Spell-check for privacy
Blog
AI data leakage 8 min read

What you can and cannot share with AI

A practical checklist of data you should never put in an AI tool, what is usually fine, and the rule of thumb that helps you decide in borderline cases. It applies beyond chatbots, to meeting AI, email assistants, and transcription too.

Employee typing a prompt and checking which data it contains
Quick answer

Do not put data into an AI prompt that makes someone identifiable or that is confidential: national ID numbers, passwords, bank and credit card details, medical information, customer or patient records, contracts, source code, and secrets or tokens. General questions and anonymised or placeholder text are usually fine. The rule of thumb: if you would not email this information to a stranger outside your organisation, it does not belong in an AI chatbot either. Under the GDPR, a prompt is a processing moment, not a scratchpad.

01

Never share: national IDs, passwords, payment data, medical data, customer and patient records

02

Usually fine: general questions, anonymised text, dummy data, and placeholders

03

The rule of thumb: would not email it to a stranger means do not put it in a chatbot

04

A prompt is a processing moment under the GDPR, not just a text field

05

Watch files and screenshots: they often contain more than you think

A support agent wants to rewrite a complaint neatly and pastes the whole email thread into ChatGPT. At the bottom sit a name, an account number, a phone number, and an IBAN. The question was useful. The problem is the context that came along.

That is how an AI data leak usually starts: not with a hack, but with a paste. The good news: a short checklist and a rule of thumb prevent most of it.

Why this matters: a prompt is a processing moment

To you, an AI chatbot feels like a scratchpad with superpowers. Under the GDPR it is something else: a place where data is processed, possibly stored, remembered, analysed, or passed to a connected app. Whatever you type, you essentially hand over to the platform. In a personal or free account, that text may also be used to improve the model, unless you have turned that off.

So the first question is not whether the answer is correct, but which data you put in the prompt and whether it needed to be there.

What you never put in an AI prompt

This data does not belong in a chatbot, not even "just quickly":

  • Passwords, PINs, and recovery codes. Login details go to no one.
  • National ID, passport, or licence numbers. Unique numbers that make a person directly identifiable.
  • Bank and credit card details. IBAN, card numbers, CVC.
  • Medical information. Lab results, diagnoses, treatment notes. A chatbot is not bound by the same rules as your doctor.
  • Customer and patient records. Names combined with files, contracts, or payment data.
  • Confidential company data. Internal memos, strategy, non-public figures.
  • Source code with secrets. API tokens, keys, configuration with credentials.

The common thread: the more a piece of data makes someone identifiable, or the more confidential it is, the stronger your reason to share it has to be. In practice, that reason almost never exists.

What is usually fine

AI is most useful when you give it the task without the sensitive content:

  • General questions. Explanation, structure, brainstorming, language and tone.
  • Anonymised text. Replace real names with "Customer A", round amounts, drop locations.
  • Dummy data and placeholders. Use name@example.com and Account 0000 instead of the real value.
  • Your own non-confidential work. A blog, a public text, a draft without personal data.

You often do not need the real data to get the task done. Improving a review sentence works without the salary or medical context. Drafting a payment email works with a placeholder IBAN. That is the core idea: keep the task, minimise the traceable data. More techniques are in the prompt redaction guide.

Watch files and screenshots

Files are the biggest blind spot. A PDF can contain customer names, order numbers, contract parties, or retention periods. A phone screenshot can quietly show notifications, email addresses, calendar entries, or location data. What you do not see, you still upload. So check a file before you put it in an AI tool, or strip the sensitive parts first.

The rule of thumb for borderline cases

Not sure? Use these two:

  1. The stranger test. Would you not email this to a stranger outside your organisation? Then it does not belong in an AI chatbot.
  2. The minimum test. The fewer traceable details, the lower the risk. Leave out what the task does not need.

How to make this visible in the moment

The tricky part is that you often spot a sensitive detail only after you have sent it. A mental checklist helps, but under time pressure something slips through. That is why it helps to make the risk visible as you type.

BeeSensible highlights sensitive data while you write a prompt in browser-based AI tools. You see a coloured highlight on, say, a name, an IBAN, or an ID number, and you decide what to do: remove it, replace it with a realistic alternative, or mask it. The task stays intact, the traceable data comes out, before you send.

Want to know whether your specific tool stores your data or uses it for training? Read about ChatGPT and work data, or see the broader overview on AI data leakage.

FAQ

Common questions

Can you put personal data into ChatGPT?

Only with a clear lawful basis, purpose limitation, data minimisation, and an approved work environment. In a personal or free account, it is usually unwise to use customer, patient, employee, or case data.

What should you truly never share with an AI chatbot?

Passwords, PINs and recovery codes, national ID and passport or licence numbers, bank and credit card details, medical information, confidential company data, source code, and secrets or API tokens. These do not belong in a prompt.

Is anonymised data safe to share?

Anonymised or placeholder text is much safer, as long as the data is genuinely no longer traceable to a person. Replacing a name with 'Customer A' helps, but watch that combinations of details can still make someone identifiable.

Does this apply to files and screenshots too?

Yes, and that is often where it goes wrong. A PDF can contain customer data or retention periods, and a screenshot can quietly show names, email addresses, notifications, or calendar entries. Check a file before you upload it.

What is a good rule of thumb for borderline cases?

If you would not email this information to a stranger outside your organisation, it does not belong in an AI chatbot. And the fewer traceable details, the lower the risk.