← Back to training
Safety and Limits

Privacy and Data — What's Safe to Paste Into AI

NEWITY · Published May 2026 · Last reviewed May 2026

Treat AI Chats Like Public-Facing Notes

Anything you paste into a free AI tool should be treated as if it could be read by a human at the AI company, used to train future models, or — in worst-case scenarios — exposed in a security incident. This isn't paranoia; it's the realistic baseline for free consumer AI products.

You can still use AI for almost everything in your business. You just need to know what to redact before pasting.

What Each Plan Tier Does (Roughly)

Policies change, so always check current settings. As of 2026 the general pattern is:

PlanAre your conversations used for model training?
Free consumer (ChatGPT, Claude, Perplexity, Gemini)Sometimes yes, by default. Often you can opt out in settings.
Paid consumer (ChatGPT Plus, Claude Pro, Perplexity Pro)Usually no by default, but check.
Team / Business / EnterpriseContractually no. Stronger data-handling guarantees.
API accessInputs and outputs are not used to train models, by contract.

If your business handles regulated data — health records, financial account numbers, certain client information — Team/Business plans or the API are the right minimum. Free consumer accounts are not appropriate for that data.

Find and Set Your Privacy Controls

Before doing real business work in any AI tool, take 60 seconds to check the settings:

  • ChatGPT — Settings → Data Controls → "Improve the model for everyone." Turn off if you want your conversations excluded from training.
  • Claude.ai — Settings → Privacy. Review the current options for your account type.
  • Perplexity — Settings → AI data retention.
  • Gemini — Activity Controls → Gemini Apps Activity.

These controls move around as products evolve. The principle: every tool has a setting; check yours when you sign up and again every few months.

What to Never Paste Into a Free AI Tool

Hard rules:

  • Social Security numbers, EINs, ITINs, or government IDs
  • Bank account numbers, routing numbers, or full credit card numbers
  • Passwords, API keys, or other security credentials
  • Personal health information (medical records, diagnoses, treatment notes)
  • Personally identifiable information about minors
  • Information covered by an active NDA or confidentiality agreement unless your AI plan and the underlying contract permit it
  • Information related to active or pending litigation

These don't become safer on a paid plan — they're risky to share regardless. Use enterprise-grade tools or don't share at all.

What to Be Careful About

Soft rules — usually fine on paid plans, often fine on free plans, but worth thinking before pasting:

  • Customer names, full email addresses, phone numbers — substitute "Client A" or "[Customer Name]" when possible
  • Employee names tied to performance, compensation, or HR issues — describe the situation generically: "an employee who's been with us 3 years"
  • Exact revenue, payroll, or other financial figures — round, generalize, or use percentages instead of exact dollars
  • Supplier pricing or negotiation details — if it's competitive intel, redact the supplier name
  • Full contracts and leases — if you must paste, redact names, signatures, and any clauses marked confidential before pasting

What's Generally Fine

Things you can safely paste, even into free tools:

  • Public information about your business (website copy, marketing content, public reviews you're responding to)
  • Generic descriptions of business situations ("a long-time customer who recently complained about pricing")
  • Industry context, frameworks, examples
  • Already-public legal language (standard contract clauses, public regulations)
  • Educational content (training materials you're authoring, public documentation)

Practical Workflow: Redact Before Paste

When you have a real document with sensitive details and want AI's help with it, the workflow is:

  1. Open a copy of the document (don't edit the original)
  2. Find-and-replace sensitive specifics:
    • Real names → "[Name]"
    • Real account numbers → "[Account]"
    • Real dollar amounts → round numbers or "[Amount]"
    • Real addresses → "[Address]"
  3. Paste the redacted version into the AI tool
  4. Re-insert the real details when you copy the AI's output back to your document

This adds 30 seconds. It also keeps your customers' and employees' real data out of an AI training set.

Sharing AI With Your Team

If your employees are using AI for work:

  • Set a written policy — even a one-page document. Tell them what they can and can't paste, and which tools the business has approved.
  • Pay for plans that protect data — if AI is doing real business work, the ~$20/month per seat for a Team plan is worth it for the data protection alone.
  • Review their work with a privacy lens — when you check an employee's AI-assisted output, also check what they pasted in to get it.
  • Be especially careful with HR, finance, and customer-data roles — the people most likely to be tempted to paste something they shouldn't.

What Happens If You've Already Pasted Something Sensitive

If you realize after the fact that you put real PII, financial data, or confidential content into an AI tool:

  1. Delete the conversation in the tool's history.
  2. Check the tool's data retention settings — turn off training-data sharing if it's on.
  3. For genuinely high-stakes leaks (a major NDA breach, regulated health data, etc.) — talk to your attorney about disclosure obligations.

The best protection is not pasting it in the first place. But the world doesn't end if it happens once and you take action.

When in Doubt

If you're not sure whether to paste something, ask: "Would I be okay if a stranger at the AI company read this tomorrow?"

If yes, paste away. If no, redact first.

safetyprivacydatasecuritycompliance