AI for Beginners
✦ Staying Safe · May 2026
Previous When to trust it Next What does it cost?

Is it safe to put my stuff in here?

7 min read · data, privacy, and what not to paste

This is the question I get the second someone gets genuinely interested. Usually said quietly, a bit embarrassed, like it's a daft thing to ask: "…is it safe? Like — where does my stuff actually go?"

It's not a daft question. It's the most sensible one on this whole site.

🔐 What happens when you type something

When you hit send, your message goes to the company's servers, the model works on it, and the answer comes back. Mechanically, it's the same shape as every other cloud tool you already trust — your email, online banking, your accounting software. Your words aren't broadcast to the world.

But "it sits on their servers" does raise the one question that actually matters —

🎓 "Does it learn from my stuff?"

This is the real one. Some providers, on some plans, use your conversations to help train future versions of the model — unless you tell them not to. Others don't by default. It varies by company, it varies by plan, and — importantly — the policies keep changing. (Even while I was writing this, one of the big providers had just shifted its default.)

So don't bother memorising a rule that'll be out of date next month. Do this instead: open your settings, look for "Data controls" or "Privacy", and find the toggle about improving or training the model. Switch it off if you'd rather your chats weren't used that way. Takes about thirty seconds.

The rule isn't "trust it" or "don't trust it." It's "go and check the one toggle, then decide."

🚫 What I never paste in

✗ Other people's details

Customer addresses, phone numbers, anything given to you in confidence. De-identify it first if you can.

✗ Passwords & bank details

Card numbers, logins, account numbers. Never. There's no reason to, ever.

✗ Anything under an NDA

If you've signed something promising to keep it private, that includes pasting it into an AI.

✗ Sensitive records

Health, legal, or financial details belonging to someone else. Treat them like you'd want yours treated.

✅ What's genuinely fine

Your own draft emails. General questions. "Explain this concept to me." Brainstorming. Summarising a document you already own. Your own marketing copy. The overwhelming majority of day-to-day work is completely fine — the careful list above is the exception, not the rule.

🏢 If you handle client work

Look at the business or "Team" plans. They typically come with a written commitment not to train on your data, plus tighter handling — which is exactly what you want if you're dealing with other people's information for a living. A small step up for real peace of mind.

One honest caveat: I'm not a lawyer, and this isn't legal advice. If you're in a regulated industry, check your own obligations. But for most small businesses the recipe is simple — turn off training, keep secrets out, use a business plan for client work — and you're being every bit as sensible with this as you already are with email.

D
Danielle Seymour
Co-director, SOUTHSTART · Adelaide Hills, AU · figuring it out in public
Previous When to trust it Next What does it cost?