Generative Artificial Intelligence (GenAI) has burst onto the scene, and for good reason. Tools like ChatGPT, Claude, and Gemini are incredibly powerful, offering to streamline workflows, generate content, and produce software source code. For many businesses, they’ve become an indispensable part of everyday work.
But with great power comes great responsibility – and in the case of GenAI, significant risk. For companies with valuable intellectual property (IP) or sensitive data, especially those in high-stakes sectors like engineering, finance, and aerospace, using these public tools without understanding the data policies could prove to be a costly mistake.
Where Does Your Data Really Go?
When you or your employees use a public GenAI tool, you’ll be inputting information to the system.
This usually consists of a written description of what you’re asking the tool to do (called the prompt in AI-speak) and you may also include documents, images or other files for the system to work with (these form part of the context).
For example, you might ask a tool to write a summary of a document – and you’ll need to upload the actual document for it to do so.
However, the information you’ve added doesn’t just vanish after you get a response.
By default, many of these services use your conversations – which may include the content of files you’ve uploaded – to train future versions of their models. This means your sensitive information – be it proprietary code, financial forecasts, or secret design specifications – could end up being absorbed into the AI’s vast knowledge base.
Now, it’s true that some providers are getting better at this. Some services, particularly paid or “business” tiers, offer settings to prevent your data from being used for training. However, this isn’t always the default. It requires you or your team to be vigilant, to dive into the terms and conditions, and to ensure the correct privacy settings are enabled for every single account.
Photo: Vladislav K
How to disable use of your data for training by common AI providers
The details were last checked 1/10/2025
ChatGPT
- Click your Avatar at the bottom-left, then ‘Settings’ > ‘Data Controls’
- Ensure ‘Improve the model for everyone’ is set to OFF
- For certain types of accounts this defaults to ON.
- Don’t use the feedback buttons (thumbs-up / down) on chats containing any sensitive information.
Claude.ai
- At the time of writing Claude is rolling out a new ‘feature’ (targeting September 28th, 2025) where your data can be used for model training unless you opt out.
- Click your Avatar at the bottom-left, then ‘Settings’ > ‘Privacy’
- Ensure ‘Help improve Claude’ is set to OFF. If you don’t see this option, look for a banner announcing changes to the terms and conditions.
Grok
- If you use Grok via a X.com account, you can access the privacy settings here:
- On the X.com homepage, select the ‘More’ option on the left panel
- Select ‘Settings and Privacy’ > ‘Privacy and Safety’
- Under ‘Data sharing and personalization’, select ‘Grok and Third-Party Collaborators’
- Finally ensure ‘Allow your public data as well as your interactions, inputs, and results with Grok and xAI to be used for training and fine-tuning’ and ‘Allow X to personalize your experience with Grok’ are turned OFF.
Is that all? (Spoiler: no)
Even then, there’s a subtle trap many fall into: the feedback buttons.
Have you ever clicked the “thumbs up” or “thumbs down” button on an AI’s response? When you do that, you are almost always sending that entire conversation to the provider for human review. It’s a direct signal that says, “Here, look at this exchange to improve your product.” An employee trying to be helpful could, with a single click, accidentally send a conversation containing sensitive IP directly to the AI company, completely bypassing any data training opt-outs you may have enabled.
The “Good Enough” Fallacy
For a small business writing marketing copy, relying on these opt-out settings might be “good enough.” But for an engineering firm whose competitive edge is a unique manufacturing process, or an aerospace company with designs worth millions, “good enough” is a dangerous gamble.
The core issue is the loss of control. You are relying on:
- The AI provider’s promises, which can change as their terms of service as updated.
- Every single employee to have the right account type, check the right settings, and never use features like feedback buttons on sensitive conversations.
When the stakes are that high, the risk of human error or policy changes is simply too great. The only way to be certain your data is secure is to ensure it never leaves your control in the first place.
Photo: Simon Maage
The Solution: A Private, Secure AI
Thankfully, you can harness the power of AI without risking your company’s most valuable assets. The solution is to build your own private AI system.
This involves taking a powerful open-source AI model – a model that’s publicly available for anyone to use and modify – and hosting it within your own secure cloud environment, such as Amazon Web Services (AWS) or Microsoft Azure.
By taking this approach, you create a “walled garden” for your AI. All data, from user prompts to AI responses, stays within your secure, private infrastructure. There is zero risk of your data being used to train a public model or being seen by anyone outside your organisation. It’s an AI that works only for you.
The Benefits of a Private AI
- Absolute Security and Control: This is the most significant advantage. Your data remains your own, protected by the same robust security measures you use for your other critical systems. You control who has access, period.
- Deep Customisation: A private AI can be fine-tuned on your own company documents, reports, and data. This allows it to learn your specific terminology, projects, and context, leading to far more accurate and relevant responses than a generic public model could ever provide.
- Guaranteed Compliance: For companies in regulated industries, a private AI makes it trivial to comply with data protection regulations like GDPR, as you have a clear and auditable data lifecycle that you fully control.
While setting up a private AI system requires specialist technical expertise, the peace of mind and competitive advantage it provides are invaluable. For any company built on unique knowledge and data, it’s a necessary step to protect your future in the age of AI.
