Skip to content
PrivateAI
← Back to Home
Privacy Guides

How to Use AI Tools Safely on a Work Laptop Without Exposing Your Personal Projects

9 min read min readBy PrivateAI Team

Bottom line up front: If you're using ChatGPT, Copilot, or any cloud AI tool on a company laptop, your employer may be able to see your prompts — and so can the AI vendor. Here's the separation strategy that keeps your personal research, side projects, and financial queries off your employer's radar without quitting your job or breaking any policies.

Last updated: 2026-06-19


The Problem Nobody Talks About

You're a software engineer with a side project. Or a product manager researching a career move. Or a designer quietly building a freelance portfolio.

You open ChatGPT on your work MacBook and start typing.

Here's what you may not realize:

  1. MDM (Mobile Device Management) software on corporate laptops can log DNS queries, browser traffic, and installed apps — sometimes including browser history.
  2. Cloud AI tools store your conversation history linked to whatever account you signed in with. If that account uses your work email, your employer potentially has a contractual relationship with that vendor — and data requests are possible.
  3. Copilot and similar IDE integrations may send code context (including file names and comments) to remote servers even when you think you're just asking a quick question.

This isn't paranoia. It's just how managed devices work.

The fix isn't to stop using AI tools. It's to build a clean separation between your work AI life and your personal AI life.


Step 1: Understand What Your Employer Can Actually See

Before you architect a solution, know your threat model.

What most MDM setups can see:

  • DNS queries (the domains you visit, not necessarily the full URL)
  • Network traffic metadata on corporate VPNs
  • Browser extensions and installed applications
  • Cloud sync activity (if your company uses Intune, Jamf, or similar)

What most MDM setups cannot see by default:

  • HTTPS content (the actual page content, your prompts, message bodies) — unless they've installed a TLS-intercepting proxy certificate
  • Activity in encrypted apps not connected to corporate accounts
  • Files in encrypted containers on your personal storage

Check your company's acceptable use policy. Most prohibit using work devices for commercial activity outside employment — but the vast majority say nothing about private research, personal learning, or encrypted personal file storage.

If your company has installed a root certificate authority on your device, treat all traffic as potentially visible. (You can check: macOS → System Settings → Privacy & Security → Certificates; Windows → certmgr.msc → Trusted Root CAs. Any cert you don't recognize warrants scrutiny.)


Step 2: Separate Your AI Research Identity

The highest-leverage change you can make: never sign into personal AI tools with your work email.

This sounds obvious, but it has a second-order implication most people miss: if your personal Gmail is linked to your Google Workspace SSO through your employer, that's not truly separate either.

Create a purpose-built private identity:

Proton Mail is the right tool here. It's a zero-knowledge encrypted email provider with no connection to your employer's identity infrastructure. Create a Proton account with a pseudonymous address (e.g., yourname-personal@proton.me) and use it exclusively for:

  • Personal AI tool accounts (ChatGPT, Perplexity, Claude.ai)
  • Side project logins
  • Any service you wouldn't want appearing in a corporate e-discovery request

Proton accounts don't require a phone number. They support custom domains if you want something more professional. And Proton's end-to-end encryption means even Proton can't read your email content.

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.

Perplexity Pro's "Focus" modes are particularly useful for private research — you can target academic sources, Reddit discussions, or specific domains without your queries being indexable or linked to your Google account history.


Step 4: Keep Personal Files Off Corporate Cloud Sync

Here's a scenario that trips people up constantly: you're drafting a business plan on your work laptop. You save it to your Desktop. Your company uses OneDrive or Google Drive for Business — and now that file is syncing to corporate servers.

Even if the content is encrypted at rest by OneDrive, Microsoft or Google can access it, and your employer likely has admin access to the corporate tenant.

The fix: Store personal project files in a zero-knowledge encrypted container that's completely decoupled from any corporate cloud.

Tresorit is built specifically for this. It uses end-to-end encryption where the encryption keys never leave your devices — Tresorit's servers store only encrypted blobs they cannot decrypt. There's no corporate tenant to compromise, no admin backdoor, and no way for your employer to request file access from Tresorit that would yield readable content.

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.

This stack costs roughly $25–35/month for the cloud services (Proton, Perplexity Pro, Tresorit) and zero for the local tools. For anyone with a side project or sensitive personal research, that's a reasonable price for genuine data sovereignty on a machine you don't fully control.


What This Stack Doesn't Protect Against

Be honest with yourself about the limits:

  • Screen recording / keylogging software — if your employer has installed keyloggers (legal in many jurisdictions on company-owned hardware), no amount of encrypted storage helps. The input is captured before encryption.
  • Physical observation — shoulder surfing, screen recording via MDM, or video surveillance in an office environment.
  • Policy violations — this guide is about technical privacy, not policy compliance. If your employment contract prohibits commercial side work on company time or hardware, no privacy tool changes that legal exposure.
  • Metadata patterns — even if content is hidden, your MDM may log when and how long you access certain apps. A suspicious pattern of Tresorit activity during work hours could draw attention even if the content is unreadable.

Use good judgment. This stack is designed for the legitimate case: a professional who wants to keep personal research, personal finances, and personal projects genuinely personal — not for anyone looking to hide policy violations.


Start With the Highest-Impact Change

If you do nothing else from this guide, do this: create a Proton Mail account and use it as the login for every personal AI tool you use on a work device. That single change eliminates the most common privacy leak — having your work identity tied to your personal AI history.

From there, add Perplexity for research, Tresorit for files, and a local LLM for anything that doesn't need to leave your machine.

Your side projects, your financial decisions, and your personal research belong to you — not your employer, not your AI vendor, and not the next corporate e-discovery request.


Want a personalized assessment of your current AI tool footprint? Subscribe to the PrivateAI newsletter and we'll send you a data audit checklist that shows exactly what each tool you're using is collecting — and what to do about it.

Stay Updated

A step-by-step checklist to see exactly what your AI tools are logging and how to shut it down. Sent once, no spam.