Technology · AI in everyday life
ChatGPT & Privacy: What Happens to What You Type
ChatGPT and privacy: where your input goes, what providers do with it – and a simple three-tier rule for what you should actually trust AI with.
By Boaz Lichtenstein

“What actually happens to what I type in?” is one of the most frequently asked questions about AI assistants – and, at the same time, one of the least cleanly answered. Here’s a short, sober rundown – deliberately without scaremongering, but just as deliberately without complacency.
Key takeaways
- Every prompt technically lands with the provider first – what matters is what happens to the data afterwards, not the mere fact that it’s processed at all.
- Consumer products often train on chat history by default; business contracts usually exclude this contractually.
- The three-tier rule (public / internal-anonymised / off-limits) replaces complicated policy documents surprisingly reliably in everyday use.
- Deleted chats usually aren’t gone completely straight away – backups and security copies catch up with a certain delay.
- For genuinely sensitive data, a locally run model remains the only truly clean technical solution.
Where your input goes
Every prompt lands with the provider for processing first – that’s technically unavoidable, a cloud model has to read your request to answer it. The decisive difference comes after that: some providers use input by default to train future models too, others exclude that contractually for business and enterprise accounts. Consumer versions usually require an active opt-out in the settings to exclude it – if you’ve never looked for it, you probably haven’t turned it on. Within the EU, GDPR also applies regardless of where the provider is based – what matters most is whether an effective data processing agreement exists.
Consumer or business: what matters in practice
Whether your input gets used for training, and how long it’s kept, depends heavily on the product type you choose – the difference is bigger than many users assume:
| Aspect | Consumer product | Business/enterprise |
|---|---|---|
| Training on input | Often on by default | Usually excluded contractually |
| Opt-out needed? | Usually yes, look actively in settings | Usually not needed, governed by contract |
| Data processing agreement | Rarely present | Standard part of the contract |
| Recommendation for company data | Unsuitable | Suitable starting point |
This table also explains why the same AI can lead to entirely different data protection risks in two different companies: it isn’t the model itself that determines the risk, but the contract and the type of account used to access it. A technically identical model is, from a data protection standpoint, a different product via a business account than via the free consumer version.
The three-tier rule for input
A simple rule of thumb has proven itself before anything goes into an input field: Public – information anyone could find anyway, unproblematic. Internal-anonymised – company internals, but with names, customer data and figures stripped out, usually fine. An example makes the difference tangible: “Customer Maria Schmidt is complaining about delayed delivery 48291” becomes, for the AI query, “a customer is complaining about a delayed delivery” – the substance stays, the personal reference goes. Off-limits – third-party health data, client confidentiality, unpublished contracts, anything subject to professional confidentiality: fundamentally doesn’t belong in an AI tool whose data processing you don’t fully control. Doctors, lawyers and tax advisers are bound by stricter requirements here than general data protection law anyway.
How to check an input in seconds
- Pause briefly before copying or typing text in – this one reflex prevents most mistakes.
- Ask: is there a name, a customer number or a case reference in it? If so, remove or replace it.
- Ask: would it bother me if this text were publicly visible? If yes, anonymise it or don’t enter it at all.
- For professional confidentiality (doctor, lawyer, tax adviser): stop, as a rule – even anonymisation often isn’t enough here.
- When in doubt, choose the anonymised version, even if it means a little extra effort – when unsure, that’s always the safer direction.
- When in doubt about customer data, ask a colleague or check the privacy policy, rather than deciding on your own.
The most common mistakes
Copying whole documents instead of checking them: the most common mistake doesn’t happen out of malice, just convenience – a complete PDF ends up in the chat without anyone glancing at the actual content first. Using a personal account for company data: see the FAQ – a common and easily avoidable mistake. Relying on “no one will see it anyway”: data protection isn’t a matter of probability, it’s a matter of principle – the rule applies regardless of how likely misuse seems. Confusing deletion with safety: anyone who enters sensitive data and then deletes it hasn’t undone the risk, only reduced it – the processing itself has already happened before the deletion can even take effect.
The way out for the off-limits tier
For cases where even the anonymised version is too sensitive, one option remains: a locally run model that data never leaves. Our article local AI versus the cloud explains when that pays off and where the limits are. For businesses, data protection is also not a purely technical issue but an organisational one – clear rules on who’s allowed to enter what belong in every adoption plan; more in our article on AI adoption at SMEs. Anyone who consistently applies the three-tier rule in daily life also benefits, incidentally, across the other everyday uses of AI assistants – see our overview on AI assistants in everyday life.
A real-world example
An HR staff member wants AI help checking a job application letter for spelling and making the tone a bit friendlier. Copy the entire document, including name, address and CV details, into a consumer tool, and a complete applicant profile heads off uncontrolled to an external provider. Strip out name, address and all identifying details beforehand and have only the running text checked, and exactly the same benefit remains – the risk drops to close to zero. The difference between the two approaches costs, in practice, maybe thirty seconds of extra effort.
The bottom line
Data protection with AI tools isn’t all-or-nothing. Most everyday tasks – text drafts, general research, brainstorming – don’t touch sensitive data at all. The mistake happens where whole documents get copied out of convenience, without a quick check of what’s actually in them. That one second of pausing to check usually replaces complicated policy documents more reliably than you’d think. Anyone regularly working with sensitive topics shouldn’t leave this check to chance, but establish it as a fixed step before every input – rounded out with clean digital basics, as also covered in our article on getting started with password managers.