How to Vet an AI Tool Before It Goes Near a Client

The Problem With Every AI Tool List

Most articles about AI coaching tools give you a list. Some tools, some features, usually a pricing table, often a star rating from a software review site. What they do not give you is a reason to trust anything on that list - or a way to decide when a new tool appears next month.

The deeper problem is structural. A tool list hands you verdicts without the reasoning behind them. You learn one product scored 4.8 and another 4.6, but not what was measured, by whom, or against what standard. When the next tool arrives, you are back to reading marketing copy and trusting a star rating. A vetting test fixes this by teaching the reasoning instead of the verdict - run the same test on every tool, and the judgment transfers. That is also why this article never names a winning product: the moment a coaching authority starts ranking software brands, it becomes a tech reviewer, and the question that matters - is this safe to use with a client - gets buried under feature comparisons.

So be clear about what this is not. Not a product review, not a compliance checklist only a lawyer can read. It is a practitioner instrument: a test a working coach can run in roughly fifteen minutes with a vendor's privacy policy open in another tab. For the wider map of where AI fits in a practice, the guide to where AI belongs in your practice sets the context this test sits inside.

The criteria are not invented. They come from ICF's own language - the Code of Ethics, specifically Standard 2.5 and the confidentiality obligations in Section 4, and the data and technology domain of the ICF AI Coaching Framework. Those documents already tell a credentialed coach most of what they need to know about putting a tool near a client; what has been missing is a way to read them as a vetting checklist. The question is not whether AI tools belong in a coaching practice - some clearly do. The question is whether the tool in front of you is one of them. Here is how to find out.

The Four Questions Every AI Tool Needs to Answer

The vetting test is four questions, asked in order. Each one can either end the evaluation or pass it forward. You are not scoring a tool on a hundred-point scale - you are checking whether it clears four specific bars, and a tool that fails one does not get to the next. No technical background required: a vendor's privacy policy and terms of service are enough.

Question 1: Where does the data live, and who can access it?

Every AI tool creates a copy of something - a note-taker holds a transcript, a scheduling assistant holds your client list, a writing tool holds whatever you paste in. The first question is where that copy physically sits and who can reach it.

Data residency is the country or region where your session content is stored and processed. It matters because the law that protects that data is the law of the place it lives - a transcript stored in one jurisdiction is subject to that jurisdiction's law enforcement access and court orders. If your client is in the EU and expects EU-level protection, a tool that quietly stores everything in a region with weaker rules has created a gap between what the client assumes and what is true.

Look for a named cloud region rather than a vague country, a published list of subprocessors, and a clear statement of who inside the vendor can access session content, then ask directly for the Data Processing Agreement. Pass: the vendor names where data lives and can produce a DPA. Fail: vague "we take security seriously" language, or servers in jurisdictions the coach cannot account for.

A tool list tells you which product won. A vetting test tells you why - and the why is the only part that survives the next product cycle.

Question 2: Can the vendor train their AI model on your data?

This is the question most coaches never think to ask, and the one most likely to fail quietly. Many AI tools, especially on free trials and default settings, reserve the right to use the content you feed them to improve their own models. For a coaching practice, that means session transcripts - confidential client content - potentially becoming training data for a system you do not control.

Look in the Terms of Service or Data Processing Agreement for a model-training opt-out, or better, a default opt-out; the cleanest version is an explicit contractual prohibition. Pass: default opt-out, or a contractual ban on training use. Fail: training permitted by default, an opt-out that is buried or absent, or "aggregated and anonymized" offered as reassurance - that last one is a flag, not a pass, because a transcript with names stripped out can still contain a client's identifying situation. Watch the wording: a policy that says it may use "interaction data" to improve the service is describing confidential session content, not the anonymous usage analytics the phrase implies. Ask whether interaction data includes transcripts. If yes, with no opt-out, the evaluation ends.

Question 3: Does the tool touch the conversation or only the workflow?

This is the gate question, and it changes the height of the bar. Your practice has two layers: the conversation itself - the session, the client, the relationship - and everything around it - scheduling, invoicing, your CRM, follow-up emails, your own reflective practice. Which layer a tool sits in decides how hard it has to be vetted.

If the tool is purely back-office - never sees session content, never joins a call, never produces output during the conversation - the bar is confidentiality. Run it through Questions 1, 2, and 4 and you are done. If the tool is in the session or adjacent to it - transcribing live audio, a bot joining the call, generating notes while you coach - the bar rises. It now also has to clear the ICF Core Competencies and the disclosure expectations of Standard 2.5.

For an in-session tool, two further tests apply. Whether it supports the coaching or quietly stands in for part of it is its own evaluation; the competency line that applies when a tool enters the session itself works that through in full. And a recording tool's confidentiality mechanics deserve their own scrutiny - the note-taker confidentiality trap is one of the first tests you will run if you are evaluating anything that records. Question 3 does not pass or fail a tool by itself; it tells you which test the tool now has to pass.

Question 4: What does the client know, and what did they agree to?

The first three questions cover the data. They do not cover the client. A tool can clear Questions 1, 2, and 3 - clean residency, no training use, back-office only - and still fail here, because the client who agreed to be coached by you did not agree to a third-party service holding a record of what they said.

This is where the technical decisions sit back down inside a relationship. The confidentiality obligation is not discharged by the tool being secure. It is discharged by the client knowing what they consented to. A coach who vets a tool perfectly on the data and skips the consent conversation has done the easy three-quarters of the test.

The ICF Code of Ethics is explicit. ICF Code of Ethics Standard 2.5 states that a coach will "be aware of and set clear, appropriate, and culturally sensitive boundaries that govern interactions, physical or otherwise, that I may have with my clients or sponsors." Section 4, on confidentiality, requires the coach to "have a clear agreement about how coaching information will be exchanged among coach, client, and sponsor." A new AI tool changes who holds the information and how it is exchanged - exactly the thing the Code says must be agreed upon, not assumed. The ICF AI Coaching Framework (November 2024) makes the same point in its data and technology domain: coaches are expected to understand how client data is collected, stored, and used, and to be transparent about it.

Pass: the tool is disclosed in the coaching agreement, the client has given explicit consent, and a re-consent mechanism exists for new tools. Fail: the tool was adopted after the agreement was signed with no re-disclosure, the client was never told a recording is running, or "they agreed to our coaching agreement" is treated as consent to a tool the agreement never mentions. For the agreement wording itself, Standard 2.5 disclosure requirements covers it in full.

That is the four-question test. The free AI for Coaches course puts all four into a worked checklist, cross-referenced to the ICF documents each one comes from, so you can run the test as a repeatable instrument rather than from memory.

Two Certifications That Help (Within Limits)

You cannot audit a software vendor's security architecture yourself, and you should not try. Two certifications act as shorthand for "an independent party has already done that audit." When a vendor holds them, part of the work is done - part, not all.

SOC 2 Type II means the vendor's data security controls were audited against defined criteria by an independent third party, and passed - not in a single snapshot, but over a sustained period of months. (A SOC 2 Type I report is a point-in-time check; Type II shows the controls held over time.) Built by the AICPA, it gives customers who cannot run their own audit an independent signal, and a current report is a meaningful baseline for a tool that will hold client session content. ISO 27001 is an information security management standard, common in enterprise contexts and among European vendors; where SOC 2 audits a set of controls, ISO 27001 certifies that the vendor runs a systematic, documented, ongoing approach to managing information security.

Now the limits, because this is where coaches over-trust the badge. Neither certification tells you where your data is stored, whether the vendor trains a model on your content, or whether client consent has been obtained. They answer one question - "is this vendor professionally serious about security?" - and answer it well. They do not answer Questions 1, 2, or 4. Use them as a baseline screen, never a vetting shortcut. A vendor who can produce neither for a tool that handles coaching data is a yellow flag, not an automatic disqualifier - a signal to scrutinize Questions 1 and 2 harder.

What Vetting Looks Like: A 15-Minute Example

The four questions are abstract until you watch them run. Take a generic tool - a hypothetical AI note-taker that joins your video call, transcribes the session, and emails you a summary - and run the full test. What most coaches have before adopting one is a website describing the product as "AI-powered coaching session notes," a free trial, and a 4.8-star rating on a review site. That is the entire evaluation. Here is what the vetting test adds in fifteen minutes.

Question 1. The privacy policy says "US-based infrastructure" and stops there - no region, no cloud provider, no subprocessors named. Email the vendor for a Data Processing Agreement and confirmation of where transcripts are stored. If they cannot produce a DPA, that silence is the answer.

Question 2. The Terms of Service say "we may use your data to improve our service" - a training-use flag. Ask whether that includes using session transcripts to train or fine-tune models, and whether you can opt out. A vendor who cannot answer clearly has not thought it through. Ambiguity here is a fail.

Question 3. This tool joins the call as a bot, which puts it squarely in the session, not the back-office. The bar rises: it now also has to clear the competency and disclosure checks, which means explicit disclosure to the client before the first session it runs in.

Question 4. The coaching agreement says "sessions may be recorded for coaching supervision purposes." That covers recording. It does not cover a third-party AI service with its own data policies, servers, and retention rules. The client agreed to a recording held by their coach for supervision; they did not agree to a separate company holding a transcript. The agreement needs an AI tool addendum before this note-taker is switched on.

The confidentiality obligation is not discharged by the tool working. It is discharged by the coach being able to account for the client's data to the client's satisfaction.

The verdict: conditional pass. This tool can be adopted once three conditions are met - the vendor confirms data residency and provides a DPA, the vendor confirms no training use or provides a documented opt-out, and the coaching agreement is updated to name the tool and obtain explicit consent. None of those are unreasonable, and a responsible vendor can satisfy every one. The test did not reject the tool; it surfaced the work that adoption actually requires. Most coaches running this for the first time will find at least one condition they have not met - the agreement that never mentioned AI, the free-trial setting nobody checked. That is the test doing what it exists to do. Which raises the more encouraging question: what happens when a tool clears all four cleanly?

When a Tool Clears the Test

This test is not an argument against AI tools. It is an argument for vetted ones. A tool that clears all four questions is a confident yes - not a grudging maybe, not a permanent suspicion - and the endorsement is the reward for running the test properly.

A vetted tool comes with one standing operating procedure: the coaching agreement reflects it, and the client knows. That is not a quarterly re-review burden. Once a tool is vetted and the agreement names it, it stays a stable part of your practice until the tool's policies or your practice change. Here is what that confident yes makes possible:

• An AI note-taker that clears the test can return the fifteen minutes most coaches spend writing up session notes after each call. Across a full client load, that is real recovered time.
• A back-office AI writing tool can draft proposal language, follow-up emails, and resource summaries. Those back-office tools face the same criteria, run through the same four questions, with the bar set at confidentiality rather than in-session competency.
• A reflective-practice AI tool - structured prompt sessions you run on your own practice between supervision meetings - can extend the development work you already do, without ever entering a client session.

None of those uses require the tool to be in the room with a client, and none substitute for a Core Competency. The test is not a gate that keeps AI out of your practice; it is what lets you bring AI in without having to hope it was a good idea.

What the Test Cannot Do

A test that claims to handle everything is not trustworthy. The four-question test has clear limits, and naming them is part of using it well.

It cannot guarantee a vendor maintains today's policies - an acquisition, a new investor, or a strategy shift can move the terms. The test is a point-in-time check; coaches working with enterprise vendors should add a policy-change notification clause to the Data Processing Agreement. It cannot tell you whether a tool is actually useful for coaching, either - the test filters for ethical and data safety, and whether a tool genuinely improves your practice is answered only by trying it, ideally in a low-stakes context first.

It also cannot substitute for legal counsel. This article is education, not legal advice. Coaches with clients in the EU, in regulated industries, or under corporate EAP contracts face data protection requirements - GDPR, HIPAA-adjacent rules, contractual data terms - that go beyond what four questions can capture. In those contexts, treat the test as a starting point and bring in your data processor or legal counsel.

What the test does is narrow but real: it prevents a coach from adopting a tool without having asked the right questions. Most vetting failures happen not because the answers were wrong but because the questions were never asked - the free trial that became permanent, the agreement that never got updated, the setting nobody checked. The test asks them.

Run the Test Today: One Tool, Four Questions

Before you finish reading anything else about AI tools, pick the one tool you have been most tempted to try. Open its privacy policy and run Question 1: where does the data live, and who can access it? Open its Terms of Service and run Question 2: can they train on it? If you cannot find those two answers in thirty seconds, that tells you something - a vendor who buries its data policy does not want you to find it. Then Question 3: does this tool touch the conversation, or only the workflow around it? And Question 4: pull up your coaching agreement and check whether it would survive a client asking "who else has a copy of our session?"

The free AI for Coaches course is where this becomes a practice rather than a one-off. Module 2 walks the four vetting criteria across every part of a coaching practice - admin, notes, in-session support, reflective tools - with worked examples and a print-and-use version of the test cross-referenced to the ICF standards each question comes from. It will not tell you which products to buy; it will leave you able to decide that for yourself, every time. Start when you're ready.

Pick the tool. Open the policy. Run Question 1.

Frequently Asked Questions