Spell-check for privacy
Blog
AI data leakage 10 min read

Grok at work: the chatbot that publishes

Grok lives inside X, a platform built for publishing - and in 2025 its share button quietly turned hundreds of thousands of private conversations into Google-indexed web pages. When the AI sits inside a social network, 'share' and 'publish' blur, and so does the line between a work tool and a personal account.

Grok
Summarise this customer thread into a short, friendly reply.
Sure, paste the thread and I will turn it into a short reply.
Grok can make mistakes. Verify important info.

The example above is interactive. Click a highlighted value to see your action options.

Quick answer

Grok's defining privacy risk is that it sits inside X, a publishing platform. In August 2025 its share feature created public URLs that search engines indexed, exposing hundreds of thousands of conversations - with no warning that sharing meant publishing. On X, the setting that lets your posts and Grok interactions train the model is on by default. Consumer Grok offers no business data protection, so work data typed into it has no processor agreement and a 'share' that can become a web page.

01

In August 2025, 370,000+ shared Grok conversations were indexed by Google with no warning that sharing meant publishing

02

On X, the setting allowing your posts and Grok interactions to train the model is on by default

03

The standalone grok.com app defaults to not training on chats - the X platform and the app behave oppositely

04

Ireland's regulator forced X to permanently stop using EU public posts to train Grok, and opened further inquiries

05

Consumer Grok has no data processing agreement, so work data typed into it has no GDPR processor safeguards

A sales rep uses Grok inside X to tidy up a long customer thread into a clean summary - names, the account, the deal, the complaint. Pleased with the result, he taps "share" to send it to a colleague. The link works perfectly.

What he does not realise is that, in 2025, that share link was not a private transfer. It was a public web page. Hundreds of thousands of Grok conversations shared this way were crawled and indexed by Google, turning what people thought were private chats into searchable documents - complete with the personal data, passwords, and sensitive details inside them. There was no warning. The button just said "share."

That is the thing about Grok: it does not live in a quiet productivity suite. It lives inside X, a machine built for publishing. And when an AI sits inside a social network, the gap between "share" and "broadcast" can close without anyone noticing.

Is Grok safe for business data?

Two structural facts make Grok risky for work. First, it is woven into a publishing platform, so its sharing and social features carry exposure that a standalone assistant does not. Second, consumer Grok - via X Premium or the free grok.com tier - is not a business product: there is no data processing agreement, no admin console, no enforced retention, and on X the training setting is on by default.

None of that makes the model bad. It makes the context dangerous. The same prompt typed into a governed enterprise tool and into Grok on a personal X account ends up in two completely different worlds - and only one of them has a "share" button that can turn a chat into a Google result.

How Grok handles your data

Grok inside Xgrok.com appEnterprise / API
Trains on your contentOn by defaultOff by default (opt-in)Separate terms
Data processing agreementNoNoYes
"Share" can become publicYes (the 2025 incident)Yes (shared links)Depends on config
Admin controlsNoneNoneYes
Suitable for work dataNoNoOnly under commercial terms

Grok inside X is the riskiest surface: the training toggle defaults on, and it sits in the same app where people post publicly, so the cultural muscle memory is to share.

The grok.com app defaults to not training on your chats - the opposite of the X platform setting. Useful to know, easy to get wrong, since most people assume one company means one rule.

Enterprise / API runs under separate commercial terms with a data processing addendum. That is the only tier appropriate for business data, and most employees are not on it.

Deleted or private chats are removed within about 30 days, but with carve-outs for "safety, security, or legal reasons" - so deletion is not absolute.

The biggest privacy risks in Grok

1. "Share" that becomes "publish"

The defining risk. In 2025, Grok's share links were indexed by search engines, exposing hundreds of thousands of conversations. Anyone using share for a work summary could have made client data a public web page - with no warning.

2. Training on by default inside X

On X, your posts and Grok interactions feed model training unless you opt out. An employee on a personal X account is contributing whatever they type to the model by default.

3. The two-defaults trap

X trains by default; grok.com does not. The same brand behaving oppositely means people guess wrong about what is happening to their data.

4. No business protections on consumer tiers

No data processing agreement, no admin retention, no DLP. Work data in consumer Grok has none of the safeguards a regulated organisation needs.

5. Vendor operational-security signals

Through 2025, xAI had repeated API-key leaks and a public exposure of Grok's internal persona prompts. None leaked end-user chats directly, but together they signal an organisation moving fast - worth weighing when assessing it as a vendor.

Each of these flows from the same root: Grok is an AI built inside a social, publishing-first platform.

What is actually at stake: consequences

Under GDPR, putting an identifiable person's data into a consumer AI with no processor agreement is processing without a lawful basis on the employer's side. If a "share" then turns that conversation into a public, indexable page, the exposure escalates from a controls gap to an active data breach - one that must be assessed and, where there is risk to people, reported within 72 hours.

Fines reach EUR 20 million or 4% of global annual turnover, whichever is higher. And the reputational dimension is acute here: "our client's details were findable on Google because someone shared a Grok chat" is a uniquely bad sentence. The publishing platform that makes Grok engaging is the same quality that makes its failures public.

Verified incidents

August 2024 to 2025 - Ireland forces X to stop EU training, opens inquiries

Ireland's Data Protection Commission secured X's agreement in August 2024 to suspend using EU and EEA users' public posts to train Grok, followed by a permanent undertaking in September 2024. noyb filed nine GDPR complaints across the EU, and the regulator opened further inquiries into the lawfulness of the processing. Source: Irish DPC / TechCrunch, 2024-2025.

August 2025 - 370,000 Grok conversations indexed

Reporting first by Forbes found that Grok's share feature had created public URLs indexed by Google and other search engines, exposing more than 370,000 conversations - including sensitive personal data - with no warning that sharing meant publishing. Source: Forbes / TechCrunch, August 2025.

2025 - Repeated xAI API-key leaks

Security researchers documented multiple incidents in which xAI-related API keys were committed to public code repositories, exposing access to private models - a recurring operational-security lapse. Source: Krebs on Security, 2025.

The pattern is consistent: a fast-moving AI inside a platform whose default behaviour is to make things public.

Settings that help

1. Turn off Grok training on X Settings and privacy > Privacy and safety > Grok and third-party collaborators > turn off the training option. Remember it is prospective only.

2. Never use "share" for sensitive conversations Treat any shared Grok link as a potential public page. For anything containing personal or business data, do not share via a link at all.

3. Keep work data out of personal X accounts The cleanest control is to not use consumer Grok for work. If Grok is genuinely needed, use xAI's commercial terms with a data processing agreement.

4. Use Private Chat and delete history Private Chat is not used for training and is deleted within about 30 days, subject to carve-outs - better than the default, not a guarantee.

Verified against xAI's policy and reporting current to early 2026; X's settings and labels change frequently.

What settings do not solve

Turning off the training toggle changes what xAI does with your posts. It does not change the fact that Grok lives in a place where sharing is one tap from publishing, and it does not decide what an employee types into the box.

No setting retrieves a conversation that has already been shared and indexed. No opt-out un-trains data already used. The two risks that define Grok - a publish-friendly share feature and a person pasting sensitive context into a personal account - are human moments a configuration screen does not reach.

That is the gap between a social platform's defaults and the content a person is about to entrust to it.

How BeeSensible helps before you send

BeeSensible checks personal data in browser text fields - including the Grok prompt - as you type. Through the desktop app, detection runs entirely on the device and no text leaves the machine. For browser-only use, the extension sends the text to BeeSensible's EU detection service, where analysis runs in working memory and the text is discarded after detection. When sensitive content appears in a prompt, BeeSensible marks it inline so the user can see exactly what they are about to share - and delete it, replace it with a placeholder, or mask it before sending.

Grok
Summarise this customer thread into a short, friendly reply.
Sure, paste the thread and I will turn it into a short reply.
Grok can make mistakes. Verify important info.
Hover or tap a highlighted value to replace, mask, or delete it - before the draft reaches anyone.

Message content is not stored. The user makes every decision.

For Grok, this matters because the downstream risk is unusually public. If an employee is going to summarise a customer thread in Grok, BeeSensible catches the client name beside an account number before it enters a conversation that might later be shared - and shared, here, can mean published. It does not change X's defaults or replace a policy against work data in personal accounts; those are the structural moves. It keeps the person aware of what is about to go in, while there is still time to keep it out.

Grok is engaging precisely because it lives where people already are - inside a social platform. That is also why its mistakes become web pages. Keep work data out of personal accounts, never share sensitive chats, and make sure the moment before a name is typed is a moment the person actually sees.

FAQ

Common questions

Is Grok safe to use for work?

Grok is risky for work data for two structural reasons: it lives inside X, where a 'share' can become a public, search-indexed web page, and consumer Grok offers no business data protection or data processing agreement. On X, the training setting is on by default. For occasional general questions it can be used like any public chatbot, but client names, contracts, and confidential details should not go into it - especially via a personal X account.

Did Grok conversations really show up on Google?

Yes. In August 2025, Grok's share button created public URLs that search engines indexed, making more than 370,000 conversations searchable, some containing personal data, passwords, and sensitive questions. Users were given no warning that sharing a conversation made it publicly accessible. It mirrored a similar share-link incident at ChatGPT around the same time.

Does Grok train on my data by default?

It depends which Grok. On the X platform, the setting allowing your posts and your Grok interactions to be used for training is on by default - you must opt out in X's privacy settings. On the standalone grok.com app and xAI account, the default is not to train on conversations unless you opt in. The same company runs two products with opposite defaults, which is easy to get wrong.

Can EU businesses use Grok under GDPR?

Consumer Grok (via X Premium or grok.com) is not a controller-to-processor business arrangement and carries no data processing agreement, so pasting client or employee data into it has no GDPR processor safeguards for the employer. Ireland's regulator separately forced X to stop using EU users' public posts to train Grok and has opened further inquiries, so the legal basis for X-side training has been contested. Business use needs xAI's commercial terms, not a personal account.

How do I stop Grok from training on my X posts?

In X, go to Settings and privacy, then Privacy and safety, then Grok and third-party collaborators, and turn off the option allowing your posts and interactions to be used for training. Note the opt-out is prospective only - it does not remove data already used. On grok.com, training is controlled under Settings, Data, 'Improve the Model'.

What should employees never put into Grok?

Never paste client or patient names, account numbers, contracts, credentials, or internal strategy - and never use the 'share' button for anything sensitive, since a shared link can become a public, indexable page. Treat Grok inside X as a public, social space, not a private workspace, and keep work data out of personal accounts entirely.

See how BeeSensible works

Detect sensitive data before it leaves your team, in any app, in real time.