Spell-check for privacy
Blog
AI data leakage 10 min read

ChatGPT and work data: the privacy risk is the paste

ChatGPT can be used safely at work, but the dangerous moment is often the first paste: customer records, HR notes, contracts, screenshots, and files copied into the wrong workspace.

ChatGPT5
Summarise the last 3 support emails from this customer.
Paste the emails or the customer name and I will help turn them into a short summary.
ChatGPT can make mistakes. Check important info.

The example above is interactive. Click a highlighted value to see your action options.

Quick answer

ChatGPT is not automatically unsafe for business data, but account type and user behaviour matter. ChatGPT Business, Enterprise and Edu exclude workspace data from model training by default; personal ChatGPT workspaces can use chats for model improvement unless the user opts out. The bigger risk is still the copy-paste moment: an employee adds personal, confidential, or regulated data before settings, policy, or admins can correct it.

01

The highest-risk moment is the paste, not the AI response

02

Personal ChatGPT workspaces are different from Business, Enterprise, and Edu workspaces

03

Temporary Chat, training opt-out, memory controls, and shared-link cleanup reduce risk but do not remove it

04

Files, screenshots, connectors, and shared links create data paths beyond a single prompt

05

Under GDPR, pasting identifiable customer, patient, employee, or financial data can be a processing event

A support lead has six minutes before a customer call. She copies the full ticket history into ChatGPT and asks for a calm summary. The text includes the customer's name, email address, order number, refund amount, and a note about a medical leave request mentioned in the thread.

An HR manager wants a clearer performance-review paragraph. He pastes the draft into his personal ChatGPT account. The draft includes the employee's name, salary band, warning history, and a note from an occupational-health conversation.

Neither person is trying to leak data. Both are trying to move faster. That is why ChatGPT privacy risk is hard to manage: the risky action feels like ordinary work.

The risky moment is before ChatGPT answers

Most organisations discuss ChatGPT risk as if the problem starts with the model: Will it train on our data? Will it hallucinate? Will it expose our files?

Those are real questions, but they come second. The first risk is the paste. Once an employee has copied a customer record, contract excerpt, HR note, source file, screenshot, or spreadsheet into the prompt box, the organisation has already created a data-processing event. The answer may be useful. The input may still have been excessive.

This is why a good ChatGPT policy cannot simply say "use the business version" or "turn off training." The better question is: what did the employee send into the tool, and did the tool need that much context?

Where a ChatGPT prompt can travel

The privacy posture changes depending on workspace, feature, and account type.

ChatGPT contextTraining defaultVisibility and retention riskAdmin control
Personal Free, Plus, or Pro workspaceChats may be used for model improvement unless the user turns this offChat history, memory, shared links, file uploads, and personal connected apps are controlled by the individual userNo organisation-level control
ChatGPT BusinessWorkspace data excluded from training by defaultEach user has private chat history unless they share; workspace shared links are restricted to membersWorkspace owners/admins manage members, apps, GPT controls, and usage settings
ChatGPT Enterprise or EduWorkspace data excluded from training by defaultMore options for SSO, SCIM, RBAC, data controls, app permissions, and retention/residency depending on planStrongest central control
Temporary ChatNot used for model trainingDoes not appear in history or create memories, but copies may be kept up to 30 days for safety reviewUseful for individuals, not a complete governance model

The practical lesson is simple: "ChatGPT" is not one privacy state. A prompt in a personal account, a Business workspace, an Enterprise workspace, a temporary chat, a GPT with actions, or a connected app has different implications.

Seven ChatGPT leakage patterns to govern

1. Raw records pasted for summarisation

This is the everyday case. A support thread, intake form, patient note, complaint, order record, or incident report is pasted so ChatGPT can summarise it. The model rarely needs the real name, email address, phone number, account ID, BSN-equivalent, or full chronology to do the job.

2. Files uploaded because copy-paste is too much work

File upload feels safer because it is tidier. It is not automatically safer. A PDF, CSV, Word document, contract pack, or exported ticket file can contain hidden metadata, tracked changes, comments, extra sheets, or rows outside the section the employee meant to share.

3. Screenshots that carry more than the visible problem

Employees upload screenshots for help with an error, invoice, dashboard, or email. The visible issue may be harmless. The side panel, browser tab, notification banner, URL, customer row, or account name may not be.

4. Memory turning one prompt into future context

Memory can make ChatGPT more useful, but it changes the boundary of a single conversation. If sensitive facts are remembered, they can influence later responses. Turning memory off does not delete memories already saved; they need to be managed separately.

5. GPTs, apps, and connectors extending the data path

A prompt can call a GPT, an app, or a connector. That may be exactly what the user wants, but it also means data may be sent to or retrieved from another system. In managed workspaces, admins should decide which apps are allowed and who can use them.

Shared links are convenient. They are also easy to misunderstand. A link can reveal a snapshot of the conversation, and anyone with access to the link can view it. In 2025, OpenAI removed an experiment that allowed shared conversations to be discoverable through search engines after concerns that users could accidentally share more than intended.

7. Personal accounts used for real work

This is the quietest risk. The employee is not bypassing IT to be reckless; they already have ChatGPT open, so they paste the work there. But a personal workspace has individual settings, individual shared-link history, individual memory, and no central offboarding or audit process.

What is actually at stake

For GDPR purposes, a ChatGPT prompt can contain personal data just like an email, spreadsheet, or ticket system. If the prompt includes an identifiable person, the organisation needs a lawful basis, a purpose, data minimisation, appropriate processor terms where relevant, and a way to answer basic questions later: what was shared, why, and under whose controls?

The risk is not only regulatory. A pasted contract excerpt may reveal a negotiation position. A support record may expose a vulnerable customer. A source file may include credentials. A screenshot may show a production incident name. A performance review may reveal special-category data or occupational-health context.

The uncomfortable part: these prompts are usually created by good employees doing useful work. That is exactly why policy alone does not catch them.

Verified incidents

March 2023 - ChatGPT history and payment-data bug

OpenAI took ChatGPT offline after a bug in an open-source library allowed some users to see titles from other active users' chat histories. OpenAI later reported that the same bug may also have exposed payment-related information for 1.2% of ChatGPT Plus subscribers active during a nine-hour window. Source: OpenAI, March 2023.

April-May 2023 - Samsung restricts generative AI after internal leaks

Samsung temporarily restricted generative AI use on company devices after employees reportedly pasted sensitive internal information into ChatGPT, including source code and meeting content. The nuance matters: this was not ChatGPT "hacking" Samsung; it was employees using a public AI tool for real work without enough controls. Source: TechCrunch/Bloomberg, May 2023.

March 2023 and December 2024 - Italian Garante enforcement

Italy's data protection authority temporarily limited ChatGPT processing in March 2023 while investigating privacy concerns. In December 2024, the authority fined OpenAI 15 million euros after concluding that OpenAI had violated transparency and legal-basis requirements in its management of ChatGPT. OpenAI said it would appeal. Source: Garante/AP, December 2024.

July 2025 - Shared ChatGPT conversations indexed by search engines

Reports found shared ChatGPT conversations appearing in search results. OpenAI said it removed the discoverability feature, describing it as a short-lived experiment that created too many chances for people to share things accidentally. The lesson for workplaces is direct: a share link is a publication decision, not a private note. Source: TechCrunch/Fast Company, July 2025.

These incidents point to different failure modes: platform bugs, employee paste behaviour, regulatory uncertainty, and sharing controls. A serious ChatGPT rollout has to account for all four.

Settings that help

Six settings and admin decisions are worth reviewing before broad workplace use.

1. Move work from personal accounts to a managed workspace Use ChatGPT Business, Enterprise, or Edu for work. OpenAI states that these workspace data types are excluded from training by default. A managed workspace also gives the organisation a place to set app, GPT, member, and sharing rules.

2. Turn off model improvement in personal accounts For users who still have personal accounts, go to: profile icon > Settings > Data Controls > Improve the model for everyone > Off. This keeps new conversations visible in chat history but stops them from being used for model improvement.

3. Use Temporary Chat for sensitive one-off tasks Temporary Chat is available from the new-chat interface. It does not appear in history, does not create memories, and is not used for model training. OpenAI still says copies may be kept for up to 30 days for safety purposes, so do not treat it as a secure vault.

4. Review memory and personalization Go to: profile icon > Settings > Personalization. Review "Reference saved memories" and "Reference chat history." Use Manage memories to delete saved memories that should not influence future chats. Deleting the original chat does not always remove a saved memory.

5. Audit shared links Go to: Settings > Data Controls > Shared links > Manage. Delete links that contain work content, personal data, or confidential context. In Business workspaces, check whether shared-link behaviour matches your internal collaboration rules.

6. Restrict apps, GPTs, and connectors In managed workspaces, review which apps and GPT capabilities are enabled. OpenAI states that Enterprise and Edu apps are disabled by default and can be controlled by workspace owners. Business admins can also manage app availability and role-scoped permissions.

Steps verified in May 2026 with ChatGPT web app at chatgpt.com, ChatGPT Business admin documentation, and OpenAI Help Center pages updated in May 2026.

What settings do not solve

Settings decide how ChatGPT handles data after it arrives. They do not decide whether the employee should have pasted the data in the first place.

No training opt-out removes an unnecessary customer number from a prompt. No Temporary Chat setting tells a support agent that a medical note is irrelevant to a refund summary. No Enterprise workspace automatically knows that a screenshot includes a visible client name in the browser tab.

The control gap is the few seconds before submission, when the employee is still drafting and can still remove, replace, or mask the sensitive parts.

How BeeSensible helps before the prompt is submitted

BeeSensible checks personal data in browser text fields while the prompt is still being written. Through the desktop app, detection runs entirely on the device and no text leaves the machine. For browser-only use, the extension sends the text to BeeSensible's EU detection service, where analysis runs in working memory and the text is discarded after detection. In ChatGPT, names, emails, phone numbers, IBANs, BSNs, payment-card details, and other configured categories can be highlighted before the employee presses Enter.

The user can remove the value, replace it with a placeholder, or mask it. BeeSensible does not store the prompt text. Admins can see patterns by category and application without reading employee conversations.

ChatGPT5
Summarise the last 3 support emails from this customer.
Paste the emails or the customer name and I will help turn them into a short summary.
ChatGPT can make mistakes. Check important info.
Hover or tap a highlighted value to replace, mask, or delete it - before the draft reaches anyone.

This does not replace ChatGPT Business, Enterprise controls, policy, or training. It covers the gap those controls leave open: the ordinary copy-paste moment where most AI data leakage begins.

ChatGPT is useful because it lets people move quickly from messy text to usable work. That same speed is the privacy risk. The goal is not to make employees afraid of AI; it is to make sensitive data visible before the prompt is submitted to ChatGPT. BeeSensible sits in that gap, where settings help but human attention still decides what gets shared.

FAQ

Common questions

Is ChatGPT safe for company data?

ChatGPT can be used safely when the organisation uses an appropriate business plan, has a DPA and policy in place, limits risky features, and trains users not to paste unnecessary sensitive data. Personal ChatGPT accounts should not be treated as approved systems for regulated or confidential work data.

Does OpenAI train on ChatGPT Business or Enterprise data?

OpenAI states that ChatGPT Business, Enterprise and Edu workspace data is excluded from model training by default. Personal Free, Plus and Pro workspaces are different: users can opt out through Data Controls, but that is an individual setting, not an organisation-wide control.

Is Temporary Chat enough for confidential work?

Temporary Chat reduces retention and does not use the chat for model training, but OpenAI says copies may be kept for up to 30 days for safety purposes. It is a useful personal setting, not a substitute for a managed business workspace and data minimisation.

Can shared ChatGPT links expose sensitive data?

Yes. Anyone with a shared link can view the linked conversation, and shared conversations may include more context than the sender intended. Teams should regularly review and delete shared links and avoid using them for sensitive work.

Can admins read every ChatGPT Business chat?

OpenAI says usage analytics and spend controls do not automatically give workspace admins full access to private user chats. That helps user privacy, but it also means organisations still need front-end guidance and detection to prevent risky prompts before they are submitted.

What should employees remove before using ChatGPT?

Remove direct identifiers, account numbers, health details, HR records, client names, secrets, access tokens, contract parties, and screenshots that contain real people or systems unless there is a documented reason and approved workspace for that processing.

See how BeeSensible works

Detect sensitive data before it leaves your team, in any app, in real time.