My wife works at a medical malpractice law firm.
So most of what she deals with every day is the kind of stuff you don’t casually throw into a third-party tool:
- Medical records
- Timelines
- Expert reports
- Patient details
She wants to make the most of her time and use ChatGPT to its fullest extent.
Summarizing a 1,200-page report in seconds is useful. Pulling out key facts is useful. Cleaning up messy notes is useful.
So naturally the question comes up:
“Can I just paste this into ChatGPT?”
Sometimes, but when you’re dealing with these types of documents it’s usually not.
It’s Not AI, It’s the Data That’s Persisted
Most of the risk people talk about with AI isn’t really about the model itself.
It’s about what people paste into it without thinking.
Names. Addresses. Dates of birth. Medical histories. Internal notes. Legal strategy.
Stuff that was never meant to leave a controlled environment suddenly ends up in a prompt box.
Security researchers at LayerX found that employees are regularly pasting company data into AI tools as part of their normal workflow — including sensitive information — often just to move faster.
That lines up pretty well with what I’m seeing: people aren’t trying to leak data, they’re just trying to get their work done.
If you’re working in legal, medical, or really any business handling customer data, there are a few things worth keeping in mind.
You’re sending data to infrastructure you don’t control. Even when companies are clear about how they handle data, you’re still relying on policies, configurations, and settings being exactly what you think they are.
Conversations with AI tools aren’t protected the way people sometimes assume. There’s no attorney-client privilege here. No special confidentiality layer just because it feels like a “chat.”
In 2026, a senior official at the Cybersecurity and Infrastructure Security Agency uploaded sensitive internal documents into a public ChatGPT instance, triggering an internal review and security concerns.
Why I Built a PII Redactor
I decided to build a simple PII redactor tool:
https://www.tahoedev.com/tools/pii-redactor
It removes common PII before you send anything into an LLM.
Names, emails, phone numbers, IDs — things that usually don’t help the model do its job.
A few things worth knowing:
- It’s completely free
- It does not store your data
- It’s built to be fast and disposable
Paste, redact, use your AI tool like normal.
It’s pattern-based, so it’ll catch a lot but not everything. And sometimes it might remove something you actually wanted to keep.
If something feels off or isn’t working the way you expect, that’s useful feedback — please reach out through the contact form.
Appendix: How to Use AI Tools With Better Privacy Settings
ChatGPT {#chatgpt}
Training on your data: Enabled by default (for many accounts)
How to turn it off:
- Click your profile (bottom left)
- Go to Settings
- Open Data Controls
- Toggle off “Improve the model for everyone”
Optional:
- Use Temporary Chat for sensitive work
- Avoid uploading raw documents with PII/PHI
Google Gemini {#gemini}
Activity & retention: Enabled by default
How to change it:
- Open your Google Account
- Go to Data & Privacy
- Find Gemini Apps Activity
- Turn it off or enable auto-delete
Notes:
- Be careful with Drive integrations
- Treat connected data as accessible
Grok {#grok}
Data usage: Enabled by default
What to check:
- Go to Settings → Privacy and Safety
- Review data usage / training settings
Baseline rule: Assume inputs may be logged.