Sending data to AI is like telling a story to a coffee shop barista — the story doesn’t vanish. It may be remembered, passed along, and sometimes used to train the next version of the AI.
Simple test: If you wouldn’t post it on Facebook, don’t send it to AI.
Never send this data
1. Personally Identifiable Information (PII)
- National ID, passport numbers
- Credit card numbers, bank accounts
- Passwords, API keys, 2FA codes
- Home address paired with real name
- Private phone numbers (unless essential)
2. Data that isn’t yours
- Other people’s info without their consent (e.g. dumping a client list into AI to sort)
- Confidential business documents / NDA material
- Someone else’s medical reports
- Conversations people expected to be private
3. Combined identifying data
- Real name + birthday + workplace + photo = pinpoint identification
- Individually fine, combined it’s your “profile”
Data that’s usually safe
- General questions, opinions, creative writing
- Code without API keys or passwords
- Public information (articles, news)
- Your own data you’re willing to share (non-PII)
- Anonymized data (names → A, B, C; numbers → fake)
How each AI service handles your data
| Service | Stores conversations? | Uses for training? | Opt-out available? |
|---|---|---|---|
| ChatGPT Free | Yes | Yes (unless opted out) | Settings → Data Controls → disable “Improve the model” |
| ChatGPT Plus/Pro | Yes | No (default off) | — |
| Claude (web + API) | Short-term | No (unless opt-in) | — |
| Gemini | Yes | Yes | myactivity.google.com → delete history |
| Copilot (GitHub) | Stores code snippets | Yes (public repos) | Enterprise plan = opt-out |
Rule of thumb: On free tiers, assume everything might be used for training — pay for pro if the data matters.
Local AI — the privacy-focused alternative
Run models on your own machine with Ollama. Nothing leaves your hardware, but you need a GPU and smaller models than the cloud (less capable).
Fits when:
- Highly sensitive data (legal, medical, business secrets)
- You’re privacy-paranoid (reasonable, not paranoid)
- Dev experimenting with prompts without API costs
Doesn’t fit when:
- You need top-tier quality (GPT-4/Claude level)
- You’re not comfortable with the command line
5 Pro Tips
- Separate workspaces — don’t use one account for personal and work conversations; switch accounts or create separate projects
- Anonymize before sending — “Customer A” instead of real names, “Company X” instead of actual names
- Delete conversations — clear them after you’re done (ChatGPT, Gemini both have buttons)
- Don’t grant AI access to email/calendar unless necessary — some plugins request overly broad scopes
- Read the privacy policy — if a new app doesn’t have a clear policy, don’t use it
Summary
AI is smart and useful, but it’s a service someone else runs — the data you send is data that might be seen, stored, or used to train future models.
One rule to remember: Wouldn’t post it on Facebook = don’t send it to AI.
For truly sensitive content, use Local AI instead.