These aren't hypothetical risks. Each represents a documented, operational reality of how major AI platforms work today.

1. Conversations are stored by default, and the opt-out is not obvious.

Major AI platforms retain chat histories unless users actively locate and disable the setting. OpenAI's privacy documentation, as of early 2026, notes that even when users disable history, conversations are held for 30 days for safety monitoring before deletion. Disabling history on ChatGPT prevents training use, but that's different from the data not being stored at all. These are not the same thing, and the distinction matters.

2. Human reviewers read a sample of what users type.

Trust and safety workflows at AI companies include human review of conversations both flagged content and random samples. A 2023 TIME investigation documented the outsourced human review process OpenAI used for ChatGPT outputs. The specific vendor arrangement has evolved since then, but the underlying practice has not disappeared from the industry. If you typed a client's name or your home address into ChatGPT, a person may have read it.

3. Stored data is a breach target.

In March 2023, OpenAI disclosed a bug that briefly exposed chat titles and billing details for roughly 1.2% of ChatGPT Plus users. That incident involved metadata, not full conversation content. A breach exposing conversation histories would be substantially more damaging particularly for users who had discussed health conditions, legal matters, or business strategy. Stored data creates stored risk. The two scale together.

4. Consumer AI tools sit outside enterprise data governance.

Employees using free or personal AI accounts for work tasks are operating outside any data processing agreement their employer has negotiated. Research by Cyberhaven in 2024 found that a measurable share of workers had pasted proprietary company data source code, financial records, customer information into AI tools. This is where personal privacy risk crosses into professional and legal exposure. Sharing a client's details under an NDA, or a patient's health information governed by HIPAA, via a consumer chatbot is not merely unwise. It may be reportable.

5. Plugins and third-party integrations extend the data chain beyond one company.

When you use a custom GPT, a workflow built on an AI API, or a third-party plugin, your input may pass through additional services with their own storage and data-sharing practices. The FTC flagged this specifically in 2023, noting that the chain of data custody in AI-assisted workflows is frequently opaque to end users. The risk profile of using ChatGPT directly is meaningfully different from using a third-party tool built on top of it.

A note on platform variation: These five risks apply in varying degrees across ChatGPT, Gemini, Claude, Copilot, and Meta AI. Storage periods, human review practices, and opt-out mechanisms differ by platform. The safest assumption is that all five apply to any consumer-tier product unless you have documentation showing otherwise.

Abstract risk is easy to discount. These scenarios are not hypothetical they represent the kinds of inputs that regularly appear in consumer AI tools.

The customer complaint with real names attached. A support manager pastes a verbatim complaint email into ChatGPT to draft a response. The email contains the customer's full name, account number, and a description of a medical device issue. That's a potential HIPAA problem, a customer data exposure, and a conversation that may now sit in OpenAI's systems for 30 days minimum all to save ten minutes of writing time.

The board memo. A startup founder pastes a draft board update into Claude to clean up the prose. The memo contains unannounced revenue figures, a pending acquisition target, and the names of two executives being let go. None of that was meant to leave the building. It just did.

The lab results. Someone pastes their own blood panel into a chatbot to ask what the numbers mean. Personal risk, personal choice. Now flip it: a clinic administrator pastes a patient's results to draft a follow-up letter. That's a HIPAA-covered entity transmitting protected health information to a consumer service with no data processing agreement in place. The convenience is the same; the consequences are not.

The API key in a code snippet. A developer pastes a block of production code to debug a function. The snippet includes a hardcoded API key for a payment processor. The key is now in a conversation log. Whether or not anyone reads it today, it belongs to infrastructure that gets breached, audited, and retained. Rotate it.

Each of these shares a common feature: the person typing wasn't trying to do something wrong. They were trying to do something fast. The decision framework above safe to paste, sanitize first, never paste exists for exactly these moments.

Some information doesn't belong in a general-purpose AI chatbot under any circumstances. No temporary chat mode, no scrubbing, no workaround makes these categories acceptable inputs:

• Government identification numbers: Social Security numbers, passport numbers, national ID numbers
• Medical or health information: diagnoses, prescriptions, insurance details, anything that could identify a patient
• Financial credentials: full account numbers, passwords, API keys, or any authentication token
• Confidential legal communications: content covered by attorney-client privilege can lose that protection once shared with a third party
• Regulated third-party data: client or customer records covered by NDAs, HIPAA, GDPR, or similar frameworks

If your task requires AI assistance with any of the above, the right tool is an enterprise-tier product with a signed data processing agreement. If no such product is available, the task gets done without AI.

The personal/professional split matters here more than anywhere else. Typing your own symptoms into a chatbot is a personal privacy risk unwise, but the exposure is yours to carry. Typing a patient's symptoms, a client's financial records, or an employee's personnel data is a compliance risk with potential legal consequences and notification obligations that extend well beyond you.

Step 1: Scrub inputs before pasting.

Remove names, company names, dollar figures, addresses, and any identifying detail before pasting text into a chatbot. Replace them with placeholders: "Client A," "[REVENUE FIGURE]," "[CITY]." The AI doesn't need real identifiers to help restructure a paragraph or review an argument. This takes under a minute and eliminates the most common form of accidental oversharing.

After this step: Your prompt accomplishes the same goal with nothing you'd regret seeing in a breach disclosure.

Step 2: Use temporary chat modes for anything sensitive.

ChatGPT offers Temporary Chat in the left sidebar. Gemini users can disable "Gemini Apps Activity" in Google Account settings. Claude's training opt-out is available through Anthropic's privacy settings. These modes limit what's retained for training purposes they don't make your data ephemeral, but they reduce the exposure surface.

Warning: Browser private or incognito mode does not affect AI data retention. It controls your local browser history only. Don't confuse the two.

Step 3: Verify your workplace policy before using consumer AI for any work task.

If your organization has an AI use policy, read it before using a consumer tool for anything work-related. If no policy exists, treat client data, internal financials, and proprietary information as off-limits for consumer AI tools by default. The compliance and reputational exposure from a breach involving customer data is not offset by faster first drafts.

Work through these steps in order. The goal is reducing future exposure and documenting that you responded promptly.

Step 1: Delete the conversation from your history now.

All major platforms allow deletion of individual conversations. Do it immediately. Per OpenAI's documentation, deleting a conversation removes it from training data consideration but deleted conversations typically remain in backup systems for 30 to 90 days. Deletion reduces risk; it is not erasure. Other platforms have their own retention timelines, so check the relevant privacy documentation.

Step 2: Submit a formal data deletion request.

This is distinct from deleting a conversation in the interface. Under GDPR and CCPA, platforms operating in covered jurisdictions are required to honor requests to delete personal data but the scope of those protections depends on where you're located and how the platform processes your data. Contact points as of early 2026:

• OpenAI (ChatGPT): privacy.openai.com
• Google (Gemini): Google's data deletion request form
• Anthropic (Claude): [email protected]
• Microsoft (Copilot): Microsoft's privacy dashboard

GDPR response time is 30 days. CCPA allows 45 days with a possible 45-day extension. Save copies of your request and any acknowledgment you receive.

Step 3: Rotate any credentials that appeared in the conversation.

If a password, API key, or any authentication token appeared in the conversation even incidentally treat it as compromised and rotate it immediately. This step is non-negotiable regardless of the circumstances.

Step 4: Determine whether affected parties need to be notified.

If the shared information belonged to someone else a client, employee, patient, or customer you may have a notification obligation. The practical rule: if the situation were reversed, you'd want to know. Consult your legal team or a privacy attorney if you're uncertain about specific obligations. Acting proactively is almost always less costly than a formal breach disclosure process later.

Step 5: Document your response.

Write down what was shared, when, on which platform, and every step taken in response. If this becomes a compliance inquiry or legal matter, a clear contemporaneous record demonstrates good-faith, timely action.

The EU AI Act entered into force in August 2024, with enforcement timelines running into late 2026 and beyond. Better rules are coming. They're not here yet.

That gap matters because AI use is becoming routine faster than privacy norms, workplace policies, or data processing contracts are catching up. Most people using these tools daily have never read a platform's privacy policy. Most organizations with AI use policies wrote them in the last 18 months and haven't updated them since. Meanwhile, the inputs keep getting more sensitive meeting notes, client work, financial models, medical questions because the tools keep getting more useful.

Treating a disclosure decision as a publishing decision is the mental shift that actually sticks. Before pasting anything into a chatbot, ask: would this be a problem if it appeared in a breach notification? If yes, scrub it or leave it out. Consumer AI tools are genuinely useful. They are not confidential. Managing the distance between those two facts is now a basic professional skill one that most people are still figuring out after the fact.