A plumber runs his small business almost entirely through WhatsApp: bookings, addresses, the occasional photo of a problem, invoices. One evening, juggling messages, he taps the little blue circle - Meta AI - and asks it to "write a polite reminder to the customer at 14 Oak Lane who hasn't paid," pasting in her name, address, and the amount.
He has used WhatsApp for years, and it has always told him his chats are end-to-end encrypted. That is still true - for his chats with customers. But the moment he tapped the assistant, he stepped outside that encryption. His message to Meta AI is processed on Meta's servers under a consumer privacy policy, used to improve Meta's models, and - since late 2025 - feeds the personalisation of ads. There was no business agreement, no processor relationship, and no way to opt out of the data use.
Meta AI did not break into his conversation. It was already there, inside the app he uses for everything, one tap away from a customer's details.
Is Meta AI safe for business data?
No - and the reasons are structural, not a matter of settings. Meta AI is a consumer product. There is no business tier with a data processing agreement, no commitment to keep your inputs out of model training, and since December 2025 no opt-out from using your Meta AI interactions to personalise ads. Whatever you send the assistant is handled on consumer terms.
What makes Meta AI different from a standalone chatbot is location. It is woven into WhatsApp, Instagram, Messenger and Facebook - and in much of Europe, small businesses run real work through exactly those apps. So the assistant shows up not in a separate "AI tool" people approach carefully, but in the middle of the chat where a customer's address already sits. The blurring of personal and work is not a user error; it is the design.
How Meta AI handles your data
| Normal WhatsApp chat | Message to Meta AI | |
|---|---|---|
| End-to-end encrypted | Yes | No |
| Readable by Meta | No | Yes (on its servers) |
| Used to improve Meta's AI | No | Yes |
| Used to personalise ads | No | Yes (since Dec 2025) |
| Business data processing agreement | n/a | None |
The single most important distinction: a normal WhatsApp message stays end-to-end encrypted and is not used to train Meta AI. A message to Meta AI is not encrypted, is processed on Meta's servers, and falls under the consumer policy. The assistant is off until you involve it - but involving it changes everything about how that content is handled.
On training, Meta uses public Facebook and Instagram posts of adult EU users to improve its models, on a "legitimate interest" basis with an objection form. Private posts, private messages, under-18 content, and end-to-end WhatsApp messages are not used. The accurate line is narrow and worth holding precisely: public posts and your Meta AI interactions, yes; your encrypted chats, no.
The biggest privacy risks in Meta AI
1. It lives where work and personal blur
The defining risk. The assistant is embedded in the apps people use personally and, for many SMEs, professionally. A customer's address is already in the thread; the assistant is one tap away.
2. Sending to the assistant leaves encryption
People trust WhatsApp because it is encrypted. The moment they tag or open Meta AI, that content leaves the encrypted channel for Meta's servers - a shift most users do not register.
3. No opt-out from data use
Since December 2025, Meta AI interactions are used to personalise ads with no opt-out. The only way to avoid it is not to use the assistant. For a consumer that is a choice; for work data it is a problem.
4. Accidental publishing
The June 2025 Discover feed showed real users publicising sensitive conversations without realising. Even with the later warning, a feature designed around sharing AI chats is a poor fit for anything confidential.
5. No business protections at all
No data processing agreement, no defined retention, no admin controls, no business tier. Unlike enterprise assistants, there is simply no governed version of Meta AI for work data.
Each of these flows from one fact: Meta AI is a consumer assistant placed inside the most personal apps people own.
What is actually at stake: consequences
Under GDPR, putting a customer's or employee's identifiable data into Meta AI is processing through a controller that uses the data for its own purposes - model improvement and ad targeting - with no processor agreement and no defined retention. For regulated data, there is no lawful basis on the business's side to do this. If sensitive data is involved, that is a reportable exposure, not a grey area.
Fines reach EUR 20 million or 4% of global annual turnover, whichever is higher, and the liability rests with the organisation as controller. There is also the accidental-publishing dimension, demonstrated rather than hypothetical: a sensitive chat that ends up on a public feed is a breach that cannot be recalled. The very accessibility that makes Meta AI convenient is what makes its failures personal and public.
Verified incidents
April to May 2025 - EU training resumes under objection-only basis
After pausing in 2024 over Irish regulator and noyb pressure, Meta resumed training its AI on EU public Facebook and Instagram posts, beginning in late May 2025, on a "legitimate interest" basis with an opt-out objection form rather than consent. noyb sent a cease-and-desist and threatened collective action. Source: Irish DPC / noyb / TechCrunch, 2025.
June 2025 - The Meta AI Discover feed
The standalone Meta AI app's public Discover feed exposed users' conversations - including medical, legal, and personal queries - because people did not realise sharing meant publishing. Meta added a warning interstitial after the backlash. A separate bug that could have exposed other users' prompts was fixed after a 10,000-dollar bug-bounty report. Source: TechCrunch / Malwarebytes, June-July 2025.
December 2025 - Ad personalisation from AI interactions, no opt-out
A Meta privacy policy change took effect using voice and text interactions with Meta AI to personalise ads and content across Facebook and Instagram, with no opt-out - the only way to avoid it is not to use Meta AI. Source: Fortune, October-December 2025.
The thread is consistent: a consumer AI, embedded everywhere, monetised by default, with no business-grade controls.
Settings that help
1. Never send sensitive data to the assistant Normal WhatsApp chats stay encrypted; the risk begins when you open or tag Meta AI. For anything confidential, simply do not involve it.
2. Object to training on your public posts In Facebook and Instagram settings, use the Privacy Centre objection form to stop your public posts being used to train Meta's AI - ideally before training, since models cannot easily be un-trained.
3. Use Advanced Chat Privacy and keep AI summaries off Per-chat Advanced Chat Privacy disables certain Meta AI features for that chat and blocks export; keep AI message-summary features off.
4. Keep client work off personal social apps where you can For business communication that carries personal data, prefer a tool with a data processing agreement over WhatsApp/Instagram DMs, and never route regulated data through Meta AI.
Verified against Meta's documentation current to early 2026; Meta AI's controls and policies have been changing frequently.
What settings do not solve
You cannot remove Meta AI from WhatsApp, and you cannot opt out of how your interactions with it are used. Settings can object to training on public posts and limit some features - but they cannot change the fact that the assistant sits inside your most-used apps, or decide what a person types when they tap it.
No control un-sends the customer's address already given to Meta AI. No toggle retrieves a chat that was published to a feed. The two risks that define Meta AI - an assistant embedded where work and personal mix, and a person involving it with sensitive content - are human moments a settings screen cannot reach.
That is the gap between where Meta AI lives and what a person is about to hand it.
How BeeSensible helps before you send
BeeSensible checks personal data in browser text fields - including web-based chats with Meta AI - as you type. Through the desktop app, detection runs entirely on the device and no text leaves the machine. For browser-only use, the extension sends the text to BeeSensible's EU detection service, where analysis runs in working memory and the text is discarded after detection. When sensitive content appears, BeeSensible marks it inline so the user can see exactly what they are about to share - and delete it, replace it with a placeholder, or mask it before sending.
Meta AI