Main content
AI Tools at UChicago
Approved, Restricted, and Unauthorized AI Tools at UChicago
If a desired tool or use case is not listed, the next step depends on whether the tool requires payment for use.-
For paid tools, individuals should submit a request through ServiceNow Procurement Intake.
-
For free tools, individuals should submit the Generative AI Tool Evaluation Form
| AI Tool | Status | Purpose/Reason | Enterprise Supported/Pay/Free | Restrictions | Reviewed by Date |
| Airtable |
Approved up to SRDS low protection level. | Airtable is a database tool - providing low-code applications for end users. | Paid | Only for non-sensitive information | June 30, 2025 |
| Asana | Approved up to SRDS low protection level. | Project Management | Paid | Only for non-sensitive information | June 30, 2025 |
| Azure AI | Approved up to SRDS low protection level. | General Use | Enterprise Supported | Only for non-sensitive information. | January 17, 2025 |
| BoxAI | Approved up to SRDS high protection level. | General Use | Enterprise Supported | Can be used for sensitive information with IRB approval. | January 17, 2025 |
| CampusESP: Family Communication Module | Approved up to SRDS low protection level. | Helps higher education institutions share content with families across web, mobile, email, and SMS. | Paid | Only for non-sensitive information | June 30, 2025 |
| Chatfuel | Approved up to SRDS low protection level. | Administers surveys on Facebook as part of an ongoing research project | Paid | Only for non-sensitive information | June 30, 2025 |
| ChatGPT 3.5 | Approved for data that is made publicly available by its source. |
General Use | Free | Only for non-sensitive information. | January 17, 2025 |
| ChatGPT 4.0 | Approved for data that is made publicly available by its source. | General Use | Free | Only for non-sensitive information. | January 17, 2025 |
| Chat2Learn | Approved up to SRDS moderate protection level. | Provide conversation topics for parents to talk to their kids. | Paid | No SRDS high protection level data use approval | January 17, 2025 |
| ClassBuddy | Approved up to SRDS low protection level. | Teaching Assistant that ingests uploaded course material from Canvas into its knowledge base. | Paid | Only for non-sensitive information. | January 17, 2025 |
| claude.ai | Approved up to SRDS low protection level. | General Use | Paid | Only for non-sensitive information; not to create website chatbots. |
January 17, 2025 |
| Copilot | Approved up to SRDS high protection level. |
Various purposes to support Microsoft Products | Enterprise Supported | Can be used for sensitive information with IRB approval. | January 17, 2025 |
| ExtraHop AI | Approved for all data types | For information Security | Paid | Can be used with sensitive flow data. | January 17, 2025 |
| GatherContent by Bynder | Approved up to SRDS low protection level. | Helps organizations scale up content production and deliver better quality content faster. | Paid | Only for non-sensitive information. | January 17, 2025 |
| Gemini through UChicago Google Workspace | Approved up to SRDS low protection level. | Real-time research, complex reasoning, and integration into the tools available in Google Workspace. | Enterprise Supported | Only for non-sensitive information. | October 9, 2025 |
| Keen Platform | Approved up to SRDS low protection level. | Marketing decision support | Paid | Only for non-sensitive information. | January 17, 2025 |
| Mail Maestro | Approved up to SRDS low protection level. | AI email assistant | Enterprise Supported | Only for non-sensitive information. |
June 30, 2025 |
| NotebookLM (through UChicago Google Workspace) | Approved up to SRDS low protection level. | An AI -powered research and note-taking tool. | Enterprise Supported | Contact us to discuss your specific use case. | June 30, 2025 |
| Noodle Partners, PBC: Manage and Engage AI | Approved up to SRDS low protection level. | Manage AI: An AI-driven platform that helps improve programs and support students by turning data from systems like LMS and CRM. Engage AI: Uses public program data to engage prospective students in personalized conversations. |
Paid | Only for non-sensitive information. | June 30, 2025 |
| Parlay Ideas |
Approved up to SRDS low protection level. |
Creating class discussions | Paid | Only for non-sensitive information. | January 17, 2025 |
| Perplexity.ai | Approved up to SRDS low protection level. | An AI-powered search and answer engine that combines large language models with live web search to deliver conversational responses. | Paid | Free version may log and use identifiable queries for model improvement. Paid version has a stronger privacy policy and does not log identifiable quieres for model improvement. | July 18, 2025 |
| PhoenixAI | https://genai.uchicago.edu/phoenixai-service-usage-guidelines | General Use | Enterprise Supported | Can be used for sensitive information with IRB approval. |
June 30, 2025 |
| Point and Click AI | Approved up to SRDS high protection level. | Enhance features and efficiency of wellness services provided to students. | Paid | Only for non-sensitive information. | June 30, 2025 |
| REV | Approved up to SRDS moderate protection level. | Transcription service that uses both human and AI (speech recognition). | Paid | No SRDS high protection level data use approval. | June 30, 2025 |
| Scribe AI | Approved up to SRDS low protection level. | AI email assistant | Paid | Only for non-sensitive information. | June 30, 2025 |
| Site Improve Intelligence |
Approved up to SRDS low protection level. | Helps enterprises plan, create and optimize content. | Paid | Only for non-sensitive information. |
January 17, 2025 |
| Slack AI | Approved for data that is made publicly available by its source. | AI in Slack can summarize channels and threads and serve up daily recaps. | Paid | AI-generated outputs (e.g., summaries, recaps) may be posted in shared channels or viewed by multiple users. These outputs may surface, rephrase, or summarize others' messages, potentially highlighting content not intended for broader visibility. Slack’s privacy terms also permit use of data to improve AI features. Do not use with sensitive data. | July 15, 2025 |
| SprinklrAI+ | Approved up to SRDS low protection level. | Designed to enhance customer experience management across enterprises | Paid | Only for non-sensitive information | June 30, 2025 |
| Sonix AI |
Approved up to SRDS low protection level. |
Transcription service | Paid | Only for non-sensitive information. | January 17, 2025 |
| Tunnl Platform |
Approved up to SRDS low protection level. | Allows users to build audiences and helps market to those audiences | Paid | Only for non-sensitive information. | January 17, 2025 |
| 3 Play Media | Approved up to SRDS moderate protection level. | Transcription service, Accessibility | Paid | No SRDS high protection level data use approval. | January 17, 2025 |
| Ubiqus / Acolad | Approved up to SRDS moderate protection level. | Transcription/translation service | Paid | No SRDS high protection level data use approval. | June 30, 2025 |
| Vertex AI | Approved for data that is made publicly available by its source. | General Use | Paid | Only for non-central GCP tenant | January 17, 2025 |
| Xapien | Approved up to SRDS low protection level. | Research engine used for due diligence on donors and partners. | Paid | Only for non-sensitive information. | June 30, 2025 |
| Zoom AI Companion | Approved up to SRDS high protection level. | Taking meeting notes | Enterprise Supported | Can be used to take notes that include sensitive information | January 17, 2025 |
Unauthorized AI Tools
| AI Tool | Status | Purpose/Reason | Enterprise Supported/Paid/Free | Restrictions | Reviewed by Date |
| AI tools embedded in Chrome extensions | Contact us to discuss your specific use case | Add-ons that provide AI-enhanced features such as writing assistance, summarization, or productivity enhancements directly within the browser. | Free | Most Chrome extensions—AI or not—can capture browsing history, keystrokes, or sensitive data. Many are developed by unknown vendors and lack oversight or data security. Use of any extension should be carefully vetted. | N/A |
| Character.ai | Not Approved - email itrisk@uchicago.edu with questions. | Platform that allows users to engage in open-ended conversations with fictional or user-created personalities | N/A | Does not provide SOC 2, ISO 27001, or other enterprise attestations. Does not comply with GDPR/CCPA. Data is stored indefinitely. | N/A |
| Cleverbot | Not Approved - email itrisk@uchicago.edu with questions. | A conversational AI chatbot designed for casual dialogue. | N/A | Outdated architecture, no modern privacy protections, lacks University required security controls, and conversations are logged without user controls or disclosures. | N/A |
| Dante Chatbot | Not Approved - email itrisk@uchicago.edu with questions. | Automated tools embedded in websites to simulate conversation with users. They can answer questions, provide support, guide navigation, and even assist with transactions. | N/A | At this time, the University has not approved the use of third-party chatbot products due to unresolved security and privacy concerns. Many of these tools do not align with our compliance requirements—including FERPA and GDPR—and may introduce vulnerabilities within our digital infrastructure. | N/A |
| Finalsite Chatbot | Not Approved - email itrisk@uchicago.edu with questions. | Automated tools embedded in websites to simulate conversation with users. They can answer questions, provide support, guide navigation, and even assist with transactions. | N/A | At this time, the University has not approved the use of third-party chatbot products due to unresolved security and privacy concerns. Many of these tools do not align with our compliance requirements—including FERPA and GDPR—and may introduce vulnerabilities within our digital infrastructure. | N/A |
| Orimon Chatbot | Not Approved - email itrisk@uchicago.edu with questions. | N/AAI-powered chatbot creation platform that enables users to build conversational agents that can handle customer interactions across multiple channels. | N/A | Not approved from a security and privacy perspective | N/A |
| Otter AI | Not Approved - email itrisk@uchicago.edu with questions. | Transcription tool that uses AI to convert spoken language (from meetings, interviews, lectures) into written text. It also provides speaker identification, summarization, and collaboration features | N/A | Not approved from a security and privacy perspective. | N/A |
| Read.ai | Not Approved - email itrisk@uchicago.edu with questions. | An AI that transforms meetings, emails, and messages into summaries. | N/A | Privacy and security concerns, including unauthorized recording of meetings, excessive access to calendars, and unclear data retention and deletion practices. No SOC 2, no ISO 27001, and no GDPR/CCPA compliance. | N/A |
| Replika.ai | Not Approved - email itrisk@uchicago.edu with questions. | A personal AI companion designed to simulate empathetic conversation. | N/A | Designed for personal use and not aligned with University security standards; collects significant amounts of personal information and is not built with privacy-by-design principles. No SOC 2; though it received ISO 27001 back in 2017, no recent attestations; has had regulatory actions. Missing up-to-date GDPR/CCPA certification. | N/A |
| Securly.ai | Not Approved - email itrisk@uchicago.edu with questions. | An AI tool used in K–12 environments to monitor student activity for signs of self-harm, bullying, or threats. | N/A | Does not comply with University data retention standards; poor Bitsight Security score. No SOC 2, no ISO 27001, and no GDPR/CCPA compliance | N/A |
| You.com |
Not Approved - email itrisk@uchicago.edu with questions. |
AI-powered search engine and assistant that combines real-time web results with language model | N/A | Privacy policy allows sharing data with third-party partners unless users log in and opt out. Tool collects query data for improvement by default. No SOC 2, no ISO 27001 (despite corporate SOC 2 Type 2 claim in blog). |
N/A |