← All guides
Safety guide

What NOT to put into AI tools (ChatGPT & co.)

Why confidential data has no place in there

AI tools (ChatGPT, Copilot, Gemini and others) are very useful at work. But they have one easily forgotten trait: everything you type into them goes to an outside company. And that is where the problems start.

Why it actually matters

  • What you write may be kept and, on some services, used to “train” the tool — meaning fragments of what you put in can end up where you don’t expect.
  • You lose control: once sent, you no longer know who sees it, where it ends up or how long it is kept.
  • If it is client data or company confidential information, this can breach confidentiality and data protection obligations (GDPR) — and the company is liable for it.
  • There have also been leaks: people have accidentally ended up seeing other people’s conversations.

In short: an AI tool is not a private box. It’s like talking to a very clever stranger who remembers everything.

The simple rule

If you wouldn’t write it on a notice board in your company’s lobby, don’t paste it into an AI tool.

What never to put in

  • Client data: names, contact details, passport numbers, cards, itineraries.
  • Contracts, internal documents, financial data.
  • Passwords, codes, access keys.

How to use AI wisely

  • If you need help with a real example, take out the real data first (replace names with “Client X”).
  • Use only the tools approved by your company — some have special versions that don’t use your data.
  • On any doubt, ask the IT or security team.

At home it’s the same: don’t put your own sensitive data or anyone else’s (photos of documents, ID cards, medical information) into an AI tool.

Remember, in short

  1. If you wouldn't write it on a public notice board, don't paste it into an AI tool.
  2. Don't put in client data, contracts, passwords or financial data.
  3. Need help with an example? Remove the real data (anonymise) first.
  4. Use only the AI tools approved by your company; when in doubt, ask the IT team.

Sources

Last reviewed: . Spotted something outdated? Tell us.