. Output from an AI platform should always be reviewed, fact-checked, and confirmed by you. Passing off AI-generated work or using content as-is or as a final deliverable without proper human oversight is borderline plagiarism.
Remember: You are accountable for what comes from your inbox. And you know our stand on plagiarism already. Plus, using AI for personal projects, generating offensive or biased content, or relying on AI in ways that could harm our reputation or that of our clients is a strict no-go area as well.
Violations involving misuse of AI or client data will be treated as serious misconduct. Data protection, ethical considerations, and the need for human review cannot be undermined. Whether you are an intern or part of management, we are all responsible.
• You may use AI tools (or other generative AI software) for research work purposes only if permitted by the Company and in line with assigned tasks.
• If you use any AI for a client project, remember, we need to take prior written permission from both internal teams and the client.
• Operate from a position of full disclosure. If you share an image generated by AI, or use one in a blog, you will need to share credits and the source.
• Remember you cannot input, share, or upload any confidential, sensitive, or proprietary Company/client information into an AI tool unless explicitly approved over email.
• Any content generated with AI must be reviewed & fact-checked before submission.
• As a user of an AI tool, you remain fully responsible for the accuracy, legality, and originality of work created.
• Use of AI must comply with fair use policies (including plagiarism, confidentiality, and IP policies) as well as applicable laws and regulations.
• It is a matter of zero tolerance if an AI tool is used for unethical purposes, including but not limited to: generating discriminatory/biased content, misinformation, or work that infringes on third-party rights.
We understand flexibility is part of our culture. If you use personal devices for work, follow these hygiene rules:
Separate Profiles: Maintain clear separation between personal and work files and applications. Do not store client data or sensitive Company information in personal folders or non-Company cloud storage (e.g., a personal Dropbox or iCloud).
Hygiene & Maintenance: The device must have its operating system (OS) and antivirus software fully updated. Screen-lock with a strong password or biometric method must be enabled.
Licensing: All software used for Company tasks on the device must be legally licensed. The Company reserves the right to request proof of valid licenses for tools accessing Company data.
Data Backup: All work data must be backed up exclusively to approved Company cloud storage (Google Drive).
Data upon Exit: In the event of a team member's exit, the Company reserves the right to remotely wipe, copy or revoke access to all Company data and applications from the personal device.
We recognize some team members, especially interns or creative specialists, may possess some personal licenses (e.g., Adobe Creative Suite, ChatGPT Plus) or have created their own accounts (e.g., personal Figma/Canva).
For Commercial Use: If a team member uses a personal commercial license (e.g., their paid GPT-4 account, personal Adobe license) to execute a client or Company task, the individual must ensure:
No confidential client data is ever processed or stored by that personal account.
The final output is transferred to the Company’s systems (Google Drive) and is considered Company Intellectual Property (IP) upon transfer.
Any such use is reported to and approved by Team Lead/Shared Services to ensure compliance.
• Piracy is Not Okay: The use of cracked, pirated, or illegally licensed software is strictly prohibited. It exposes our systems to malware and legal penalties which falls under Zero Tolerance
• Torrenting/P2P Ban: Peer-to-Peer (P2P) file-sharing applications, including BitTorrent, are strictly forbidden on all Company networks and devices (or BYOD devices used for work). These programs bypass security protocols and are a primary source of malware and security breaches.
• Unlicensed software? Not on our watch! If you use it and the Company ends up paying a fine or penalty, guess what, you’ll be footing part of the bill too. So, stick to licensed tools and keep everyone happy.
• Company-issued devices are provided primarily for business purposes. While the occasional personal Spotify stream or installing gaming apps or high-storage personal apps won’t break the Internet, try avoiding making these devices into a personal entertainment hub simply to protect data.
• Be mindful while installing any Software to avoid disruption. This is not because we don’t trust your taste in apps, it’s because unvetted downloads can invite malware, licensing issues, and security gaps. A quick search won’t harm anyone and try giving only necessary permissions for apps when you do download something. A single unverified app can compromise your device and client data.
• Physical security is as important as digital. Avoid leaving your laptop unattended on any occasion. Use strong, unique passwords and multi-factor authentication. When stepping away from your desk, even for a chai break, lock your screen.
• Data is our currency. From client pitch decks, internal feedback emails, client notes, product manuals to talent insights, every byte has value and is created using Company resources belongs to the Company. Company and client data must be stored on Company hard drives or on a protected drive database. Saving sensitive information on your desktop ‘because it’s convenient actually slows your system down. But if unavoidable, files must be encrypted or password protected to avoid leakages.
• When sharing across our companies/ #oneteam, the principle of least privilege applies. Only access what you need for your role. If you need access to another team’s drive, inbox or a client folder outside your remit, it requires written approval from the Shared Services Team. Sharing information via personal Gmail, to your personal drive, or USB drives is a matter of zero tolerance.
• When sending sensitive data externally, use password-protected files. The password should always be shared separately (yes, that means not in the same email).
• Another no-go area is sharing passwords for any work tool, over hangouts or WhatsApp. If a colleague needs a password, send it to them using a confidential toggle on Gmail with an expiry of one week.
• Avoid discussing client details on social media, or while screen sharing during external calls.
• When multiple people work on shared files, always maintain clear versioning to avoid confusion or data loss.
• When deleting files, use secure deletion methods. “Move to trash” is not enough' ensure backups or duplicates are cleared too.
• If a laptop or any Company provided asset goes missing, or is damaged, if you click on a suspicious link, or if you even suspect a breach of data, inform someone from the Shared Services team immediately. Your silence can make a small issue into a catastrophic event.
The sooner we know, the faster we can secure or wipe your data remotely.
All company assets: laptops, mice, storage devices, internet devices, and any other gadgets or equipment provided to you, are your responsibility. Think of them as your own work-life companions: take care of them, and they’ll take care of you.
Always handle devices with care. Avoid drops, spills, extreme temperatures, or rough handling.
Keep devices clean, updated, and free from unauthorized software or apps.
Follow all internal guides, including Taking Care of Laptops Basics, for daily care and maintenance.
Avoid letting the battery drain to 0% repeatedly; charge before it dips below 20%. Unplug chargers when the laptop is fully charged to avoid battery overheating.
• All data, files, and content created during your tenure belong to the Company and must be saved only on your laptop or approved google cloud storage.
• When returning a device, a complete audit of all assets in your possession will be conducted. This includes laptops, accessories, and any storage devices.
• Consequences for damage or loss:
Normal wear and tear are expected and will not be penalized.
Damage due to negligence or misuse, including lost devices will be noted, and costs for repair or replacement may be deducted from your payouts or reimbursements.
Unauthorized software, physical tampering, or attempts to bypass security will be treated as serious violations and may lead to formal action at Management’s discretion.
Think of your laptop as a work companion, data as a treasure, and AI as a helpful intern meant only to make you smarter. Approach all three with care, respect, and common sense.
Every team member shares the responsibility for protecting our digital ecosystem. The Shared Services Team manages Work tool approvals, access controls, and updates. Managers are responsible for reinforcing practices within their teams. Team members are responsible for using resources responsibly and promptly reporting any issues.
Q: Can I use ChatGPT to draft a client proposal?
You can use it for structure and inspiration, but the final content must be reviewed, fact-checked, and tailored to your specific needs. AI drafts are only to be used as starting points, and not as finished products unless it’s a concept / rough draft.
Q: Can I keep personal files on my work laptop?
A few, yes. but your Company device is primarily for business use only. Keep personal use to a minimum and avoid high-bandwidth or unauthorized applications. If you use a personal device, remember to keep personal and work profiles separate and back up work files on drive periodically.
Q: Can I use AI to generate social media captions or ad copies?
You can, but ensure the tone, data, and facts align with brand guidelines. Always humanize the output.
Q: What should I do if I receive a phishing email or suspicious link?
Do not click. Take a screenshot, report to Shared Services, and delete it.
Q: What if I accidentally share sensitive data with an AI tool?
Report it immediately to shared services. Mistakes happen, but a delay in informing us only makes them worse.
Q: Is All This Necessary?
Yes. Our approach is consistent with industry standards and protects everyone involved, including you, other team members, clients, and the business.
For day-to-day laptop usage, care best practices, and general workplace technology norms, please refer to our full Work Guidelines and Laptop Care pages: