Privacy-first

What not to paste into AI tools

You can get great results without copying sensitive data into a chat box. Use this guide to protect privacy, reduce risk, and still get useful drafts and analysis.

Apply to AI at Work Read: Trust‑but‑verify
Jan 2026 · ~7 minute read · Safer prompting for work & life

The quick rule

If you wouldn’t put it in a public Google Doc, don’t paste it into an AI tool—unless you have an explicit, approved workflow for that tool.

Don’t paste these (common categories)

Even when you trust the vendor, you want to minimize exposure and keep a clean boundary between “helpful context” and “sensitive content.”

Personal data (PII)

Full names (when not necessary), addresses, phone numbers, SSNs/IDs, passport numbers, student records, medical info, HR details.

Credentials & secrets

Passwords, API keys, private tokens, access links, recovery codes, internal URLs with embedded credentials.

Contracts, legal text, and confidential negotiations

Client contracts, NDAs, pricing terms, deal notes, legal advice threads—especially anything tied to a real person or company.

Customer data & internal company information

Support tickets with identifying details, private roadmap notes, unreleased financials, proprietary processes, internal incident write-ups.

Safer alternatives that still work

You can usually get the same value with sanitized inputs and tighter definitions of done.

  • Summarize, don’t paste. Provide 5–10 bullet facts you’re comfortable sharing.
  • Redact aggressively. Replace names with roles (e.g., “Customer A”), and numbers with ranges when exact values aren’t needed.
  • Use a “safe context brief.” State what’s true, what’s uncertain, and what the model must not do.
  • Ask for structure first. “Give me an outline / decision tree / checklist,” then fill it in locally.

Safe context brief (copy/paste)

This helps you get useful output without leaking sensitive details.

Context (sanitized): [bullets with non-sensitive facts only]
Goal: [what you want]
Constraints: No real names. No proprietary details. No legal/medical advice. Keep it concise.
Output format: [bullets / table / steps]
Definition of done: [what “good” looks like]

Related reads

Better inputs and better checks.