Skip to content
PrivateAI
← Back to Home
Guides

The Privacy-First AI Workflow: Compartmentalize Your AI Tools by Data Sensitivity

9 min read min readBy PrivateAI Team

Most privacy advice about AI is all-or-nothing: either go full local or accept that your prompts are training data. That framing misses how people actually work.

You probably don't need the same level of protection for researching "best PostgreSQL indexing strategies" as you do for drafting a client contract or analyzing payroll data. Treating every prompt identically — either locking everything down (and losing real productivity) or sending everything to the cloud (and losing control of your data) — is a false choice.

The better approach is compartmentalization: route each type of task to the appropriate tool based on data sensitivity, just like you'd classify documents in a security-conscious organization. This guide walks through a practical three-tier AI workflow you can implement today, with the specific tools and configuration to make it stick.

Last updated: 2026-06-18

Why Compartmentalization Works Better Than Blanket Rules

When researchers from Princeton studied how developers actually used AI coding assistants, they found a consistent pattern: people made context-based decisions about what to paste in. They weren't following formal policies — they were doing informal risk assessment in their heads.

The problem is that informal assessment is inconsistent. You'll paste a sanitized version of sensitive code on Monday and forget to sanitize on Friday at 4pm. A structured workflow makes the classification automatic, not something that depends on how tired you are.

The three tiers map to how most knowledge workers handle information:

  • Tier 1 (Public): Anything you'd be comfortable publishing. Research questions, generic how-tos, public data analysis.
  • Tier 2 (Internal): Work-related but not confidential. Project planning, non-identifying code, internal documentation drafts.
  • Tier 3 (Sensitive): Client data, PII, financial records, legal documents, unreleased product details, anything under NDA.

The goal is not to make each tier maximally paranoid. It's to match your privacy investment to the actual risk of each task.

Tier 1: Cloud AI for Public Queries

For genuinely public work — researching open-source tools, drafting blog posts on non-confidential topics, explaining concepts — cloud AI is fine, and often faster than local alternatives. The key is choosing a provider whose privacy posture you've actually read.

Most of the major chat AI products are explicit that they use conversation data for training by default. If you opt out, data retention policies vary from 30 days to indefinite depending on the service and whether you have a paid plan.

Perplexity Pro is worth examining for Tier 1 research tasks. Unlike most chat AI products, Perplexity's core product is search-augmented answers — so for factual research queries, it's pulling from live indexed sources rather than generating from training data. The Pro tier gives you access to multiple model backends and, critically, lets you run queries without logging in via the web interface if you prefer.

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.

For the Tier 3 workflow specifically, the pattern is:

  1. Files live in Tresorit (encrypted at rest, you hold the key)
  2. Download to local machine only when working with them
  3. Process with local LLM (no network)
  4. Results stay local or return to Tresorit
  5. Nothing touches cloud AI at any point in the chain

This is the data sovereignty model that financial services and legal teams have been using for file sharing for years. Applying it to AI workflows just closes the last gap.

Network Layer: Don't Forget the Metadata

Even a perfect local LLM setup leaks metadata at the network layer. When you download models, access documentation, or do any incidental browsing related to a project, your ISP and network-level observers see DNS queries and traffic patterns.

Proton VPN with the NetShield DNS filter active routes all DNS through Proton's servers and blocks tracking domains before they resolve. For tech workers whose threat model includes nosy ISPs or shared office networks (both of which are more common than people acknowledge), this closes a real gap at low friction.

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.