Guide
Is ChatGPT safe to use with company data?
The honest answer is that it depends entirely on which account your team is logged into — and most people have never checked. How to find out in five minutes.

This is the single most common question I get, and it has a frustrating answer: the question is missing a word.
“Is ChatGPT safe” can’t be answered, because ChatGPT isn’t one product. The name covers several tiers that share a logo and a text box while behaving quite differently in the ways you care about. The same is true of Claude, Gemini, Copilot, and every other major assistant.
So the real question is: which one is your team using? Almost nobody knows offhand. Here’s how to find out and what to do with the answer.
The distinction that actually matters
Strip away the marketing and there are two meaningfully different categories.
Personal accounts. Someone signed up with an email address, possibly their work one, possibly not. Your company has no administrative relationship with this account. You can’t see it, audit it, or switch it off. On these tiers, vendors have historically defaulted to using conversations to improve their models, with an opt-out buried in settings that a rounding error of users have ever touched. When the employee leaves, the account and its history leave with them, and you never had a copy.
Business accounts. Your company holds the contract. The vendor is a processor acting on your instructions, which is language that means something specific and useful to your lawyer. These tiers generally do not train on your content by default, and — this is the underrated part — they give you an admin console. You can see who has access, enforce retention, and revoke people on their last day.
Here’s the thing to sit with: the difference between those two is not the model. It’s the same model. It’s the same quality of answer. The difference is entirely the legal and administrative wrapper around it.
Which means the upgrade conversation isn’t “should we pay for better AI.” It’s “should we pay a modest per-seat fee to stop the same work from happening on infrastructure we don’t control.” Framed that way it stops being a technology decision and starts being an obvious one.
Find out what you’re actually on
Five minutes, no tooling required. In the assistant your team uses, look for:
- A workspace or organization name. Business tiers put it in the interface — a workspace switcher, an org label near your avatar. If there’s no workspace, it’s a personal account.
- Who’s paying. Check expenses for AI subscriptions on personal cards. Every one you find is a personal account being used for company work, and it’s outside your control by definition.
- The data controls. In settings, look for whatever the vendor calls “improve the model for everyone” or “data controls.” Check whether it’s on. On personal tiers it usually is by default.
- Whether you can see any of it as an admin. If you have no admin console, you have no visibility. That’s your answer.
Do this before you read another word about AI policy. It takes five minutes and it’s the difference between a real conversation and a theoretical one.
One warning: checking your own account tells you about your own account. It says nothing about the other twenty people who work for you, most of whom signed up on their own and never mentioned it. That’s a separate exercise, and it’s covered in what your team is already doing.
The three things that never go in, regardless of tier
Even on a properly contracted business account, some material shouldn’t go into a general assistant — not because the vendor is untrustworthy, but because you may have promised it wouldn’t, or because the consequences of being wrong are asymmetric.
Anything covered by a contract you haven’t reread. Client NDAs and data processing agreements frequently restrict disclosure to third parties without notice or consent. An AI vendor is a third party. This clause predates AI and was not written with it in mind, which is exactly why it catches people — nobody thinks of a website as a subprocessor. Your contracts don’t care what you thought.
Live credentials and secrets. API keys, passwords, tokens, connection strings. These turn up constantly inside pasted logs and stack traces, which is the point — nobody pastes a credential on purpose. They paste an error message that contains one. Treat anything pasted into any external tool as disclosed, and rotate accordingly.
Regulated personal data, unless you’ve specifically checked. Health records, financial records, anything under GDPR, HIPAA, or a state privacy law. Not automatically forbidden — but it requires the right agreement in place and someone who has actually confirmed it, not assumed it. “Our vendor is probably fine” is not a control.
The rule that survives contact with reality
Most AI policies fail because they’re written as documents rather than as something a person can follow at 4:50pm on a deadline. They run four pages, cite a framework, and get read once during onboarding.
Here’s one that works, because it’s short enough to remember:
If you wouldn’t email it to a vendor you’ve never met, don’t paste it into a chat box. If you’re not sure, ask before you paste, not after.
That’s it. It maps onto an instinct your team already has, it requires no technical knowledge, and it fails safe. You can bolt specifics onto it, but if the one-liner isn’t the first thing people read, the specifics won’t get read either.
Pair it with an easy way to ask — a channel, a person, thirty seconds. Most of the risk in shadow AI isn’t people who don’t care. It’s people who weren’t sure, had a deadline, and had nobody to ask.
The upshot
ChatGPT is not unsafe. A personal ChatGPT account holding your client’s confidential material, with training on, that you cannot see, audit, or revoke, and that walks out the door when the employee does — that’s unsafe. The tool is the same. The wrapper is the entire difference.
So the fix is usually not dramatic. It’s business accounts, one readable rule, and someone who knows what’s actually going on. The hard part was never the technology. It’s that nobody looked.
Vendor tiers, defaults, and terms change more often than you’d expect, and rarely with an announcement. This page describes how to reason about the question and how to check for yourself — deliberately, because a checklist of specific vendor defaults would be out of date before you finished reading it. When something is on the line, verify against the vendor’s current terms, and note the date you checked.