diff --git a/index.md b/index.md
index 77adfc2..626aa15 100644
--- a/index.md
+++ b/index.md
@@ -22,6 +22,7 @@ These sections describe the hub service at an organizational level.
 :caption: About the service
 about/service/index
 about/infrastructure/index
+policy/index
 about/support/index
 about/sustainability/index
 about/strategy/index
diff --git a/policy/acceptable-use.md b/policy/acceptable-use.md
new file mode 100644
index 0000000..ec37204
--- /dev/null
+++ b/policy/acceptable-use.md
@@ -0,0 +1,33 @@
+# Acceptable Use Policy
+
+:::{admonition} This is not a legal document
+:class: warning
+This document is provided to set expectations and understanding about 2i2c's cloud infrastructure service.
+It is not legally binding.
+:::
+
+This document describes a few expectations that we have of anybody using a 2i2c Managed Infrastructure. They are guidelines to ensure that the infrastructure is used in a responsible and safe manner for all.
+## Terminology
+
+2i2c Managed Infrastructure: Any web service, program, or cloud infrastructure that 2i2c manages on behalf of a user’s community.
+
+## Acceptable Use Policy
+
+This policy does not nullify any part of the Acceptable Use Policies that apply to your community (e.g., university Acceptable Use Policies).
+In addition you must comply with the policies and guidelines for any specific set of resources to which you have been granted access (e.g., policies from Cloud Providers).
+When other policies are more restrictive than this policy, the more restrictive policy takes precedence.
+
+- You may use only the 2i2c Managed Infrastructure and accounts for which you have authorization.
+- You may not use another individual's account, or attempt to capture or guess other users' passwords.
+  You may not enable unauthorized users to access infrastructure managed by 2i2c by providing them access to your account.
+- You are individually responsible for appropriate use of all resources provided to you, including your interactive computing session, networking infrastructure on your hub, and the software and hardware you use.
+- 2i2c is bound by its contractual and license agreements respecting certain third party resources; you are expected to comply with all such agreements when using such resources.
+- You should make a reasonable effort to protect your passwords and to secure resources against unauthorized use or access.
+  Where applicable you must configure access to other cloud services or data in a way that reasonably prevents unauthorized users from accessing them.
+- You must not attempt to access restricted portions of the network or any 2i2c Managed Infrastructure without appropriate authorization by a 2i2c engineer.
+- You must not attempt to use 2i2c Managed Infrastructure for the purposes of [mining cryptocurrencies](https://en.wikipedia.org/wiki/Cryptocurrency#Mining) unless explicitly given permission by a {term}`Community Representative` for research purposes.
+- You must not use 2i2c Managed Infrastructure and/or network resources in conjunction with the execution of programs, software, processes, or automated transaction-based commands that are intended to disrupt (or that could reasonably be expected to disrupt) other computer or network users, or damage or degrade performance, software or hardware components of a system.
+- Do not use the 2i2c Managed Infrastructure to distribute or facilitate the sending of unsolicited or unlawful (i) email or other messages, or (ii) promotions of any kind;
+- Do not use the 2i2c Managed Infrastructure to engage in or promote any other fraudulent, deceptive or illegal activities.
+- Do not use the 2i2c Managed Infrastructure to process, store or transmit material, including any Customer Data, in violation of any Law or any third party rights, including without limitation privacy rights;
+- Do not use the 2i2c Managed Infrastructure in any circumstances where failure could lead to death, personal injury or environmental damage, and you further acknowledge that the 2i2c Managed Infrastructure is not designed or intended for such use.
diff --git a/policy/code-of-conduct.md b/policy/code-of-conduct.md
new file mode 100644
index 0000000..b22db0f
--- /dev/null
+++ b/policy/code-of-conduct.md
@@ -0,0 +1,3 @@
+# Code of Conduct
+
+See [2i2c's code of conduct](tc:code-of-conduct.md) for our Code of Conduct.
diff --git a/policy/index.md b/policy/index.md
new file mode 100644
index 0000000..9b6a1fd
--- /dev/null
+++ b/policy/index.md
@@ -0,0 +1,10 @@
+# Policies
+
+We have a few policies for both 2i2c and the communities that we work with.
+These describe the expectations and rules around the service.
+
+```{toctree}
+code-of-conduct
+acceptable-use
+privacy
+```
diff --git a/policy/privacy.md b/policy/privacy.md
new file mode 100644
index 0000000..eeb21aa
--- /dev/null
+++ b/policy/privacy.md
@@ -0,0 +1,27 @@
+# Privacy Policy
+
+:::{admonition} This is not a legal document
+:class: warning
+This document is provided to set expectations and understanding about 2i2c's cloud infrastructure service.
+It is not legally binding.
+:::
+
+## Summary
+
+2i2c does not retain any identifiable information about its users or the information they create or place in the infrastructure we run.
+We require _access_ to the information our infrastructure while it is running, but do not retain this information when we stop working with a community.
+
+## While we run infrastructure
+
+- 2i2c's engineering team requires access to the filesystems of any user on our infrastructure for debugging and maintenance purposes.
+  - We do not retain or share this information for any purpose.
+- 2i2c may have access to personally-identifiable information that is used for _authenticating_ users (e.g. e-mail log-ins).
+  - We do not retain or share this information for any purpose.
+- We do not change or delete any user data on a hub without the consent of the hub's {term}`Community Representative`.
+- We collect aggregate statistics about general _usage_ of the infrastructure for monitoring and alerting purposes (e.g., number of active users each hour).
+
+## After we stop working with a community
+
+- When we stop working with a community, we will delete all information, data, etc that was contained within the community's infrastructure.
+- We do not retain any identifiable information that was provided as part of running a community's infrastructure.
+- The community retains access to their own cloud and data infrastructure, and we will give up our own access.
diff --git a/requirements.txt b/requirements.txt
index 904f3c8..abc99d0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,7 +6,7 @@ requests
 sphinx
 sphinx-autobuild
 sphinx-copybutton
-git+https://github.com/2i2c-org/sphinx-2i2c-theme
+sphinx-2i2c-theme --pre
 sphinx-design
 sphinxext-rediraffe
 tabulate