You’re on a tight deadline. A client email thread lands with names, pricing back-and-forth, and a thinly veiled threat to walk. You copy the whole thing into Claude or ChatGPT: “Summarise the issues and draft a calm reply.” Feels like asking a sharp colleague for a second set of eyes. Until it isn’t. I explored to try to get to the root of the issue.
This week: a simple rule — never paste anything you’d regret losing control of — and a 30-second checklist to keep AI useful without leaking your life.
The Café Problem
Every prompt you send to a cloud AI is like whispering across the table in a busy café. The friend (the model) hears you perfectly and gives great advice — but the waiter (the company) keeps a copy of every note. And that waiter’s notes can be exposed by a breach, compelled in court, or accessed under government authority. Multiple whispers over days or weeks? They stop being random and start forming a complete picture of your deals, your clients, your finances.
Two Ways Your Data Escapes
That’s the trap most of us fall into. “It’s just one paste.” “I opted out of training.” “Paid tier = safe.” (Some enterprise plans do reduce risk, but none make you subpoena-proof or breach-proof.)
Real-world leaks happen anyway. In February the popular Chat & Ask AI app — a third-party wrapper using models like ChatGPT or Claude — exposed 300 million private messages from 25 million users after a simple backend misconfiguration, according to security reports. Courts have also ordered companies like OpenAI to produce millions of de-identified conversation logs in copyright cases.
Then there’s the mosaic effect. One client email is innocent. Add last week’s contract snippet, this week’s invoice summary, next week’s strategy brainstorm… suddenly anyone looking can stitch the pieces into your full pricing model, client list, and margins.
For businesses, using an unapproved tool for client work or regulated processes is like storing extra cans of gasoline next to the oven. Nothing might happen today — but if something else ever goes wrong, that decision can turn a small problem into a much bigger headache. Even if an AI vendor has strong policies, external pressure and legal process can still force outcomes you didn’t predict. Just last month tensions between Anthropic and the Pentagon over safeguards for surveillance and weapons led to the company being designated a supply-chain risk and contracts being phased out — a clear sign of the broader tensions between law, policy, best practices and fear of the unknown playing out around this technology. The uncomfortable truth is that the company itself isn’t always a reliable root of trust.
The Data Decision Tree
The good news is there’s a practical way to dramatically reduce this risk. Run every paste through this 30-second mental checklist. It won’t make you bulletproof (nothing does when determined people are involved), but it will stop most of the careless exposures that actually happen:
1. Would I be comfortable if this exact text appeared on the front page of a newspaper tomorrow?
2. Does this contain any name + sensitive context (client, price, employee, medical, financial)?
3. If I sent this to a random consultant in a café, would I redact anything first?
Green: General, non-identifying info → paste
Yellow: Sensitive but redactable → paste after placeholder swap
Red: Regulated, contractual or credentialed secrets → don’t paste
Never Feed an AI
• Passwords, API keys, one-time codes
• Passports, IDs, bank details
• Anything under NDA or client confidentiality
• Employee issues, medical info, disciplinary notes
• Full client lists, pricing models, active deal terms
Quick redaction trick: Swap identifiers for placeholders — “John Smith” becomes “Client A”, “$12,500” becomes “Price X”, “February 18” becomes “Date Y”. In a small community, anonymising names isn’t always enough – unique context (job title, property, vendor, dispute details) can still identify someone instantly.
Relationship literacy starts with boundaries. AI is brilliant at the café table — but you have to decide what you’re willing to say out loud. Meet it halfway: give it clean, safe data and it will meet you with clean, safe help.