I uploaded my credit card statement to ChatGPT to check a few charges, and that one move cost me the card.
It was a tired evening. A few charges on the statement looked off, small amounts, the kind that nag at you. I wanted a second pair of eyes on whether the pattern was normal for my bank's category limits. The chat box was open. I had been using it for weeks by then for work, generalised queries, no real friction.
So I uploaded it. Done.
Early in my AI use I was not yet sure that confidential details should never be revealed to a cloud model. I uploaded my credit card statement to cross-verify a few charges against the bank's norms, without realising that this could expose my credit card and personal details. A few days later, unfamiliar transactions started showing up. I called the bank, blocked the card, and discontinued the service on that card. I call it my blunder with AI, the moment I learnt data hygiene the hard way.
I sat there.
If a working professional with twenty years in IT can hand sensitive data to a cloud model in one tired evening, what stops you from doing the same?
The honest answer is, nothing stops you. Most data leaks are not malicious. They are convenient. The blunder did not come from ignorance about confidential data. It came from treating a chat box like a calculator. There is a hard stop on AI use, and the line is drawn at the moment you would paste something you cannot pull back. That is what this post is about. Not a checklist of forbidden topics. A working rule for when not to use AI.
A cloud LLM is a hotel concierge, not a private safe.
Think of the chat box the way you would think of a hotel concierge. You can ask the concierge for restaurant ideas, train timings, weather for the morning. That is what a cloud LLM is built for. What you do not do is hand over your passport, your credit card, and your house keys, and ask them to hold these while you decide what to do next. The chat window looks like a private journal. It is not. The question is it safe to upload personal data to a cloud AI has a one-line answer. The data leaves your machine the moment you press enter.
What the vendor's own policy and the UK's cyber agency actually say about your inputs.
The question of when not to use AI starts with what you put in, and the floor is set by people who have no incentive to oversell the safety story.
Start with the UK's National Cyber Security Centre. Their advisory on large language models says the query will be visible to the organisation providing the LLM. That is not a worst case. That is the default. The NCSC blog post is the floor of any conversation about cloud LLM privacy.
Now go to the vendor's own paper. Anthropic's privacy policy states plainly that If you include personal data or reference external content in your Inputs, we will collect that information. The label says it. Do cloud LLMs store your inputs? The policy answers yes, by design.
There is a behavioural risk on top of the data risk. Ethan Mollick's essay on the jagged frontier puts it bluntly: People really can go on autopilot when using AI, falling asleep at the wheel and failing to notice AI mistakes. That is the mechanism behind the "I will just paste it once" reflex. The chat box is so quick that the brain skips the step where you ask whether the input belongs there.
The human-in-the-loop AI rule shows up in five words in Mollick's opinionated guide: You will need to check it all. Not the parts that look risky. All of it. The same vigilance applies upstream, before you paste, not just downstream, after the model replies.
But the vendor lets me opt out, and the enterprise plan promises my data stays with me, so what is the actual risk?
Take the objection seriously, because it is a real one. Yes, opt-outs exist. Yes, enterprise tiers carry data-handling guarantees, and a controlled team on a signed DPA does sit in a different risk pocket. I am not arguing that.
I am arguing about the night I blocked my card. That did not happen on an enterprise plan. It happened on a consumer chat box at the end of a long day. The opt-out is a switch you have to remember to flip, on every device, on every account, before you paste sensitive data. Default settings rule the world. Most AI data leaks at the personal level are not policy failures, they are reflex failures. The risk is not the contract. The risk is the human who does not read the contract before the first upload.
What changed after the bank call: I stopped pasting and started generalising.
The card was blocked. The service on that card was discontinued. The lesson stayed.
I now use AI fluently in my BA workflow. I stay behind the wheel. I ask generalised queries. I have never pasted sensitive customer data, IRB submission IDs, or other regulated material into the cloud, that rule is non-negotiable in pharma IT.
The shape of a generalised query is plain. Instead of pasting a stakeholder interview transcript with named clinical operations leads and product names in it, I describe the shape of the data. A 40-minute interview with a senior stakeholder, three asks, two refusals, one self-contradiction, here are the structural questions I want a review checklist for. The same useful answer comes back. The confidential data stays in the document where it lives. Nothing private leaves the room.
The trap is thinking "data hygiene" means "no customer data", when it really means "no data you cannot afford to lose."
The credit card statement was not a customer record. It was a personal one. That is the whole point of the lesson. A reader who hears "do not paste confidential client data" and skips past their own salary slip, their own medical letter, their own family WhatsApp screenshot has missed the rule. The guardrail is wider than work. If you would not email it to a stranger sitting next to you on a public train, do not paste it into a chat box on a public model. The regulator at the end of the chain might be the FDA. It might be your own future self when the conversation log surfaces in a way you did not plan for. Either way, the line is the same.
The question to sit with is not "is AI safe", it is "what would I lose if this conversation were public tomorrow?"
That is the question I now ask before every paste. It is also the most honest framing of when AI is not the right tool. If the answer is "nothing", the chat box is fine. If the answer makes you flinch, close the tab and use a different tool.
I learnt it the hard way. You do not have to.
