A client asked me something last month that I get asked constantly, in one form or another: "If I paste our customer list into ChatGPT to help me write a segmentation email, does that data just... belong to OpenAI now?" The honest answer is: it depends, and most people never bother to find out which way it depends. That's the real problem. Not that AI tools are secretly vacuuming up your business secrets — though sometimes, under some settings, they can use what you send them — but that almost nobody checks. They either assume the worst and refuse to use any of these tools at all, or assume the best and paste in contracts, financials, and client emails without a second thought. Both of those are guesses. This is about replacing the guess with an actual answer.
Here's the plain mechanical version of what happens when you type something into an AI tool. Your text gets sent over an encrypted connection to the provider's servers, where a model reads it and generates a response, and that response gets sent back to you. That much is true of every tool, free or paid, consumer or enterprise. The part that varies — a lot — is what happens to your input *after* that exchange. Does a copy get stored? For how long? Does anyone at the company, or any automated process, ever look at it? Is it used to make the next version of the model smarter? Each of those is a separate question with a separate answer, and the answer usually lives in a document nobody reads: the data processing terms or privacy policy specific to the product tier you're actually using.
That last phrase — "specific to the product tier you're actually using" — is where most of the confusion comes from. The same company can offer a free consumer chat app, a paid consumer subscription, and a separate business or enterprise product, and the data rules can be meaningfully different across all three, even though the underlying model might be nearly identical. Consumer tiers, especially free ones, have historically been more likely to use your conversations to help improve future models, unless you go into settings and turn that off. It's not universal, it's not necessarily a dark pattern, and plenty of providers now let you opt out easily or default to not training on your data at all — but the default varies by product and it changes over time, so a one-time "I checked this in 2024" isn't good enough.
Business and enterprise tiers, by contrast, typically come with an actual contract — a data processing agreement or equivalent business terms — that commits the provider, in writing, not to use your inputs or outputs to train their models. This isn't a courtesy setting buried in an account menu; it's a term you can point to, and it's usually the single biggest practical difference between "the version my nephew uses at home" and "the version our business is paying for." If you're feeding client names, financials, medical information, or anything you'd be embarrassed to see in a lawsuit exhibit into an AI tool, this is the line that matters most: are you on a plan with that contractual commitment, or are you on one where the company merely says it "currently doesn't" train on your data, which is a different and much weaker promise.
Retention is the second thing people confuse with training, and it's worth separating cleanly. "We don't train on your data" and "we don't keep your data" are not the same sentence, even though they get mentally merged into one reassuring blur. A provider can promise never to use your conversations for training and still retain a copy of every conversation for a defined window — thirty days, ninety days, or indefinitely — for reasons ranging from abuse monitoring to legal compliance to just not having built a deletion pipeline yet. For most small businesses that retention window isn't dangerous by itself — it's closer to how your email provider keeps a copy of what you send. But if you're dealing with anything genuinely sensitive, the retention period, and whether you can request deletion on demand, is a real operational fact you should know, not an assumption.
So what do you actually go check, concretely, instead of guessing? Start with the data processing agreement or business terms page for the specific plan you're on, not the general marketing page — search the provider's site for "DPA" or "data processing." Look for three explicit statements: whether your inputs and outputs are used for model training (and whether that's a hard contractual commitment or a soft, revisable policy), how long data is retained and whether you can request deletion, and where the data is physically processed and stored, since that affects which country's privacy law actually governs it. If you operate anywhere near GDPR-covered customers or handle health or financial data, also check whether the vendor will sign a standard data processing addendum or, for healthcare specifically, a BAA — if a sales rep hesitates or dodges that question, that hesitation is itself useful information.
Two more things worth five minutes each. First, check the subprocessor list — most serious AI vendors publish who else touches your data downstream, whether that's cloud hosting, a customer support tool, or an analytics vendor, because your data's security is only as good as the weakest link in that chain, and you're entitled to know the chain exists. Second, check what happens to data inside the tool versus data connected *to* the tool — a lot of AI products now plug into your email, your CRM, your file storage, and the privacy terms for the core chat product don't automatically cover what happens once it has read access to your entire Google Drive. That's a separate permission and often a separate policy section, and it's the one people skip past fastest because it's usually presented as a one-click "connect" button.
I want to push back gently on the instinct to treat this as unsolvable, because I see business owners swing to both extremes and neither serves them. Some decide that because they can't personally audit a company's server security, no AI tool is ever safe for business use, and they end up doing everything by hand while competitors move faster with the same tools used sensibly. Others decide that because the tool is popular and the company seems reputable, it must be fine for anything, and they paste unredacted client contracts into a free consumer account without ever opening a settings menu. Neither is a decision — they're both just skipped homework wearing the costume of a decision.
The realistic middle is boring and achievable: know which tier you're on, read the actual data terms for that tier once, write down the three or four facts that matter for your business, and make a simple internal rule — for example, "general drafting and brainstorming can go in the standard tool, anything with a client name or a dollar figure goes in the business tier with training turned off." That's not paranoia and it's not naivety, it's just the same kind of basic diligence you'd already apply to picking a bank or a payroll provider, applied to a newer category of vendor. Most small businesses don't need a lawyer for this. They need fifteen minutes and the right three questions.
I write about exactly this kind of practical, no-hype AI decision-making at 013labs.com, if you want more of it.