By The Most Secure Man Alive | WISECLICK Ambassador
AI is a wonderful tool. I use it daily. I find it patient in a way most assistants are not, and quicker than I have any right to expect.
It also has a memory. Most owners I know are quietly surprised by what their team's free AI tool has been learning, on their behalf, about their clients.
A bookkeeper I know rang me on a Tuesday morning. She had a client BAS open on her screen — full company details, ABN, quarterly figures, the lot — and she'd just pasted the whole thing into ChatGPT to get a plain-English summary for her client. The summary came back in seconds. It was useful. It saved her ten minutes she did not have.
She rang me about an hour later, when a thought had caught up with her.
"Where did all that go?"
This is the post about that.
What actually happened
When you paste something into a free AI tool, two things happen at once.
The first is the obvious one. The tool reads your prompt, runs it through a model, and sends a response back. That part is the bit you can see.
The second is quieter. Your prompt — and the response — leave your computer, travel across the public internet, arrive at a server owned by a vendor you have never met, and are stored there. How long they stay, who can read them, and whether they're used to train future versions of the model depends entirely on the vendor's settings — and on whether anyone has ever opened that settings page on your account.
It is, in essence, the difference between using a tool and being inside the tool. The free tier is the second one.
In the bookkeeper's case, what left her computer was a client's full company name, ABN, quarterly turnover, GST position, and the kind of financial detail she would not, under any circumstances, post on a public website. It is now sitting on infrastructure she doesn't control.
The vendor is not a criminal. The vendor is a business. The business has a privacy policy. The privacy policy is a document that, among other things, lists the things the vendor has reserved the right to do with the data she just gave them.
A privacy policy is a document. It is also a list of permissions, written by the vendor, in the vendor's favour. The two ideas are connected.
Three things to keep an eye on
The Australian Signals Directorate, in collaboration with New Zealand's National Cyber Security Centre and the Council of Small Business Organisations Australia, published a calm and rather useful guide on this in January. It identifies three things small businesses should know about when their team starts using cloud-based AI tools.
I find the framing accurate, and I'd put them in roughly this order.
Accidental leaks. Someone on your team pastes something they shouldn't, the way the bookkeeper did. They didn't mean to. They were trying to get their job done faster. The information is now on a vendor's server, and you would have no way of knowing, because nothing visibly went wrong.
Unauthorised access. The vendor's server is, by definition, not yours. If someone breaches the vendor, your data is part of what they get.
Vendor reuse. Some AI providers train future versions of their models on user-submitted data. Whether yours does depends on which provider, which tier, and which settings — and on whether anyone has changed the defaults. The free tiers tend to default to "yes." The business tiers tend to default to "no." The difference is a single toggle that most people never see.
The machine has a memory. The settings page is where the memory is configured. Most owners I know have never opened it.
Why this is an Australian story
Most of what's written on this topic, online, is American. American law. American examples. American outrage.
It's worth slowing down and noting that we have our own arrangements.
Australia has the Privacy Act 1988 and the Australian Privacy Principles — the APPs, in the trade. APP 11 is the one that matters here. It says that any business covered by the Act must take "reasonable steps" to protect personal information from unauthorised access, modification, or disclosure. Pasting client information into a free consumer AI tool, with default settings, is a question about whether reasonable steps have been taken.
Above APP 11 sits the Notifiable Data Breaches scheme, run by the Office of the Australian Information Commissioner. If a data breach is "likely to result in serious harm," you have an obligation to notify both the OAIC and the affected individuals as soon as practicable — typically within thirty days of becoming aware.
The cyber.gov.au guidance refers to a real, recent example. In early 2025, a contractor working for an Australian organisation uploaded personal information — names, contact details, and health records of people involved in a government program — into an AI system. The result was a serious data spill, and a notifiable data breach. It was not in America. It was here.
I read that paragraph carefully. It is not written to alarm. It is written to inform. There is a difference.
Free versus paid — the difference is real
I've paid for each of them at some point. The difference is not philosophical. It's contractual.
I'm not a person who insists on premium tiers as a matter of principle. I have used the free version of every AI tool I've reviewed. But there is a meaningful technical difference between the consumer tier and the commercial tier of most major AI providers, and it's worth knowing what you're actually buying.
For ChatGPT, Claude, Gemini, and Microsoft Copilot — I've tested all four — the commercial tiers — Business, Team, Enterprise — by default do not use customer-submitted data to train their models. They typically also offer admin controls, audit logging, data residency options, and contractual data-handling commitments that do not exist in the consumer tier.
The consumer tier is genuinely free, in the sense that you don't pay money for it. It is not free in the sense that the vendor has no interest in your data. The two senses of "free" are routinely confused.
Free is a price tag. It is also a business model. The two are connected.
For solo professionals and very small teams who use AI lightly — drafting language, brainstorming, summarising public documents — the free tier is almost certainly fine, provided you understand the rules. For anyone whose work involves client data, financial records, health information, or anything covered by the Privacy Act, a commercial tier is the calmer arrangement. It is also the answer to a question your clients are increasingly likely to ask: "Is your team using AI on my information?"
What I do, and recommend
Three things. As ever.
One. Open the settings page.
For the AI tools your team uses, find the data controls and read them.
For ChatGPT free and Plus, the path is Settings → Data Controls, where there's a toggle called something like "Improve the model for everyone." For Claude, since Anthropic's September 2025 policy change, free, Pro, and Max accounts may all be used for training when the "Help improve Claude" toggle in Settings → Privacy is on. Only Team, Enterprise, and API customers are excluded by default. For Gemini, the relevant setting is called Gemini Apps Activity, and it's on for most users until they turn it off. For Microsoft Copilot, the consumer version differs from the business version meaningfully — only the business tier offers contractual data-handling commitments.
The settings change every few months, in the way these things do. The principle does not. If you don't know whether your data is being used to train a model, the answer is almost certainly yes.
Two. Write the one-page rule.
A single document for the team. What goes in. What stays out. Mine reads roughly like this.
Goes in: drafting language, brainstorming, summarising public documents, learning a new topic, anything you would happily read aloud at a Christmas party.
Stays out: client names, ABNs, financial figures, contracts, BAS data, employee details, anything covered by the Privacy Act, anything you wouldn't email to a stranger.
A team rule is a kindness, not a constraint. It removes a question your team didn't know to ask, and replaces it with a default they don't have to think about. The bookkeeper, after our conversation, wrote hers in fifteen minutes. She told me later it was the most useful fifteen minutes she'd spent that quarter.
Three. Move the sensitive work to a commercial tier — or anonymise before pasting.
If your work routinely involves client information, the business tier of a reputable AI provider is the right home for it. ChatGPT Business, Claude for Work, Microsoft Copilot for business — by default, these don't train on your data, and they come with the controls a small business actually needs.
If you're not ready for a commercial tier, the workaround is anonymisation. Replace client names with [Client A]. Replace ABNs with [ABN]. Replace dollar figures with rough proportions. The summary you get back is just as useful. The data trail is gone.
The bookkeeper now does both. She moved her client work to ChatGPT Business and uses the free tier for everything else. She tells me her clients haven't asked. She also tells me she sleeps better, which is its own answer.
If you've already pasted client information into a free AI tool
The calm version of the next twenty-four hours.
- Stop. Don't delete the conversation in a panic — log it first. Screenshot the chat title and the date.
- Identify what was actually shared. Names? ABNs? Financial figures? Health information? Be specific, on paper.
- Apply the OAIC's plain-English test for the Notifiable Data Breaches scheme: "Is there a likely risk of serious harm to any individual?" For most BAS summary scenarios — no. For health records, financial records, or anything that could be used to identify and harm someone — possibly yes.
- If the answer is yes, the OAIC has thirty days to be notified, and so do the affected individuals. The OAIC website walks you through it. They do not bite.
- Update the team rule. Move on. The next one will not happen.
Mistakes are how policies get written. The policy is the gift the mistake leaves behind.
The bigger picture
The settings page is not the whole picture. It sits inside a larger one.
The Essential 8 — the Australian government's set of cybersecurity controls for small business — maps the technical arrangements: multi-factor authentication, restricted admin privileges, application control, regular patching. The habits sit alongside them. What your team uses, what they paste, what they keep to themselves — these are part of your security posture in the same way a locked door is part of your building security. Both matter. Neither is negotiable.
AI is a tool. So is a key. Both can be used by the wrong person. Both are also extremely useful in the right hands.
The Essential 8 Gap Assessment maps the whole picture in thirty minutes. You leave with a number, a plain-English explanation of what it means, and three things to do this week. Most owners I know find the result steadying.
Take the Essential 8 Gap Assessment — 30 minutes, $149 →
The bookkeeper rang again, a fortnight later, to tell me she'd written the team rule, opened the settings page, and stopped pasting things she shouldn't.
I told her that was the whole job.
Stay protected, my friends.
— The Most Secure Man Alive
Get articles like this delivered to your inbox
Frequently Asked Questions
Is ChatGPT safe for Australian small businesses?
Used carefully, yes. The free tier sends your prompts to a vendor's server and may use them to train future model versions, depending on settings. For client data, financial records, or anything covered by the Privacy Act 1988, a commercial tier — which doesn't train on customer data by default — is the calmer arrangement. The free tier is fine for drafting, brainstorming, and public-domain content.
Does ChatGPT use my prompts to train its models?
On the free and Plus tiers, by default, yes — though you can turn it off in Settings → Data Controls. On ChatGPT Business and Enterprise, the default is no. Other providers have similar but not identical arrangements, and Claude's consumer tiers (free, Pro, Max) all currently allow training when the toggle is on. The settings page on each tool is the only reliable answer.
What does the Privacy Act say about using AI tools?
Australian Privacy Principle 11 requires businesses covered by the Privacy Act 1988 to take reasonable steps to protect personal information from unauthorised access or disclosure. Pasting client information into a consumer AI tool with default settings is a meaningful question about whether reasonable steps have been taken. The OAIC publishes plain-English guidance.
What's the difference between consumer and commercial AI tiers?
The commercial tiers — ChatGPT Business and Enterprise, Claude for Work, Microsoft Copilot for business, Gemini Enterprise — don't train on customer data by default. They also offer admin controls, audit logs, data residency options, and contractual data-handling commitments that the consumer tiers do not.
What should I do if I've already pasted client information into a free AI tool?
Don't delete in a panic — screenshot the conversation first. Note what was shared. Apply the OAIC's "likely risk of serious harm" test to decide if the Notifiable Data Breaches scheme is engaged. If yes, notify the OAIC and affected individuals within thirty days. Update your team rule. Most cases — particularly low-sensitivity summaries — are not notifiable, but the question is worth asking on paper, not in your head.
Is the Notifiable Data Breaches scheme triggered by an AI data leak?
It depends on what was shared and the likelihood of serious harm. A summary of public-domain content — almost certainly not. Health records, financial records, or anything that could identify and harm a person — possibly yes. The OAIC's website walks through the test. The scheme is administered without drama; the regulator's intent is clarity, not punishment.
Leave a comment
This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.