AI Tools Guide

AI Tools & Data Use Guide

Use this guide to find out which University of Arizona AI tools are approved for different types of data.

Before you start, make sure AI use is allowed in your situation, for example:

Students: Check your course syllabus and departmental academic integrity policies.
Researchers: Confirm whether your journal, conference, or funding agency accepts AI-generated content — and whether disclosure is required. More information is available on the Generative AI in Research Page.

If you're unsure, ask your instructor or department head before proceeding.

It is always good practice to disclose if and how AI has been used to create or modify any content that you provide.

AI Tools & Data Use Decision Table

View the legend below the table for data type and acronym definitions.

	Allowed Data Types
	Public	Internal	Restricted	Restricted & Regulated
AI Tools				FERPA	HIPAA
U of A GenAI	Yes	Yes	Yes	Yes²	No
U of A Soteria	Yes	Yes	Yes	No	Yes
CoPilot Enterprise¹	Yes	Yes	No	No	No
Google Gemini Enterprise¹	Yes	Yes	No	No	No
Zoom AI Companion Enterprise¹	Yes	Yes	No	No	No
Free AI tools, no enterprise license (ChatGPT, Claude, Gemini, etc.)	Yes	No	No	No	No
Paid AI tools, no enterprise license (ChatGPT, Claude, Gemini, etc.)	Yes	No	No	No	No

	Allowed Data Types Continued
	Restricted & Regulated
AI Tools	PII	PCI	ITAR/EAR	IRB	CUI	GLBA
U of A GenAI	No	No	No	No	No	No
U of A Soteria	No	No	No	No	No	No
CoPilot Enterprise¹	No	No	No	No	No	No
Google Gemini Enterprise¹	No	No	No	No	No	No
Zoom AI Companion Enterprise¹	No	No	No	No	No	No
Free AI tools, no enterprise license (ChatGPT, Claude, Gemini, etc.)	No	No	No	No	No	No
Paid AI tools, no enterprise license (ChatGPT, Claude, Gemini, etc.)	No	No	No	No	No	No

1) Enterprise License requires that you use the tool with your U of A NetID account.

2) Yes, when used appropriately. The tool itself does not use inputs to train AI models, and access to prompts and outputs is limited to the user who enters them. However, any outputs that are of or about an identifiable student and are maintained by the university (for example, saved, downloaded, or incorporated into institutional systems or files) may become education records under FERPA. If maintained by the institution, those records would be subject to student records requests and institutional retention and disclosure obligations. To minimize FERPA risk, the university recommends removing all personally identifiable information (PII) before using the tool with student-related scenarios and deleting the chat after use. The tool should not be used to store, retain, or maintain student records.

Data Type Legend

Public	Public, for any information that has been disclosed to the public through appropriate processes as specified by the corresponding Information Resource Owner, or for Information Systems designed exclusively to store, process, or transmit information designated as Public
Internal	Internal, for any non-Public information that the corresponding Information Resource Owner has determined poses little or no risk to the University or University-Related Persons were it to be made public and that does not meet the definition of Restricted Information, or for Information Systems designed to store, process, or transmit information designated as no more restricted than Internal
Restricted	Restricted, for any non-Public information for which the corresponding Information Resource Owner has determined any public disclosure poses greater than little risk to the University or University-Related Persons and/or those that are encumbered by regulatory, statutory, or contractual obligations for confidentiality. It should also be used to designate Information Systems designed to store, process, or transmit information designated as Restricted
Restricted & Regulated	University Information that has been classified by the relevant Information Resource Owner as Restricted as, as defined by the Information Resource Classification Standard, may fall under the oversight of a University Compliance Office depending on additional characteristics

Acronym	Description	More Information	Point of Contacts
FERPA	Family Educational Rights and Privacy Act	https://registrar.arizona.edu/ferpa	Registrar's Office Alex Underwood Michael Davenport
HIPAA	Health Insurance Portability and Accountability Act	https://privacy.arizona.edu/hipaa-privacy	University Privacy Jim Lee
PII	Personal Identifiable Information	https://privacy.arizona.edu/privacy-statement	University Privacy Jim Lee
PCI-DSS	Payment Card Industry Data Security Standards	https://finance.arizona.edu/treasury/merchant-services/training/security	Treasury Jasmine Montano Chris Pings
ITAR/EAR	International Traffic in Arms Regulation / Export Administration Regulation	https://research.arizona.edu/compliance/export-control	Export Control Kay Ellis
HSPP/IRB	Human Subject Protection Program / Institutional Review Board	https://research.arizona.edu/compliance-public/human-subjects-protection-program	Regulatory Affairs / Integrity Mariette Marsh Christine Marie Melton-Lopez
CUI	Controlled Unclassified Information	https://research.arizona.edu/faq-page/cui-overview	Office for Responsible Outside Interests Taren Ellis Langford
GLBA	Gramm-Leach-Bliley Act	https://security.arizona.edu/glba	Information Security Office Timothy Schwab Wendy Epley

For questions or recommended updates to this page, please contact Wolfgang Jentner.

AI Arizona

AI Tools & Data Use Guide

AI Tools & Data Use Decision Table

Data Type Legend