--- title: Organization Policies - Detailed Guide description: >- Master organization policies in Clear Ideas. Understand strict vs non-strict enforcement, the less permissive principle, policy indicators, and how policies affect user settings. ogTitle: Organization Policies Detailed Guide ogDescription: >- Deep dive into organization policies. Learn enforcement modes, policy indicators, and how policies control member settings ogImage: /assets/images/og/guide-organization-policies-detailed.webp navigation: icon: fasl fa-shield-alt --- # Organization Policies - Detailed Guide Organization policies provide sophisticated control over member access to features and settings. Understanding how policies work, their enforcement modes, and how they affect individual settings is essential for effective organization management. ## Policy Enforcement Modes Organizations can choose between two enforcement modes that determine how policies affect member settings. ### Strict Enforcement Mode **Strict Mode** (`enforceStrict: true`): Policies are mandatory and cannot be overridden **Characteristics:** - **Mandatory**: Organization policies override all member settings - **No Override**: Members cannot change settings that conflict with policies - **Complete Control**: Administrators have full control over all settings - **Compliance**: Perfect for highly regulated environments **When to Use:** - Regulatory compliance requirements - Security-critical environments - Organizations requiring strict standardization - Audit and compliance scenarios **Example**: If organization policy sets `enhancedSearchEnabled: false` in strict mode, members cannot enable enhanced search, regardless of their account settings. ### Non-Strict Enforcement Mode **Non-Strict Mode** (`enforceStrict: false`): Policies provide defaults that members can modify **Characteristics:** - **Defaults**: Policies provide default settings - **Member Control**: Members can modify settings (with restrictions) - **Flexibility**: Balances control with user autonomy - **Less Permissive Rule**: Members can only make settings less permissive **When to Use:** - Organizations wanting guidance without strict control - Teams needing flexibility while maintaining standards - Gradual policy implementation - Collaborative environments ## The Less Permissive Principle In non-strict mode, the system follows a "less permissive" rule that determines what changes members can make. ### Understanding Permissiveness **Permissive Settings**: Settings where `true = enabled/allowed` and `false = disabled/restricted` **Examples of Permissive Settings:** - `chatEnabled`: `true` = AI Chat enabled (more permissive), `false` = disabled (less permissive) - `enhancedSearchEnabled`: `true` = enhanced search enabled (more permissive), `false` = disabled (less permissive) - `ocrEnabled`: `true` = OCR enabled (more permissive), `false` = disabled (less permissive) ### The Rule **Members Can:** Change `true → false` (disable features that organization allows) **Members Cannot:** Change `false → true` (enable features that organization restricts) ### Examples **Example 1: Organization Allows, Member Disables** - Organization Policy: `enhancedSearchEnabled: true` - Member Setting: Can set to `false` (disable for their account) - Result: ✅ Allowed - Member is making it less permissive **Example 2: Organization Restricts, Member Tries to Enable** - Organization Policy: `enhancedSearchEnabled: false` - Member Setting: Cannot set to `true` (enable for their account) - Result: ❌ Not Allowed - Member cannot make it more permissive **Example 3: Strict Mode** - Organization Policy: `enhancedSearchEnabled: true`, Strict Mode: `true` - Member Setting: Cannot change (locked to organization policy) - Result: ❌ Not Allowed - Strict mode prevents all changes ## Policy Indicators Visual indicators throughout the application show when organization policies affect settings. ### Policy Indicator Icons **Policy Indicator**: Small icon next to settings indicates organization policy control **Indicator States:** - **Present**: Policy affects this setting - **Tooltip**: Hover for details about the policy - **Color Coding**: Different colors indicate policy type or enforcement level ### Understanding Indicators **Organization Controlled**: Setting is controlled by organization policy **Organization Default**: Setting uses organization default but can be modified (non-strict) **Strict Enforcement**: Setting cannot be changed (strict mode) **No Policy**: No organization policy affects this setting ## How Policies Affect User Settings ### Policy Application Flow When a user views or modifies settings: 1. **Load User Setting**: System loads user's current setting 2. **Check Organization Policy**: System checks if organization has a policy for this setting 3. **Apply Policy**: Policy is applied based on enforcement mode 4. **Display Effective Setting**: User sees the effective setting (policy-applied value) 5. **Show Indicators**: Policy indicators show policy influence ### Strict Mode Behavior In strict mode: - **Override**: Organization policy value replaces user setting - **Locked**: User cannot change the setting - **Visual**: Settings show as disabled/locked with policy indicators - **Immediate**: Changes take effect immediately for all members ### Non-Strict Mode Behavior In non-strict mode: - **Default**: Organization policy provides default value - **Modifiable**: User can change setting (if making it less permissive) - **Visual**: Settings show policy indicators but remain editable - **Flexible**: Members have control within policy constraints ## Policy Categories ### Governance Policy Governance extends organization policy into AI execution retention, replay, and evidence without changing how members normally use chats or workflows. **Settings:** - `preventChatDeletionWhenGoverned`: Blocks deletion of AI chats when organization policy requires retention - `preventWorkflowDeletionWhenGoverned`: Blocks deletion of AI workflows and AI workflow jobs when organization policy requires retention - `archiveContentInsteadOfDelete`: Enforces content archiving so delete actions remove content from normal view while retaining source artifacts for governance references **How It Works:** - Clear Ideas writes governed AI artifacts to secure storage for AI chats, AI workflows, AI workflow jobs, and governed MCP evidence - MongoDB remains the hot operational store for active usage and can be slimmed later without losing governed evidence - Organization policy determines deletion-prevention behavior and is stamped into governed AI records - Public chat uses the same storage architecture, but organization policy primarily applies to organization-owned AI activity - Content archiving helps governed evidence keep resolving source artifacts even when content is removed from ordinary site views ### Policy Versioning and Hashes Organization policy now includes: - `version` - `policyHash` - `publishedAt` Every governed AI record stores the policy version and hash that were effective when the record was materialized. This makes it possible to answer which policy governed a chat interaction or workflow run at a specific point in time. ### Policy History Every policy update creates a versioned policy-history record. Organization administrators can review older policy versions and use them as supporting evidence when analyzing governed AI activity. ### Governed AI Storage Model Governed AI uses a write-through model: 1. A chat interaction or workflow result is assembled in memory 2. The exact bytes that will be stored are serialized once 3. A hash is computed over those exact bytes 4. The artifact is written to governed storage 5. The application record keeps lightweight metadata such as sequence, hash, and storage pointer Governed chat storage is event-based, so later interactions append compact records rather than rewriting the full chat every time. This avoids canonical JSON issues and supports later replay, export, and forensic review. ### Prompt Versioning AI Chat interactions also stamp the prompt context used for that interaction, including: - system prompt key - system prompt version - system prompt hash - effective prompt hash This allows a continued older chat to use the latest active Clear Ideas prompt while still preserving evidence of which prompt governed each later interaction. ### Evidence and Export Governed evidence is primarily for audit, replay, and forensic analysis. - Normal application usage continues to rely on the live chat and workflow records - Governed artifacts remain available for controlled export when needed - Organization administrators retrieve governed evidence from **Audit & Governance > Governance Activity** - Evidence export is intended for controlled review, not day-to-day browsing - Customer-visible evidence exports include prompt references and hashes rather than raw proprietary Clear Ideas prompt bodies - Signed evidence exports include Ed25519 receipts, file hashes, and signing key metadata when evidence signing is enabled - Administrators can verify a downloaded evidence ZIP locally in the browser with **Verify Evidence Export** Signed export verification helps reviewers confirm that the exported evidence files still match the signed receipt after the ZIP leaves Clear Ideas. The verifier runs client-side, so the evidence bundle is not uploaded during the check. ### Governance Review and AI Usage Organization administrators now have two complementary governance views: - **Governance Activity**: Review governed AI lifecycle activity, export evidence for AI Chat, AI Workflow, AI Workflow Job, and governed MCP records, and verify downloaded signed evidence bundles from one centralized table - **AI Usage**: Analyze AI credits, tokens, model usage, and usage by organization member across AI Chat and user-owned workflows These views are intentionally separated from everyday object menus so that audit, review, and evidence retrieval stay centralized. ### AI Features Policy Control AI capabilities across the organization: **Settings:** - `clientEnabled`: Enable/disable AI Chat (master switch) - `chatEnabled`: Enable AI Chat for sites - `summariesEnabled`: Enable AI document summaries - `enhancedSearchEnabled`: Enable AI enhanced search - `mcpEnabled`: Enable External Tool Usage (MCP) - `useCreditsForThirdParty`: Allow organization billing for collaborator AI usage - `permittedModels`: Specify allowed AI models (empty = all allowed) **Policy Indicators**: Appear on AI settings pages showing organization control ### Model Policy Permitted model policy supports: - **All models**: leave `permittedModels` empty - **Latest aliases**: allow Clear Ideas-managed workflow model aliases such as the current intelligent or latest production options - **Specific models**: allow named model versions for stricter repeatability - **Deprecated models already in policy**: show only so administrators can unselect them Policy is static. Clear Ideas does not automatically select a successor when a deprecated model is no longer permitted or no longer available. AI Chat hides unavailable choices. AI Workflows show a discreet validation warning when a workflow or step references a deprecated model, and workflow jobs fail with an explanatory message if execution reaches a model that policy does not permit. ### Content Deletion Policy When content archiving is enabled by organization policy, site delete actions can be converted into archiving instead of permanent deletion. Archived content is hidden from normal site browsing and can be restored by administrators, while the underlying file and content references remain available for governance purposes. At the site level, content deletion behavior has three modes: - **Allow Content Deletion**: delete actions use Recently Deleted where deletion is allowed - **Archive Content**: delete actions move content into Archived Content - **Block Content Deletion**: delete and archive actions are hidden and blocked In non-strict mode, sites can choose a less permissive mode. For example, if organization policy enforces archiving, a site may block content deletion entirely, but it cannot allow ordinary deletion. In strict mode, the organization policy setting is locked. ### Search Policy Control search capabilities: **Settings:** - `fullTextSearchEnabled`: Enable full-text search - `ocrEnabled`: Enable OCR for PDF documents **Policy Indicators**: Appear on search settings pages ### Signing Request Policy Control signature request behavior and signing terms: **Settings:** - `requestsEnabled`: Allow or block members from creating, editing draft, and sending signature requests - `defaultDisclosureBody`: Organization-level markdown signing terms applied to member signature requests - `allowUserDefaultDisclosureOverride`: Allow members to replace the organization default with their own signing request default **How It Works:** - If `requestsEnabled` is `false`, members cannot create or send signature requests - If `defaultDisclosureBody` is set and overrides are disabled, the organization terms are enforced for all member requests - If `defaultDisclosureBody` is set and overrides are allowed, members may use their own default signing terms instead **Policy Indicators**: Appear in signing request defaults and related signing UI when organization policy affects those settings ### Notification Policy (Strict Mode Only) Control notification settings (only applies in strict enforcement mode): **Settings:** - `frequency`: Notification frequency (daily, weekly, monthly) - `hours`: Notification hours (array of hours 0-23) - `days`: Notification days (array of day names) **When Active**: Only enforced when `enforceStrict: true` ### Site Policy (Strict Mode Only) Control site-level settings (only applies in strict enforcement mode): **Settings:** - `autoAcceptInvites`: Automatically accept site invitations - `enableLocalSync`: Enable local synchronization **When Active**: Only enforced when `enforceStrict: true` ## Mandatory AI Instructions Organization-level AI instructions that are automatically included with all member AI interactions. ### Characteristics **Mandatory**: Applied automatically to all organization members **Cannot Be Disabled**: Members cannot disable organization instructions **Combined with Personal**: Organization instructions are combined with personal instructions **Limit**: Up to 10 mandatory instructions per organization ### Policy Indicators Mandatory instructions are indicated in AI Chat interfaces, showing that organization instructions are active. ## Viewing Policies as a Member Non-admin members can view organization policies: ### Policy Summary Navigate to **Settings > Organization > Organization Policies** to view: - **Policy Summary**: Overview of active policies - **Policy Indicators**: Visual indicators showing policy control - **Effective Settings**: How policies affect your settings - **Enforcement Mode**: Whether strict or non-strict mode is active ### Understanding Your Settings **Policy Indicators**: Show which settings are controlled by organization **Effective Values**: See the actual settings that apply (after policy application) **Change Limitations**: Understand what you can and cannot change ## Policy Update Process ### Updating Policies Organization administrators update policies: 1. Navigate to **Settings > Organization > Organization Policies** 2. Modify policy settings 3. Click **Save Policy** 4. Changes take effect immediately ### Impact of Policy Updates **Immediate Effect**: Policy changes apply to all members immediately **Member Impact**: Members may see settings change automatically **Notification**: Consider notifying members of significant policy changes **Last Updated**: Policy update timestamp is tracked for audit purposes ## Policy Inheritance and Precedence ### Hierarchy Settings are determined by this hierarchy (highest to lowest): 1. **Organization Policy (Strict Mode)**: Overrides everything 2. **Organization Policy (Non-Strict Mode)**: Provides defaults with restrictions 3. **User Account Settings**: User's personal preferences 4. **Site Settings**: Site-specific overrides (subject to account and organization policies) ### Precedence Rules **Strict Mode**: Organization policy always wins **Non-Strict Mode**: - Organization provides default - User can make less permissive changes - Site settings can further restrict (but not enable if disabled higher up) ## Best Practices ### Policy Planning **Start Non-Strict**: Begin with non-strict mode to allow flexibility while establishing defaults **Gradual Strict**: Move to strict mode after policies are tested and refined **Document Policies**: Document why policies are set and what they achieve ### Communication **Inform Members**: Communicate policy changes to members **Explain Rationale**: Help members understand why policies exist **Provide Guidance**: Offer guidance on working within policy constraints ### Regular Review **Review Policies**: Periodically review policies for relevance **Update as Needed**: Update policies as organizational needs change **Monitor Compliance**: Monitor how policies affect member workflows ## Related Documentation - [Organization Settings](/organizations/organization-settings) - General organization management - [Organization Members](/organizations/organization-members) - Member management - [AI Instructions](/ai/ai-instructions) - Understanding AI instructions