One-Person AI Approval Ladder
A specialised ebook for owner-operators who want AI help without letting bots publish, spend, delete, or promise on autopilot.
Quick start: the 20-minute setup
1. Write down the five AI tasks you repeat most often. 2. For each task, ask: could this spend money, publish publicly, touch customer data, delete work, or make a promise? 3. Place each task on Level 0–5 below. 4. Copy the matching approval rule into your SOP. 5. Review the ladder every month or after any mistake.
The approval ladder at a glance
| Level | Name | AI may do | Human approval required before |
|---|---|---|---|
| 0 | Private scratchpad | Draft, summarise, brainstorm | Nothing external |
| 1 | Internal helper | Create internal files and checklists | Sharing outside your workspace |
| 2 | Reversible operator | Prepare records, tags, drafts, QA notes | Publish, send, charge, delete |
| 3 | Public-facing drafter | Draft product pages, emails, support replies | Anything customer-visible |
| 4 | Sensitive workflow assistant | Handle personal data, refunds, promises, access changes | Every material action |
| 5 | Human-only zone | Payments, legal commitments, account settings, irreversible deletion | Always human-only |
Part 1 — The five risk questions
Before you automate a task, answer these questions in plain language:
1. **Visibility:** who can see the output if the AI gets it wrong? 2. **Money:** can the action spend, refund, invoice, discount, or change price? 3. **Access:** can the action grant, revoke, expose, or modify access? 4. **Promise:** can the action create an expectation you must honour? 5. **Recovery:** can the action be undone quickly without customer harm?
If two or more answers feel uncomfortable, move the task at least one level higher.
Part 2 — The 31 decision rules
Level 0: Private scratchpad rules
Rule 1 — Ideas may be messy. AI can brainstorm names, outlines, product angles, subject lines, and internal options without approval when nothing is published.
Rule 2 — Facts need a source. If an output includes dates, prices, laws, health claims, benchmarks, or market claims, mark it as unverified until checked.
Rule 3 — No secret pasting. Do not paste API keys, passwords, private customer details, or full payment records into general AI chats.
Rule 4 — Keep drafts labelled. Put DRAFT, INTERNAL, or REVIEW NEEDED at the top of unfinished AI-generated files.
Rule 5 — Delete weak drafts quickly. If a draft is confusing, inaccurate, or too generic, discard it rather than polishing noise.
Level 1: Internal helper rules
Rule 6 — Internal checklists are allowed. AI may create SOPs, QA lists, naming systems, and folder structures for internal use.
Rule 7 — Use examples, not credentials. Replace live names, tokens, addresses, and order IDs with safe examples before asking for help.
Rule 8 — Human owns priorities. AI may suggest task order, but the owner decides what matters this week.
Rule 9 — File writes need scope. AI may create new internal files only in the agreed project folder, not anywhere on the server.
Rule 10 — Summaries must preserve uncertainty. If source material is incomplete, the AI summary must say what is missing.
Level 2: Reversible operator rules
Rule 11 — Draft records are okay. AI may prepare product records, spreadsheet rows, tags, internal notes, and QA reports when they are reviewable.
Rule 12 — Reversible is not harmless. Even if something can be undone, require review if it affects customers or public pages.
Rule 13 — One output, one owner. Every AI-prepared record needs a human or system owner who can answer questions later.
Rule 14 — Keep a rollback note. Any automation that modifies files should record what changed and where the backup or previous state lives.
Rule 15 — Test before live. Run local previews, validators, or dry runs before touching production data.
Rule 16 — Verify the destination. Before an AI writes, uploads, or exports, check the exact folder, URL, account, or shop.
Level 3: Public-facing drafter rules
Rule 17 — AI may draft, not promise. It may draft product copy, emails, and posts, but claims about delivery, refunds, results, warranties, or guarantees need human review.
Rule 18 — No fake proof. Do not invent testimonials, sales numbers, screenshots, certifications, or customer stories.
Rule 19 — Tone check before send. Customer-facing AI text should be checked for blame, exaggeration, hidden pressure, and confusing conditions.
Rule 20 — Public pages need a final gate. Product pages, shop announcements, and policy pages require a human or pre-approved QA gate before publication.
Rule 21 — Use plain disclaimers. If a product teaches business, money, education, wellbeing, or relationships, include a simple scope disclaimer.
Rule 22 — Keep support paths visible. Any public automation that sells or delivers files should make file-access support clear.
Level 4: Sensitive workflow assistant rules
Rule 23 — Personal data stays minimal. Use only the minimum customer/order data needed to solve the issue.
Rule 24 — Refunds require review. AI may draft refund analysis and response options, but should not issue refunds or deny them automatically.
Rule 25 — Access changes require confirmation. Granting, revoking, resetting, or exposing customer access is never silent autopilot.
Rule 26 — Escalate angry or vulnerable messages. If a customer is distressed, threatening, confused about money, or sharing sensitive details, human review comes first.
Rule 27 — Keep an audit trail. Sensitive workflows need timestamped notes: input, AI suggestion, human decision, action taken.
Rule 28 — Narrow the tool. Give AI the smallest permission needed: read-only before write, draft before send, one folder before whole drive.
Level 5: Human-only zone rules
Rule 29 — No autonomous spending. AI must not buy tools, run paid generation, increase ad spend, or subscribe to services without explicit current approval.
Rule 30 — No autonomous commitments. AI must not sign contracts, accept legal terms, change tax settings, promise guaranteed outcomes, or negotiate binding agreements.
Rule 31 — No autonomous destruction. AI must not delete production databases, remove backups, close accounts, or wipe customer records without explicit current approval and a rollback plan.
Part 3 — The approval ladder worksheet
Copy this table for each AI workflow you want to use.
| Workflow | Draft level | Final level | Why | Review gate | Rollback/check |
|---|---|---|---|---|---|
| Example: product description draft | 1 | 3 | Customer-visible claims | Owner reads before publish | Preview page + copy backup |
| Example: support reply draft | 1 | 4 | Customer issue + policy | Owner approves send | Ticket note |
| Example: internal blog ideas | 0 | 0 | Private brainstorming | None | Delete weak ideas |
| Example: price change suggestion | 1 | 5 | Money impact | Owner-only | Export previous price |
| Your workflow 1 | |||||
| Your workflow 2 | |||||
| Your workflow 3 |
Part 4 — Three small SOPs you can paste today
SOP A: AI-created product draft
1. AI may create title, subtitle, tags, description, gallery text, and FAQ draft. 2. AI must not publish externally or change payment settings. 3. Owner checks claims, refund wording, file links, and preview page. 4. Owner approves publication or sends back corrections. 5. Final package includes a quick-start guide, disclaimer, and support note.
SOP B: AI-assisted customer support
1. AI may summarise the customer issue and draft two response options. 2. AI must not invent policy, blame the customer, or promise refunds/access. 3. Owner checks order status and policy. 4. Owner sends or edits the message. 5. Save a short note: issue, decision, response sent.
SOP C: AI file maintenance
1. AI may list files, create new draft files, and package approved deliverables. 2. AI must not delete, overwrite, or move live files without a named backup. 3. Run a small verification: file exists, ZIP opens, URL returns 200. 4. Save a run note with changed paths and verification result.
Part 5 — Monthly review
Ask these questions once a month:
- Which AI task saved real time? - Which output needed the most correction? - Did any automation get close to spending, publishing, deleting, or promising? - Are permissions narrower than last month? - Is every public-facing workflow still easy to pause?
If you cannot pause a workflow quickly, it is too powerful for a one-person shop.
Closing principle
A tiny business does not need reckless automation. It needs useful leverage with visible brakes. The best AI workflow is boring in the right places: clear permissions, small steps, human review for money and promises, and logs that make recovery possible.