Neurocourse
Privacy when working with AI: what data you can safely share

Privacy when working with AI: what data you can safely share

7 min read

In short: the text you send an AI goes to the developer's servers and, by default, may be used to improve their models. Hence a simple rule: don't paste anything you're not prepared to see outside your own computer — passwords, identity documents, trade secrets, other people's personal data. Below: how it works and a practical checklist.

What happens to your request

When you type in the chat, your request is sent to the developer's servers, the model processes it there and returns an answer. Many services store the conversation by default and may use it to train future versions — unless you turn that off in settings. So your text isn't a private note "between you and a program on your laptop": it's data handed to an outside company.

Think before reading on: would you email this same text to a contractor you don't know? If the answer is "no", it doesn't belong in the chat either.

What you must never paste

  • Passwords, codes, access keys — for any reason.
  • Identity data — passport, card number, bank details.
  • Other people's personal data without their consent — names, phone numbers, medical details.
  • Trade secrets — non-public contracts, finances, your employer's source code, where company policy forbids it.

What is usually safe

  • Anonymised texts with names and specific figures removed.
  • Public information: articles, open data, study materials.
  • Your own drafts without sensitive detail — ideas, plans, practice emails.

The "anonymise" technique

Often it's not the whole text that's sensitive, just a few fields. Replace them with placeholders: instead of a real name, "Client A"; instead of an amount, "X"; instead of an address, "city N". The model works perfectly with a template, while the real data stays with you. You paste it back into the finished result by hand.

A word on the law — without tying it to one country

Handling personal data is governed by data-protection laws: in Europe that's GDPR, and many countries have their own equivalents. The gist is similar everywhere: people's personal data can't be passed to third parties without a legal basis and consent. Legally, an online AI is a "third party" — an external processor. That's why organisations write separate rules on what may and may not be sent to AI. If you work with other people's data, check your organisation's policy.

How to reduce risk: a checklist

  1. Check privacy settings. Many services have a "don't use my chats for training" toggle and a temporary-chat mode with no history.
  2. Anonymise whatever you can before pasting.
  3. Separate accounts: better not to mix personal and work.
  4. For strictly confidential material, confirm whether external AI is allowed at all, and consider enterprise versions with data guarantees.
  5. Remember hallucinations: a model can not only "hear too much" but also invent a fact — why, is in our article on AI hallucinations.

Do it now (3 minutes)

Open your AI service's privacy settings and find the option about using data for training and about chat history — decide what to keep on. If you're just getting comfortable, start with the beginner's guide to ChatGPT; and how to apply AI to work tasks without risking data is in AI for work: where to begin.

🧠Go deeper — in the courseNeural networks for beginners

FAQ

Can the company's staff see my chats?

At reputable services access is limited and governed by policy, but conversations are stored on their servers and may in some cases be reviewed (e.g. for safety or by legal request). So strictly secret material shouldn't go there.

Can I turn off my data being used for training?

Often yes: many services have such a toggle in privacy settings plus a temporary-chat mode that doesn't save history. Find these options and set them up before pasting anything important.

Is it safe to upload work documents?

It depends on the content and your employer's policy. Public and anonymised documents — usually yes. Contracts, finances and client data — only if company rules allow it, and preferably in an enterprise version of the service.

How do free and enterprise versions differ on privacy?

Enterprise/business tiers usually offer guarantees: no training on your data, isolation, compliance with data-protection standards. Free tiers more often use conversations to improve models unless you opt out.

What if I accidentally pasted personal data?

Don't panic: delete the message or the whole chat, and where possible request history deletion in settings. Going forward, enable a no-history mode and build the habit of anonymising before pasting.

Are local (offline) AI models more private?

Yes — a model running on your own computer doesn't send data out, which is maximum privacy. The trade-offs are weaker quality and the need for powerful hardware. For sensitive tasks this option is considered more and more often.

Do I need consent from the person whose data I process?

As a rule, yes. Data-protection laws (GDPR in Europe, local equivalents elsewhere) require a legal basis for passing personal data to third parties, and an external AI is a third party. When in doubt — anonymise or don't paste.