AI Privacy and Security Best Practices for Individuals: What to Do With Private Data

AI tools are useful, but they also make it easy to share private information too quickly.

People now paste emails, contracts, medical notes, tax records, screenshots, school messages, and chat logs into AI tools every day. Sometimes that is fine. Sometimes it creates a privacy problem, a security problem, or both.

The safest way to think about AI is simple: treat it like a third party.

If you would not hand the information to a stranger, an unknown app, or a public forum, do not paste it into an AI tool until you have checked what happens to the data and whether the tool is the right place for it.

Start with the basic rule

Use AI for low-risk information by default.

Be much more careful with:

• identity documents
• passport, driver licence, or national ID details
• bank account and credit card information
• tax identifiers
• government health cards
• passwords, recovery codes, and API keys
• medical records
• legal documents with personal identifiers
• children's information
• confidential work files
• screenshots that show balances, account numbers, email addresses, or internal systems

Some data should never go into a general-purpose AI chatbot at all.

The first habit: redact before you upload

Before you paste text or upload a file, remove anything that can identify you or someone else.

That includes:

• full names
• phone numbers
• home addresses
• email addresses
• dates of birth
• account numbers
• ID numbers
• customer numbers
• faces in images if they are not needed
• signatures

Good AI use is often about editing the input first, not writing a better prompt.

Instead of uploading a full bank letter, copy only the paragraph you need help understanding and replace the personal details with placeholders. Instead of sharing a full screenshot, crop it tightly and check that no extra tabs, notifications, or account details are visible.

Share the minimum needed

Do not give the whole document if one paragraph is enough.

Do not upload a full medical report if your question is only about one result. Do not paste a full lease if you only need help understanding one clause. Do not upload a full school email thread if one message is enough.

Less data shared means less risk.

Know your provider settings before you trust the tool

This is where many people go wrong. They assume all AI tools handle data the same way. They do not.

ChatGPT

On personal ChatGPT plans, OpenAI says your content may be used to improve its models unless you turn that off in Data Controls. OpenAI also says deleted chats are permanently deleted from its systems within 30 days, unless they were already de-identified or need to be kept for security or legal reasons. If you use Temporary Chat, OpenAI says those chats will not appear in history, will not use or create memories, and will not be used to train models.

Claude

Anthropic now gives Claude users a separate model training setting. Anthropic says that if you turn that setting off, new chats and coding sessions will not be used for future model training. Anthropic also says that if you do not choose to provide data for training, it continues with its existing 30-day retention period, and that deleted conversations are not used for future training.

Gemini

Google says Gemini Apps Activity is on by default for many users, with an auto-delete setting that defaults to 18 months and can be changed. Google also says chats reviewed by human reviewers may be kept for up to three years, even if you delete your activity. Gemini also has Memory and personalization features that reference past chats, and Google says you can turn Memory off. For work and school Google accounts, Google says Gemini chats and uploaded files are not reviewed by humans and are not used to improve generative AI models.

The practical takeaway is simple: check the settings before you share the data.

Pay attention to AI memory features

Modern AI tools do not just respond to one conversation. Many of them try to remember you across sessions.

That includes features such as:

• ChatGPT Memory
• Gemini Memory / personalization
• provider-specific saved preferences or persistent context

These features can be useful, but they also create a new privacy risk: details you mention once may influence future chats.

That means you should:

• review what the tool remembers
• delete memories you do not want kept
• turn memory off if you are discussing sensitive topics
• use temporary or non-persistent chat modes when appropriate

Do not treat memory as harmless convenience. It is a data-retention feature.

Prefer summaries over raw records

A good rule is to describe the situation instead of uploading the original file.

Instead of:

"Here is my full medical report. Explain it."

Try:

"My blood test shows high LDL and normal glucose. What does that usually mean?"

Instead of:

"Here is my full employment contract."

Try:

"My contract says the employer can change duties with notice. What does that usually mean?"

You often get the help you need without exposing the original record.

Separate personal, work, and client data

Do not mix your own private files, your employer's data, and client data in one casual AI workflow.

A common mistake is using a personal AI account to process:

• internal meeting notes
• customer spreadsheets
• HR messages
• support tickets
• financial files
• source code with secrets
• confidential business plans

If the data belongs to your employer, client, school, or another person, treat it as restricted unless you clearly have permission and the tool has been approved for that use.

Watch for prompt injection when pasting other people's content

This is the security issue most people still miss.

If you paste an email, PDF, webpage, or other external content into an AI tool, that content can contain instructions meant to manipulate the AI. In AI security, this is known as prompt injection.

In plain English, the document you are asking the model to summarize may also be trying to tell the model what to do.

That matters most when the AI tool has access to:

• your inbox
• your files
• your browser
• your codebase
• external apps or tools

If you are using AI on untrusted content, be extra careful with tools that can take actions on your behalf.

Secure the AI account itself

Private data risk does not begin and end with prompts. It also includes your account.

If someone gets into your AI account, they may be able to read your chat history, exported files, saved memories, or linked tools.

At a minimum:

• use a strong unique password
• turn on multi-factor authentication
• review active sessions and linked devices
• be careful with shared browsers and shared computers
• do not leave chat histories open on devices other people use

For Gemini, that means securing your Google Account. For ChatGPT, OpenAI supports MFA. The same general rule applies to any AI provider: if the account matters, secure it like an email account.

Be careful with browser extensions and AI keyboards

A lot of AI now sits inside browser extensions, writing assistants, mobile keyboards, and sidebar tools.

These tools can be convenient, but they may also see:

• every page you visit
• every field you type into
• copied text
• screenshots
• form entries
• email drafts

That does not mean all such tools are bad. It means you should grant access carefully and only use extensions or keyboards you trust. If a tool has permission to read everything on every site, assume it has a much wider view of your data than a normal chatbot window.

For highly sensitive material, local AI may be the better answer

If you need help with very sensitive documents, a local model may be safer than a cloud AI service.

Tools such as LM Studio and Ollama can run models on your own machine. If you keep the workflow fully local and offline, the content does not need to leave your device.

This is not a perfect solution. Local models can still be less capable, and local setups can still create risk if the device itself is not secure. But for some use cases, local AI is the more sensible option than uploading raw private data to a hosted service.

Hard rules: what should never go into a general AI chat

These should be treated as hard no items:

• passwords
• one-time codes
• recovery phrases
• API keys
• SSH keys
• secret tokens
• private certificates
• card CVVs
• raw identity document scans unless absolutely necessary

There is almost never a good reason to paste raw secrets into an AI tool.

Do not use AI as your only decision-maker

AI can help explain information. It should not be the only authority for high-stakes decisions.

That applies especially to:

• medical decisions
• legal decisions
• tax decisions
• financial decisions
• immigration decisions
• safety decisions

Use AI to understand, translate, summarize, or prepare questions. Do not use it as your only professional advice.

A simple red-flag test

Stop before using AI if the material includes any of these:

• identity proof
• health details
• money details
• children's information
• confidential business data
• secrets or credentials
• private information about another person

If yes, either do not use AI at all, or heavily redact the material first.

A safer way to use AI with private topics

Bad:

"Here is my full mortgage statement, bank screenshot, and ID. Tell me if I should refinance."

Better:

"I have a variable-rate mortgage, around 25 years left, and my repayments have increased by about 18%. What questions should I ask a lender about refinancing?"

Bad:

"Here is my child's full school report and teacher email. Write a reply."

Better:

"My child's teacher says they are struggling with focus in class. Help me write a polite reply asking for practical next steps."

The safer version still gets useful output without exposing raw private records.

Bottom line

AI is powerful, but convenience makes people careless.

The safest habit is simple: never give an AI tool more personal data than it truly needs.

Redact first. Share less. Check training, retention, and memory settings. Be careful with external content, linked tools, browser extensions, and account security. And when the material is genuinely sensitive, consider whether local AI or no AI at all is the better choice.

Sources

• OpenAI: How your data is used to improve model performance
• OpenAI Help: Data Controls FAQ
• OpenAI Help: How to Delete and Archive Chats in ChatGPT
• OpenAI Help: Chat and File Retention Policies in ChatGPT
• OpenAI Help: Memory FAQ
• OpenAI Help: Enabling or disabling Multi-Factor Authentication (MFA)
• Anthropic: Updates to Consumer Terms and Privacy Policy
• Anthropic Trust Center FAQ
• Google: Gemini Apps Privacy Hub
• Google: Get personalization in Gemini Apps
• Google: Get personalization with memory of your past Gemini chats
• Google: Use Gemini Apps with a work or school Google Account
• OWASP GenAI: LLM01 Prompt Injection
• OpenAI: Understanding prompt injections
• Anthropic: Trustworthy agents in practice
• LM Studio: Run AI models, locally and privately
• LM Studio Docs: Offline operation
• Ollama FAQ