Most corporate AI leaks aren't dramatic. Nobody hacked your model provider. Someone on the sales team pasted a draft client contract into a free ChatGPT tab to clean up the wording, and now OpenAI has a copy.
If you handle anything sensitive at work — client data, source code, financials, unreleased product details — and you're using AI tools to actually do your job, this is the practical playbook. The policy PDF on the company wiki doesn't count.
Know what "leaking" actually means
Three places your data can end up that you didn't intend.
The provider's training set. On free tiers and most personal plans, OpenAI, Google, and (until recently) Anthropic reserved the right to train on your inputs by default. Assume training is on unless you've checked.
The provider's logs. Even on enterprise plans where training is disabled, prompts and responses sit in their systems for a retention window. Anthropic's API default is 30 days. OpenAI Enterprise is configurable. If a subpoena lands, those logs are reachable.
Your own coworker's screen. The most common leak is internal. Someone drops a confidential prompt into a shared Notion AI workspace, and anyone with access to that page can see it. Same risk with Slack AI recaps and the Gemini sidebar in Gmail.
Turn off training on every account
The cheapest fix in the entire stack, and the one people skip.
ChatGPT: Settings → Data Controls → "Improve the model for everyone" → off. Do this on every personal account anyone at the company is using for work.
Claude: Settings → Privacy → uncheck the "Help improve Claude" toggle. Verify on every account; the default is supposed to be opt-in now, but I've seen it flipped.
Gemini: myactivity.google.com → Gemini Apps Activity → off. Google buried this one.
For team-wide use, get on an enterprise plan. ChatGPT Enterprise, Claude for Work, and Gemini for Google Workspace all have zero training as the contractual default, plus admin controls and SAML SSO. Cheapest tier is in the $25-30/seat range and worth every cent the first time a customer asks where their data goes.
Match the tool to the tier of secret
Three buckets:
Bucket 1: safe to paste anywhere. Public marketing copy. Generic technical questions. Code that's already open source. Drafts of personal emails.
Bucket 2: enterprise account only. Internal strategy docs. Customer names. Financial numbers that aren't public. Code from a private repo. Vendor contracts.
Bucket 3: never leaves the laptop. PII. Regulated data (HIPAA, PCI). Source code with proprietary algorithms. Anything covered by an NDA you signed last week.
The mistake people make is using one tool for all three. If you only have a ChatGPT Plus subscription, you will eventually use it for a bucket-three prompt. The day it happens, you won't remember it happened.
Redact before you paste
Even on an enterprise plan, build the habit of stripping identifiers before you submit.
Customer name becomes "Customer A." Specific dollar amount becomes a rough order of magnitude. API key becomes the literal string "REDACTED" (do this before the paste, not after; once submitted, it's submitted).
A useful test: if a journalist screenshotted the prompt, would you be okay with what they saw? If no, redact.
For code, paste only the function you're working on, not the whole file with surrounding business logic. The model doesn't need your authentication middleware to help you fix a SQL query.
Local models for the bucket-three stuff
Two years ago I would have told you local LLMs were a toy. They're not anymore.
Llama 3.3 70B on an M3 Max with 64 GB of RAM is genuinely usable. Qwen 2.5 32B is faster and, for everyday tasks like summarization or light coding help, most people couldn't tell the difference from Claude in a blind test.
The workflow: install Ollama, pull a model, point a local chat client like Enchanted or LM Studio at it. Nothing leaves the laptop. For the 5% of prompts that contain stuff you absolutely cannot send to a cloud provider, this is the answer. A local model at 85% of Claude's quality beats Claude when the gap is "the data left my machine" versus "it didn't."
What I'd actually do on day one
Audit the AI subscriptions your team is paying for. Cancel the personal ones and consolidate to an enterprise account. Turn off training on every remaining personal account. Write a one-page redaction guide and pin it somewhere people will read. Install Ollama on the laptops of anyone who handles PII.
The policy PDF can come later. The settings should change today.
Next post: a closer look at running Qwen 2.5 locally on a MacBook Pro, and whether a 32 GB machine is actually enough.