Accelerate AI · Quick Reference

Protecting Your Data with AI

A take-home guide for small and mid-sized businesses

The one rule

Before you paste anything into an AI tool, ask: "Would I be okay if this became public?" If the answer is no, it does not belong in a public AI tool.

Match your data to the right tool

STOP

Keep out of public AI tools

Customer and payment data, employee SSNs and records, CRM exports, R&D, passwords and credentials, network and IT details.

InsteadUse an approved tool with a signed data agreement, or a private, locally run model.

CAUTION

Approved tools only

Vendor lists and pricing, sales projections, internal drafts and contracts, anything that hands a competitor an edge.

InsteadUse a business or enterprise account with model training switched off.

GO

Fine for everyday use

Public marketing copy, general how-to questions, already published material, brainstorming with no real company data.

StillSkip anything you would not send in an external email.

Five moves to make this week

  1. Inventory and label. List your data, systems, and vendors, then tag each one high, medium, or low risk.
  2. Name your approved tools. Decide which AI tools are allowed and write it down where the team can see it.
  3. Lock down the settings. In each tool, turn off model training and chat history wherever the option exists.
  4. Choose business-grade plans. Prefer accounts whose terms keep your data out of model training.
  5. Set one clear rule. "Never paste customer data, financials, or credentials into a tool we have not approved." Then watch for Shadow AI, the unapproved tools people quietly start using.

What these tools keep

Hosted tools (ChatGPT, Copilot, Claude, and others) can store your prompts, uploaded files, the responses, and metadata like time, IP, and account.

That data may be used for training, service improvement, quality checks, and security monitoring.

It can also surface through breaches, human reviewers, third-party vendors, or stolen logins. Modern models are built to prevent leaks, but nothing is absolute.