Quieta.ai — Blog

5 Mistakes Professionals Make When Using AI with Confidential Data

2026-04-03T00:00:00Z

5 Mistakes Professionals Make When Using AI with Confidential Data

You probably use AI every day. Summarizing case files, reviewing emails, running data through ChatGPT or Claude to save an hour here or there. Most professionals do. The problem is that every copy-paste is a data transfer. When you drop a contract into a chatbot, client names, deal amounts and internal codes land on someone else's servers. Not because you're careless. Because it's become second nature.

Here are the five most common mistakes, and how to fix them without giving up AI.

Mistake 1: Pasting an entire document without checking what's in it

You need an answer about one clause, so you paste the whole contract. But that contract doesn't just contain legal terms. It holds client names, financial figures, project codes, email addresses, timelines. All of it ends up on the AI provider's servers. Once it's there, you have no control over what happens to it.

Before you paste anything, take 30 seconds. Swap out names for "Client A," amounts for "[AMOUNT]," codes for "[CODE]." It's quick, and it changes the risk profile entirely.

Mistake 2: Trusting "private mode" to protect you

You've turned off chat history. You're paying for the premium plan. So your data must be safe, right? Not quite. The "privacy" advertised by any AI tool is a contractual promise, not an absolute guarantee. That promise can change tomorrow. And even when it holds, your data still crosses the internet, hits external servers and gets processed there. Privacy policies shift regularly, sometimes without much notice.

These tools aren't acting in bad faith. They just weren't built with the assumption that you'd be pasting confidential client files into them.

Mistake 3: Sharing third-party data without a legal basis

You summarize a client's case to save time. You run an internal employee survey through an AI for sentiment analysis. The intent is perfectly reasonable. But if the data involves a third party, you need a legal basis before it goes to an external AI service. A lawyer who drops client case facts into ChatGPT without authorization may be violating attorney-client privilege. A consultant who feeds a client's strategy into an AI without checking the engagement letter could breach their confidentiality clause. The same logic applies across healthcare, HR and finance.

Before you paste, ask one question: "Does this data belong to someone other than me?" If yes, strip the identifiers first.

Mistake 4: Not having a clear personal rule

Without a rule, you make different calls on different days. Monday morning, well-rested, you anonymize carefully. Thursday evening, under deadline pressure, you paste the raw document. Fatigue, urgency and force of habit all work against consistency. And if something goes wrong, you have nothing to point to that shows you had a process in place.

Pick a simple rule and stick with it: "I never paste client data into an AI tool without anonymizing it first." One sentence is enough, as long as you actually follow it.

Mistake 5: Assuming manual anonymization always works

Redacting names and figures by hand is a solid start. But on a 10-page document, you will miss things. A phone number buried deep in a paragraph. A client name tucked into the signature block. An admission date specific enough to identify someone. Manual redaction works fine on short texts. On anything longer, human error becomes inevitable.

Local anonymization tools like Quieta detect sensitive data automatically and replace it before anything leaves your machine. You keep control without relying on your own vigilance.

These five mistakes aren't negligence. They're habits, the kind of shortcuts that come naturally when you're focused on getting work done. Every copy-paste is a data transfer, and it only takes 30 seconds to check what you're actually sharing before you hit enter. Or you can use a tool that checks for you. The professionals who get this balance right will have a real edge. The rest are taking on risks they don't need to take, with their own reputation and their clients'.

Introducing Quieta: Use AI Without Exposing Your Data

2026-04-05T00:00:00Z

Introducing Quieta: Use AI Without Exposing Your Data

I have built Quieta with some friends because I realized how much data I was giving away to AI.

Like most people who use AI daily, we started small. A contract clause. A draft email. A financial summary. Then, over weeks, we noticed: we were feeding more and more of our professional lives into ChatGPT, Claude, Gemini, Mistral and other tools. Client names, project details, personal messages. Each one felt harmless. Add them up, and we'd handed a detailed map of our work to platforms we don't control.

The risk isn't one document. It's the accumulation. Over months, these platforms build a picture of your life, professional and personal. If that data is ever exposed (and breaches happen regularly), it's not one conversation that leaks. It's everything, all at once.

Lawyers, consultants, healthcare workers, HR teams all face this. But so do freelancers, students, anyone who uses AI intensively and doesn't want their entire history on someone else's servers. None of us had a good option. So we built one.

What Quieta does, and how

Quieta anonymizes your documents locally, on your device, before any data is sent to an AI chatbot. Names, dates, identifiers, project codes are replaced with neutral placeholders. By the time your text reaches the AI, the sensitive information is gone.

Under the hood, this isn't simple pattern matching. Quieta runs a bidirectional transformer model (about 1 GB) trained for Named Entity Recognition, directly on your machine. The model uses zero-shot recognition: it identifies sensitive entities from context, not from a fixed list. It doesn't need to have seen your client's name before. On NER benchmarks, it matches the performance of cloud LLMs, but your data never leaves your computer. No GPU, no internet, no server in the loop.

That's the combination that didn't exist before: real AI intelligence, your data stays 100% local.

The workflow

1. Load your document. Paste text, upload a file, or import from your clipboard. Quieta flags sensitive entities: names, emails, project codenames, internal references. You decide what to mask and what to keep.

2. Paste into your AI tool. Copy the anonymized version and use it in any AI chatbot. Get your analysis, your summary, your draft.

3. Get your original data back. Quieta restores the real names and identifiers in the AI's response. You read the final result with your actual data, not placeholders.

That's it. Your sensitive data never left your device.

Example: a contract clause

Before Quieta:

7.2 The total aggregate liability of Precision Manufacturing under
this Agreement shall not exceed the fees paid by Acme Corp during the
twelve (12) months preceding the claim. Contact for notices:
Sarah Chen (sarah.chen@acmecorp.com) and James Williams
(james.williams@precisionmfg.com).

After Quieta:

7.2 The total aggregate liability of [COMPANY_2] under this Agreement
shall not exceed the fees paid by [COMPANY_1] during the twelve (12)
months preceding the claim. Contact for notices:
[PERSON_1] ([EMAIL_1]) and [PERSON_2] ([EMAIL_2]).

You ask your AI tool "Is this liability cap standard for a services agreement?" and get useful analysis, without exposing who the parties are.

Who it's for

Anyone who uses AI regularly and has ever thought "I probably shouldn't paste this." Whether you're a freelancer, a student, or someone who doesn't want personal conversations on a server somewhere.

And especially professionals who handle confidential data daily: lawyers, healthcare workers, HR teams, consultants under NDA. For these roles, the stakes aren't just personal, they're legal.

Why not just use "private mode"?

Disabling chat history helps, but your data still travels to external servers and is stored at least temporarily. "Private" means the conversation won't train the model. It doesn't mean your data stays on your machine.

Quieta solves a different problem. The sensitive information is removed before anything is sent. The data simply isn't there anymore.

Get started

Try Quieta at quieta.ai. Load a document, review what's detected, paste the anonymized version into your AI tool.

It takes seconds. Try it on something that's been making you hesitate.

Questions? jc@quieta.ai

What ChatGPT's TOS really says about your prompts

2026-05-12T00:00:00Z

What ChatGPT's TOS really says about your prompts

Before your next ChatGPT prompt, take three minutes. We read OpenAI's Terms of Use and Privacy Policy in full. Here is what they say about the consumer versions, Free, Plus, and Pro. Three things stand out, plainly: your prompts are used by default to improve the model, conversations are kept for at least thirty days, and the so-called Temporary Chat does not erase everything. The rest of this article documents each point against OpenAI's own sources.

We use ChatGPT as the example because it is the most-used. What we document here applies, with minor variations, to Claude and to Gemini. It is the standard economic model of consumer LLMs. The point is not a specific vendor. The point is the default architecture of a tool that learns from its users and that has to moderate what passes through it. Our goal is to make these clauses readable, not to single anyone out.

What does OpenAI do with your prompts?

By default, OpenAI uses your prompts and the model's responses to improve its systems. The "Improve the model for everyone" toggle is on when you create an account. You can switch it off in Settings, Data Controls, but most users do not, and no one walked them through it at signup.

This is confirmed by OpenAI's Privacy Policy and its Help Center page on data use for training. The rule is the inverse of what many users assume. It is not opt-in, it is opt-out, and you need to know where to look.

By default, ChatGPT uses your prompts to improve its models, and the opt-out is enabled at signup, not visible to most users. This default only applies to the consumer tier. ChatGPT Team, ChatGPT Enterprise, and API calls are not used for training by default, as OpenAI states explicitly. But the version most professionals reach for during the day is the consumer version.

For context, Anthropic updated its policy in late September 2025 and now also uses Claude consumer conversations to train models by default, unless the user opts out. Google does the same with Gemini, configurable through "Gemini Apps Activity." The pattern is consistent across the industry. The free or consumer tier funds the next version of the model.

Concretely, if a lawyer pastes a draft contract into ChatGPT Plus without changing the settings, that contract may feed the next training run. The same contract in Claude or Gemini follows a comparable path.

How long does OpenAI keep your conversations?

OpenAI retains conversations for at least thirty days. Beyond that, retention can extend "for legal, regulatory, or safety reasons." That language, which appears in the Privacy Policy, covers essentially any motive in practice.

A concrete example of what this clause allows: between May and September 2025, OpenAI was compelled by a court order in the New York Times litigation to retain all conversations indefinitely, including those deleted by users and Temporary Chats. The standard practice resumed on September 26, 2025. The interesting point is not that OpenAI did anything wrong. It is the reminder that retention is not a contract with you. It is a balance between vendor policy and the legal obligations the vendor is subject to.

Conversations are retained for at least 30 days, and longer for legal or safety reasons, a clause that covers nearly anything in practice. When you delete a conversation in the interface, it is purged within thirty days per the documentation. That purge applies to standard backups only, not to exceptional retention compelled by legal process. Claude and Gemini follow comparable patterns: thirty days for Claude under opt-out, up to eighteen months by default for Gemini.

Is ChatGPT's Temporary Chat actually private?

Temporary Chat is the option offered for a conversation that does not appear in your history. On paper, it is the equivalent of a browser's incognito mode. In practice, the coverage is narrower than the name suggests.

What Temporary Chat does: it keeps the conversation out of your history, and it prevents that conversation from being used to train the model. What it does not do: it does not erase the conversation immediately. OpenAI states that these exchanges are retained for up to thirty days for abuse moderation, in line with its Terms of Use.

Temporary Chat turns off history and training, but OpenAI keeps the conversation for up to 30 days for abuse moderation. Private does not mean invisible. If an employee pastes client data into a Temporary Chat believing it disappears, that data sits somewhere in the vendor's systems for a month, in theory accessible to human review or to a lawful request. The moderation logic is universal: every consumer LLM vendor maintains a moderation window over "private" conversations.

Who can read your ChatGPT conversations?

OpenAI's Privacy Policy is explicit on this point. Humans can review conversations, in three main cases.

For content moderation, internal teams or subcontractors review conversations flagged as potentially abusive, dangerous, or in violation of the terms. For model improvement, annotators read samples of conversations to evaluate response quality and correct flaws. For legal requests, OpenAI can produce conversations in response to subpoenas, civil discovery, or valid administrative requests.

None of these three cases is exceptional. All online service providers operate this way, and Anthropic and Google apply comparable arrangements. What these clauses imply for professional use is, however, worth stating plainly: a system where third-party humans can access conversations under criteria defined by the vendor is not designed to receive data whose confidentiality is governed by attorney-client privilege, a client contract, or sector-specific regulation.

For a lawyer, attorney-client privilege is placed under tension the moment the first client data is sent. For a doctor or nurse, HIPAA in the United States and GDPR Article 9 in Europe are in play with every clinical note pasted for rewriting. For a consultant or executive, the NDA signed with the client becomes difficult to honor. For HR, candidate and employee data leave the perimeter defined in the company's data processing register. The point is not about ChatGPT. It is about the act of pasting sensitive data into any consumer LLM.

Not a scandal, but still a problem

Nothing above is hidden. It is all written, plainly, in public documents. Sources are listed at the bottom of this article. OpenAI documents its practices better than the sector average and offers controls that did not exist two years ago. Anthropic has made similar choices, so has Google. This is the state of the art today.

The issue is therefore not a vendor. The issue is that the confidentiality of professional data should not depend on a checkbox no one reads, or on a subscription tier, or on a jurisdiction that can change tomorrow. A lawyer, a nurse, a consultant, or an HR manager should not have to choose between productivity and confidentiality every time they paste a text into a prompt. And a privacy policy, however carefully drafted, can be amended, or overridden by a court order, as the summer 2025 episode showed.

The protection of confidential data cannot rest entirely on the goodwill of a third-party vendor, however serious. It is a simple principle, but it is the conclusion that the consumer-LLM terms of use, read in full, impose.

What you can actually do

Three immediate actions if you use ChatGPT, Claude, or Gemini in a professional context.

Turn off the training option in settings. For ChatGPT, it is "Improve the model for everyone" in Data Controls. For Claude, it is the option to use conversations for training, under Privacy. For Gemini, it is "Gemini Apps Activity." The direct link to the ChatGPT procedure is in the sources at the bottom of this article. This stops your prompts being used for training, but it does not affect moderation retention or human-review access.

If your organization can afford it, switch to Team or Enterprise tiers across vendors. These exclude prompt-based training by default, offer stronger contractual guarantees, shorter retention commitments, and sometimes data-residency options. They still do not resolve moderation retention, nor data production in response to a lawful request.

Most importantly, anonymize before you send. The only reliable way to prevent sensitive data from being processed by a third-party vendor is to make sure it never leaves your machine in the clear. Replacing names, project codes, financial figures, dates, and identifiers with placeholders before the data reaches the LLM does not depend on account settings, contract terms, or jurisdiction. This is the local-first approach, also called client-side anonymization: confidentiality by construction, not by trust.

Quieta applies exactly this principle. Anonymization happens locally on the device, before the prompt leaves the machine. It works with ChatGPT, Claude, Gemini, and other LLMs. Free for individual use, seven dollars per month for professional use. The site is quieta.ai.

Local anonymization, before the data leaves your machine, is the only answer that does not depend on settings, on a vendor, or on a jurisdiction.