Before you paste that customer list into a public chatbot - where does that text actually go?
An employee pastes a confidential contract into a free consumer chatbot to “just summarize it.” On some consumer tiers, inputs can be retained and reviewed to improve the model. That contract now sits outside company control. Treat a public AI tool like a postcard - assume someone could read it.
What happens to your data
1. Consumer vs enterprise tiers
Consumer/free tools may retain your inputs and, depending on settings, use them to improve models. Enterprise/approved tools usually carry “no-training” agreements, data deletion, and access controls.
2. What counts as sensitive
PII (Personally Identifiable Information), secrets, and confidential business data should never go into an unapproved tool.
3. The rules exist for a reason
Laws such as GDPR and CCPA govern personal data, and mishandling carries real penalties. You’ll go deeper on this in the Legal/Risk path.
Safe patterns
- Redact or anonymize before pasting (swap names/numbers for placeholders).
- Use the company-approved tool/tier for anything non-public.
- When unsure, ask - or simply don’t paste.
Redaction keeps the draft, drops the risk
Instead of “Email john.doe@acme.com about overdue invoice 4471 for $12,300,” paste “Email [CUSTOMER] about overdue invoice [ID] for [AMOUNT].” You still get a great draft, with zero sensitive data exposed.
Paste or don't paste?
Snippet 1 of 4 - decide in two steps.
Customer account #4471-2093, current balance $12,300.
1. Does this contain sensitive data?
- Public tools can retain your inputs - treat them like a postcard.
- Never expose PII, secrets, or confidential data; know your approved tools.
- Redact, use approved tiers, and when unsure, ask.