Spell-check for privacy
Blog

Using AI at work, without the data leaks.

Practical guides and clear-eyed analysis on AI privacy and sensitive data, for the privacy, security, and operations teams helping their people work safely with AI.

ChatGPT in a web browser, illustrating how workplace prompts can include sensitive data
AI data leakage 10 min read

ChatGPT and work data: the privacy risk is the paste

ChatGPT can be used safely at work, but the dangerous moment is often the first paste: customer records, HR notes, contracts, screenshots, and files copied into the wrong workspace.

ChatGPT is not automatically unsafe for business data, but account type and user behaviour matter. ChatGPT Business, Enterprise and Edu exclude workspace data from model training by default; personal ChatGPT workspaces can use chats for model improvement unless the user opts out. The bigger risk is still the copy-paste moment: an employee adds personal, confidential, or regulated data before settings, policy, or admins can correct it.
Read the article
A deleted AI conversation is not instantly gone: the chat log outlives the chat itself
Safe AI adoption 9 min read

The hidden risks of AI chat logs

You delete a ChatGPT conversation and assume it is gone. But the chat log outlives the chat. A deleted conversation is not instantly nowhere, AI memory carries context forward, and on business plans an admin can read along. The one place you actually control this is the moment of pasting, not the settings afterwards.

Read the article
Grok open inside the X app, illustrating how an AI assistant built into a social platform can publish conversations
AI data leakage 10 min read

Grok at work: the chatbot that publishes

Grok lives inside X, a platform built for publishing - and in 2025 its share button quietly turned hundreds of thousands of private conversations into Google-indexed web pages. When the AI sits inside a social network, 'share' and 'publish' blur, and so does the line between a work tool and a personal account.

Read the article
WhatsApp Web open in a browser with a draft message flagged for sensitive personal data, illustrating privacy risks of work messaging
Email privacy 11 min read

WhatsApp at work: why end-to-end encrypted doesn't mean safe

WhatsApp messages are end-to-end encrypted, which makes the app feel private. But encryption protects the message in transit - not who you send it to, which personal phone it lands on, or whether work data should be in a consumer channel at all. The biggest risks sit in the chat box, not the cryptography.

Read the article
An employee typing into an AI tool that remembers context from earlier conversations
AI data leakage 8 min read

How AI memory works (and how to manage it)

AI tools now remember things between conversations. Useful for preferences, risky for work: a client name or case detail you typed once can resurface in an unrelated chat weeks later. Here is how to view, manage, and delete memory in each tool.

Read the article
Admin reviewing a dashboard of AI usage at work
GDPR and workplace AI 8 min read

Can an admin read your AI chats?

It depends on your account. On a free or personal account there is no employer admin above you, only the vendor. On a business or enterprise account, an admin can often reach your conversations through compliance and eDiscovery tooling.

Read the article
Data in a European data centre still falls under US law when the provider is American
Safe AI adoption 9 min read

Data sovereignty starts in the prompt field

Your data sits in a European data centre, so you're sovereign? Not necessarily. As long as the provider is American, the US government can reach it, wherever the servers are. And that choice isn't made by procurement, it's made by the employee who pastes something into a prompt.

Read the article
Employee typing a prompt and checking which data it contains
AI data leakage 8 min read

What you can and cannot share with AI

A practical checklist of data you should never put in an AI tool, what is usually fine, and the rule of thumb that helps you decide in borderline cases. It applies beyond chatbots, to meeting AI, email assistants, and transcription too.

Read the article