Policies
8 min
policies are how you tell maro what your people are allowed to do in the apps they use every day — and what should happen when they do something risky every policy is a set of rules maro evaluates those rules as people submit prompts, browse, type, paste, and upload then takes action when a rule is triggered logging the activity, warning the person, redacting sensitive content, or blocking the action outright maro supports two types of policy policy type what it's for apps covered configurable ai chatbot policy monitoring ai chatbot activity for policy alignment a fixed set of major ai chatbots lightweight custom policy real‑time guardrails across any apps you choose any app you add rich you can run an ai chatbot policy and a custom policy at the same time they work together — each evaluates the activity it's responsible for ai chatbot policy the ai chatbot policy is purpose‑built for one job keeping sensitive data out of public ai chatbots and giving you visibility into how your team uses them it comes preconfigured to cover the major consumer ai chatbots, including chatgpt claude google gemini microsoft copilot perplexity deepseek grok what it does watches for sensitive data when someone is about to paste or type sensitive information — personal data (pii), health information (phi), payment card numbers, api keys and other secrets — into a chatbot, the policy can warn them, redact the content, or block the message tracks how chatbots are being used maro classifies the kind of work people are doing in chatbots (for example, code generation, data analysis, or content drafting) so you can see how ai is actually being adopted across the organization keeps a record activity is logged so you have an audit trail of ai usage and any sensitive‑data incidents when to use it use the ai chatbot policy when your main concern is the rise of public ai tools and you want fast, sensible coverage without configuring anything from scratch it's the quickest way to get protection in place there's one ai chatbot policy per organization you can tune which behaviors are enforced and how strict each one is, but the set of apps it watches is managed for you custom policy a custom policy is the flexible, full‑power option where the ai chatbot policy covers a fixed set of chatbots, a custom policy lets you build real‑time guardrails across any apps you choose — saas tools, internal apps, social media, file sharing services, and yes, ai tools too a custom policy gives you control over three things which apps the policy applies to, and whether people can use them what behaviors to watch for (like sharing pii, leaking secrets, or disclosing confidential information) and how strictly to enforce each one which activities (use cases) to track for reporting realtime enforcement as users take activities it also supports richer configuration than the ai chatbot policy per‑app rules — the same behavior can be enforced differently on different apps team overrides — give a specific team looser or stricter rules than the rest of the org real‑time guardrails on a wide range of actions page visits, form input, copy/paste, and file uploads/downloads status what happens allow the activity is permitted nothing is logged or blocked log only the activity is permitted but logged the person may see an informational notification, but they aren't stopped soft block maro intervenes when the activity is triggered — confirming it's a genuine match before stepping in hard block maro prevents the activity outright and immediately use this for the most sensitive cases where you don't want to wait quick fixes that help people self‑correct — automatic redaction of sensitive text, or redirecting them to an approved alternative when to use it use a custom policy when you need guardrails beyond ai chatbots, want different rules for different teams or apps, or need fine‑grained control over what's detected and what happens when it is for the full breakdown of how a custom policy is structured and how its rules are evaluated, see the configuring custom policies docid\ owbxsa8jkiuvfucrrpjda choosing between them just want to monitor ai chatbots quickly? turn on the ai chatbot policy need guardrails across other apps, per‑team rules, or finer control? build a custom policy both? run them together — that's a common setup