Back to Changelog
playbookJanuary 3, 20262 min read

How to Secure Your Internal Data When Using ChatGPT

Samsung leaked code to ChatGPT. Don't be Samsung. Here is how to lock it down.

Your Secrets Are Safe (If You Do This)

The biggest fear for enterprise is "Is OpenAI training on my data?" Samsung leaked code to ChatGPT. Do not be Samsung. Here is how to lock it down.

The Three Steps

  1. Opt-Out of Training

Turn off training in settings, or use Enterprise/Team plans that guarantee your data is not used for model training. The consumer version of ChatGPT may use your conversations for training unless you opt out.

  1. Use the API, Not the Chat

The API generally has stricter privacy than the web chat. When you use the API:

  • Data is not used for training (by default with OpenAI, Anthropic, and Google)
  • You control data retention
  • You can enforce encryption in transit and at rest
  • Usage is logged and auditable
  1. Implement PII Scrubbing

Use a middleware layer to remove names, credit card numbers, social security numbers, and other personally identifiable information before sending text to the AI. The AI does not need to know "John Smith at 123 Main St" to generate a useful response.

Enterprise Architecture

For serious deployments, consider:

  • Azure OpenAI or AWS Bedrock — Your data stays in your cloud environment
  • Private deployment — Run open-source models on your own infrastructure
  • Data classification — Not all data needs the same level of protection. Classify and route accordingly.

The Policy

Every company using AI should have a clear AI usage policy covering:

  • What data can be shared with AI systems
  • Which AI tools are approved
  • How to handle sensitive information
  • Incident response for accidental data exposure

We build "PII Redaction" layers into every application we ship. Security is not optional — it is the foundation everything else builds on.