Skip to content
Diese Seite gibt es auch auf Deutsch.Zur deutschen Version

Technology · AI in everyday life

ChatGPT & Privacy: What Happens to What You Type

ChatGPT and privacy: where your input goes, what providers do with it – and a simple three-tier rule for what you should actually trust AI with.

By Boaz Lichtenstein

Article image: ChatGPT & Privacy: What Happens to What You Type

“What actually happens to what I type in?” is one of the most frequently asked questions about AI assistants – and, at the same time, one of the least cleanly answered. Here’s a short, sober rundown – deliberately without scaremongering, but just as deliberately without complacency.

Key takeaways

  • Every prompt technically lands with the provider first – what matters is what happens to the data afterwards, not the mere fact that it’s processed at all.
  • Consumer products often train on chat history by default; business contracts usually exclude this contractually.
  • The three-tier rule (public / internal-anonymised / off-limits) replaces complicated policy documents surprisingly reliably in everyday use.
  • Deleted chats usually aren’t gone completely straight away – backups and security copies catch up with a certain delay.
  • For genuinely sensitive data, a locally run model remains the only truly clean technical solution.

Where your input goes

Every prompt lands with the provider for processing first – that’s technically unavoidable, a cloud model has to read your request to answer it. The decisive difference comes after that: some providers use input by default to train future models too, others exclude that contractually for business and enterprise accounts. Consumer versions usually require an active opt-out in the settings to exclude it – if you’ve never looked for it, you probably haven’t turned it on. Within the EU, GDPR also applies regardless of where the provider is based – what matters most is whether an effective data processing agreement exists.

Consumer or business: what matters in practice

Whether your input gets used for training, and how long it’s kept, depends heavily on the product type you choose – the difference is bigger than many users assume:

Aspect Consumer product Business/enterprise
Training on input Often on by default Usually excluded contractually
Opt-out needed? Usually yes, look actively in settings Usually not needed, governed by contract
Data processing agreement Rarely present Standard part of the contract
Recommendation for company data Unsuitable Suitable starting point

This table also explains why the same AI can lead to entirely different data protection risks in two different companies: it isn’t the model itself that determines the risk, but the contract and the type of account used to access it. A technically identical model is, from a data protection standpoint, a different product via a business account than via the free consumer version.

The three-tier rule for input

A simple rule of thumb has proven itself before anything goes into an input field: Public – information anyone could find anyway, unproblematic. Internal-anonymised – company internals, but with names, customer data and figures stripped out, usually fine. An example makes the difference tangible: “Customer Maria Schmidt is complaining about delayed delivery 48291” becomes, for the AI query, “a customer is complaining about a delayed delivery” – the substance stays, the personal reference goes. Off-limits – third-party health data, client confidentiality, unpublished contracts, anything subject to professional confidentiality: fundamentally doesn’t belong in an AI tool whose data processing you don’t fully control. Doctors, lawyers and tax advisers are bound by stricter requirements here than general data protection law anyway.

How to check an input in seconds

  1. Pause briefly before copying or typing text in – this one reflex prevents most mistakes.
  2. Ask: is there a name, a customer number or a case reference in it? If so, remove or replace it.
  3. Ask: would it bother me if this text were publicly visible? If yes, anonymise it or don’t enter it at all.
  4. For professional confidentiality (doctor, lawyer, tax adviser): stop, as a rule – even anonymisation often isn’t enough here.
  5. When in doubt, choose the anonymised version, even if it means a little extra effort – when unsure, that’s always the safer direction.
  6. When in doubt about customer data, ask a colleague or check the privacy policy, rather than deciding on your own.

The most common mistakes

Copying whole documents instead of checking them: the most common mistake doesn’t happen out of malice, just convenience – a complete PDF ends up in the chat without anyone glancing at the actual content first. Using a personal account for company data: see the FAQ – a common and easily avoidable mistake. Relying on “no one will see it anyway”: data protection isn’t a matter of probability, it’s a matter of principle – the rule applies regardless of how likely misuse seems. Confusing deletion with safety: anyone who enters sensitive data and then deletes it hasn’t undone the risk, only reduced it – the processing itself has already happened before the deletion can even take effect.

The way out for the off-limits tier

For cases where even the anonymised version is too sensitive, one option remains: a locally run model that data never leaves. Our article local AI versus the cloud explains when that pays off and where the limits are. For businesses, data protection is also not a purely technical issue but an organisational one – clear rules on who’s allowed to enter what belong in every adoption plan; more in our article on AI adoption at SMEs. Anyone who consistently applies the three-tier rule in daily life also benefits, incidentally, across the other everyday uses of AI assistants – see our overview on AI assistants in everyday life.

A real-world example

An HR staff member wants AI help checking a job application letter for spelling and making the tone a bit friendlier. Copy the entire document, including name, address and CV details, into a consumer tool, and a complete applicant profile heads off uncontrolled to an external provider. Strip out name, address and all identifying details beforehand and have only the running text checked, and exactly the same benefit remains – the risk drops to close to zero. The difference between the two approaches costs, in practice, maybe thirty seconds of extra effort.

The bottom line

Data protection with AI tools isn’t all-or-nothing. Most everyday tasks – text drafts, general research, brainstorming – don’t touch sensitive data at all. The mistake happens where whole documents get copied out of convenience, without a quick check of what’s actually in them. That one second of pausing to check usually replaces complicated policy documents more reliably than you’d think. Anyone regularly working with sensitive topics shouldn’t leave this check to chance, but establish it as a fixed step before every input – rounded out with clean digital basics, as also covered in our article on getting started with password managers.

FAQ

Frequently asked questions

Do providers train on my chats?

Depends on the product and the settings – there’s no blanket answer. Consumer products often use chat history for training by default and require an active opt-out in the settings. Business and enterprise contracts generally exclude training contractually. The only reliable method: check the current privacy settings and data processing agreements of the specific provider yourself, rather than assuming.

Are deleted chats really gone?

Usually yes, but with a delay – providers typically cite deletion periods of a few days to weeks for backups and security copies before data is fully removed. For legal or abuse investigations, copies can be kept even longer. The more robust strategy, then, isn’t deleting things afterwards, but not entering sensitive data in the first place.

Is it safe to use AI assistants with a personal account for company data?

No, that’s one of the most common mistakes in practice. Personal and business use should run separately: an employee’s personal account is subject to different privacy settings and contracts than a company-provided business account. Businesses should provide an official, contractually secured access instead of letting staff work from personal accounts.

What does data processing mean here, in concrete terms?

When a business has an AI tool process personal data, the provider becomes a data processor under data protection law – that requires a data processing agreement (DPA) under Article 28 GDPR, which governs the purpose, scope and deletion periods of the processing. Without such a contract, using it for personal data is risky from a data protection standpoint, however well the tool otherwise performs. (This is not legal advice.)

What if I’ve accidentally already entered sensitive data?

Stay calm, but act: deleting the chat history and, if available, switching off persistent chat storage is the first sensible step – even though it doesn’t undo the processing retroactively. In genuinely sensitive cases (health data, client confidentiality), it’s also worth checking whether a reporting duty applies, for example to your own data protection officer. More important than the after-the-fact reaction, though, remains prevention – which is why the check routine from this article is worth making a fixed habit.