Most people who use AI tools daily have never read the privacy policy of a single one of them. That’s not a criticism — privacy policies are deliberately unreadable. But there are a handful of things worth knowing that don’t require reading forty pages of legal text.
This isn’t a paranoid guide to avoiding AI entirely. It’s a practical breakdown of what data these tools collect, where the real risks sit, and what you can do about it without making your workflow unusable.
What AI Tools Actually Collect
When you type a prompt into ChatGPT, Claude, or Gemini, that conversation typically gets stored. How long, for what purpose, and whether it gets used to train future models depends on the specific platform and your account settings — but the default assumption should be that what you type is being retained somewhere.
For most casual use, this is a non-issue. For anything involving sensitive information — client data, financial details, confidential business strategy, personal medical situations — the default settings on most AI tools are not appropriate.
The Three Categories of Risk
Professional confidentiality. Lawyers, doctors, accountants, and anyone handling client information under a duty of confidentiality face real exposure if they paste sensitive client details into a consumer AI tool. Several firms have already dealt with the consequences of employees doing exactly this. The risk isn’t hypothetical.
Business-sensitive information. Competitive strategy, unreleased product details, internal financial data, personnel decisions — these categories warrant caution regardless of your specific industry. Once information enters a third-party system, you’ve lost control over how it’s handled.
Personal data. Pasting CVs, identity documents, medical records, or personal financial information into AI tools is a habit worth examining. The convenience is real. So is the exposure.
What You Can Actually Do About It
Turn Off Training Data Contributions
Both ChatGPT and Claude offer settings to opt out of having your conversations used for model training. This doesn’t make conversations disappear entirely, but it removes them from the training pipeline.
In ChatGPT: Settings → Data Controls → toggle off «Improve the model for everyone.» In Claude: Settings → Privacy → review data usage options.
Takes thirty seconds. Worth doing before the next time you type something sensitive.
Use Temporary or Incognito Sessions
ChatGPT offers a temporary chat mode that doesn’t save conversation history. Claude’s interface has equivalent options depending on platform. For sessions involving anything you’d rather not have stored, these modes reduce retention without requiring you to change tools entirely.
Consider Local or Enterprise Alternatives
For genuinely sensitive work, the architecture that solves the problem most completely is one where data doesn’t leave your environment. Tools like Ollama let you run open-source language models locally on your own machine — nothing gets sent to an external server because there isn’t one involved.
Enterprise versions of ChatGPT and Claude (available on business plans) include contractual data handling commitments that consumer versions don’t. If your organisation uses AI at scale, this is worth examining.
A Reasonable Baseline
You don’t need to treat AI tools like classified document handlers. For most everyday tasks — drafting content, answering questions, summarising publicly available information — the privacy considerations are minimal.
The habit worth building is a quick mental check before pasting anything: would I be comfortable if this information appeared somewhere I didn’t expect? If the answer is no, either rephrase to remove the sensitive details or use a tool with stronger privacy controls.
That one question, applied consistently, covers most of the real risk without making AI tools impractical to use.