All templates
Company PoliciesPolicyUS edition

Social Media Policy template

A social media policy sets expectations for how employees' personal posting touches the company — confidential information, treatment of coworkers, speaking for the brand — and how official accounts are run. In the US it has to be written around a hard legal boundary: federal labor law protects employees who discuss wages, hours, and working conditions together, online included, and a policy that prohibits that is unlawful.

Free to use
US-focused
Updated 13 July 2026
UK version →

Most social media policies fail in one of two directions: so broad they illegally muzzle protected speech ("never post negatively about the company"), or so vague nobody can follow them. The workable policy protects what the company can lawfully protect — confidential information, coworkers, the brand's official voice — and explicitly leaves the rest alone.

This template gives you the rights carve-out up front, practical guidelines for personal use, the confidentiality rules, and the official-account rules, in language employees can actually apply on a Saturday night.

The template

Full text, ready to adapt.

Highlighted fields are placeholders — replace them with your organisation's specifics. A starting point, not legal advice.

Social Media Policy

Policy · Company Policies

1. Purpose and scope

This policy covers personal social media use that touches {{org.name}} — mentions of the company, coworkers, customers, or our work — and the operation of official {{org.name}} accounts. Purely personal posting that has nothing to do with the company is not this policy's business.

Nothing in this policy creates a contract of employment or changes at-will status — and nothing in it will be applied to restrict the rights protected by federal labor law, described next.

2. Your rights come first

Federal labor law protects employees who discuss or act together on wages, hours, and working conditions, including on social media. Nothing in this policy prohibits or penalizes: discussing pay, schedules, or conditions with coworkers; criticizing management or company decisions as part of raising shared concerns; or organizing with coworkers. If any line in this policy seems to conflict with those rights, the rights win, and the line is read narrowly.

What this means in practice: {{org.name}} does not discipline anyone for the protected substance of a post — and managers do not decide alone what is protected. Any concern about an employee's post goes to [HR / name/role] before anyone acts on it.

3. Personal use — the guidelines

  • Make clear opinions are your own when you identify yourself as {{org.name}} staff and post about our industry — "views my own" in a bio, or the equivalent in the post.
  • Do not share confidential business information: [customer and employee personal data, unreleased products or plans, pricing and financials, security details, anything covered by an NDA]. Your own pay and working conditions are yours to discuss — they are not company confidential information.
  • Do not harass, threaten, or discriminate against coworkers online; [the anti-harassment policy] applies between employees on social media exactly as it does at work.
  • Do not speak for {{org.name}} unless authorized — no statements presented as the company's position, no answering press inquiries or customer complaints on its behalf.
  • If you post about our products or promotions, say that you work here — honesty about the affiliation protects you and the company.
  • Get consent before posting photos or video of coworkers or customers taken at work, and check the background before posting from the workplace — [whiteboards, screens, customer information, security features] end up online by accident, not malice.
  • Posting on your own time and devices is generally your affair; posting during work time follows [the IT acceptable use policy].

4. Official {{org.name}} accounts

  • Only [authorized roles] post from official accounts, under [the brand and approval process at location].
  • Credentials live in [password manager/system], owned by [role], and are revoked the day someone leaves the role.
  • Customer complaints, press inquiries, and legal threats arriving on official accounts are routed to [name/role] rather than answered ad hoc.
  • Mistakes on official accounts are corrected openly and quickly — deletion without acknowledgment usually makes it worse.
  • Official accounts never comment on employees, employment disputes, or individual customers — the brand voice is for the business, not for arguments.

5. When something goes wrong

If you post something you should not have — confidential information, or something that reads as the company's voice — take it down and tell [name/role] the same day. Early honesty is treated very differently from discovery.

Concerns about an employee's post — from a manager, coworker, or customer — go to [HR / name/role], who answers the protected-activity question first and then handles any genuine violation under [the progressive discipline policy].

6. Records and review

The official-account register, authorizations, and any investigation records are kept at [system/location] for [period]. This policy is reviewed [frequency, e.g. annually] and whenever the law shifts under it — enforcement positions in this area change, so check nlrb.gov guidance at each review.

Owner: [name/role]. Next review due: [date].

Make it yours

How to adapt this template.

1

Resist the urge to add "do not disparage the company" — overbroad rules like that are the classic unlawful finding; protect specifics instead: confidential data, coworkers, the brand's official voice.

2

Fill in the confidential-information list with your actual categories, and keep pay and working conditions explicitly off it.

3

Route every proposed social-media discipline through [HR / counsel] with the protected-activity question asked first, in writing.

4

Check your state's off-duty-conduct and account-privacy laws before rollout — several states go beyond the federal baseline.

5

Cover this policy in onboarding with real examples — the protected post, the confidential leak, the accidental company statement — because the rules only help people who can tell them apart.

6

Audit the official-account register [quarterly]: who holds credentials, who has left, and which accounts have gone quiet.

A document is not a system

Turn this template into trained, proven behaviour

A policy in a drawer proves nothing. In TrainedTeam this template becomes assigned training with knowledge checks, e-signature acknowledgments, version history, and an audit-ready record of who completed what, when.

Social Media Policy template FAQs

Can we discipline an employee for a negative post about the company?

Sometimes — and the exceptions are exactly where employers get into trouble. If the post is part of discussing wages, hours, or working conditions with or on behalf of coworkers, it is likely protected concerted activity under federal labor law, even when it is public and harsh. Genuine violations — leaking confidential data, harassing a coworker — are different. Get the protected-activity question answered before acting, not after.

Can the policy prohibit employees from discussing their pay?

No. Pay discussion between employees is core protected activity under the NLRA for covered employees, and a policy or manager instruction against it is unlawful. This template says the opposite explicitly, which is the safest drafting position.

Can we require access to employees' personal accounts?

Many states prohibit requiring or requesting passwords or access to personal accounts, and it is a bad idea everywhere. This policy governs what touches the company; it does not entitle anyone at {{org.name}} to look inside personal accounts.

Does the policy apply to posts made outside work hours?

Only where the post touches what the policy lawfully protects — confidential information, harassment of coworkers, speaking for the company. Lawful personal expression on personal time is outside its scope, and some states protect off-duty conduct explicitly. The policy is a fence around the company's legitimate interests, not around employees' lives.

What should a manager do about a coworker's troubling post?

Send it to [HR / name/role] and do nothing else — no comment, no confrontation, no screenshot circulated to the team. The first question is always whether the post is protected activity, and that is not a call a manager makes alone in the moment. If the post harasses a coworker or leaks confidential information, the dedicated policies take it from there.