How to Use AI at Work Without Leaking Sensitive Data: A Complete Workflow Guide
The Uncomfortable Truth: Your AI Assistant Has a Very Good Memory
Here's the situation most developers, consultants, and knowledge workers are quietly ignoring: every prompt you send to ChatGPT, Gemini, or Claude (cloud version) is transmitted to a third-party server, stored, potentially reviewed by human trainers, and used to improve models. The exact retention and usage policies vary — and they change. What doesn't change is that once your prompt leaves your device, you have lost control of it.
For most queries that's fine. But if you're pasting in:
- Client source code under NDA
- Internal database schemas or API keys (even accidentally)
- Draft contracts, financial projections, or HR documents
- Proprietary business logic you've spent years developing
...then you're not just violating your own privacy. You may be violating a client contract, GDPR obligations, or your employer's acceptable-use policy. Several large enterprises have already banned consumer AI tools after employees inadvertently uploaded confidential data. Samsung's 2023 source code leak via ChatGPT is the case study everyone cites — and it won't be the last.
The answer is not to stop using AI. It's to build a workflow where the right tool handles the right task, with your most sensitive work staying on hardware you control.
The Three-Layer Private AI Stack
Think of private AI work in three layers:
- Sensitive processing — tasks involving confidential data (code, documents, client info). This must stay local.
- Research and web queries — gathering information from the public web. This can use a cloud tool, but should use one with a privacy-respecting policy.
- Storage and sharing — saving outputs, collaborating with clients or teammates. This needs end-to-end encryption.
Each layer has a tool designed for it. The rest of this guide walks through setting up all three.
Layer 1: Local LLMs for Sensitive Processing
For anything involving data you can't afford to leak, the answer is a local model — one that runs entirely on your own machine, with zero network calls.
Why Ollama is the practical choice in 2026
Ollama has become the de facto standard for running open-weight models locally. It abstracts away the complexity of model loading, GPU memory management, and API serving behind a single clean interface. You get a local REST endpoint at http://localhost:11434 that behaves like the OpenAI API — meaning tools built for ChatGPT often work with Ollama out of the box.
Installation is a one-liner:
```bash
curl -fsSL https://ollama.com/install.sh | sh
```
Then pull a model:
```bash
Good all-rounder for coding and analysis
ollama pull llama3.2
Stronger for complex reasoning (requires ~8GB VRAM or RAM)
ollama pull qwen2.5-coder:14b
Lightweight, fast, surprisingly capable
ollama pull phi4-mini
```
For most knowledge work on a modern MacBook Pro or a mid-range workstation, llama3.2 or qwen2.5-coder will cover 80% of your tasks. If you're on Apple Silicon, Metal GPU offloading means these models run meaningfully faster than on equivalent Intel/AMD CPUs.
Connecting your editor to a local model
If you use VS Code, install the Continue extension and point it at your Ollama endpoint. You get inline code completion and a chat panel — functionally similar to GitHub Copilot, but with zero data leaving your machine.
For ~/.continue/config.json:
```json
{
"models": [
{
"title": "Local Qwen Coder",
"provider": "ollama",
"model": "qwen2.5-coder:14b",
"apiBase": "http://localhost:11434"
}
]
}
```
Every autocomplete suggestion and every chat message stays local. Your proprietary code never hits a remote server.
What local models are good at (and what they're not)
Local models running on consumer hardware are excellent for:
- Code review, refactoring, and explanation
- Drafting documents and emails from your own notes
- Summarizing long texts you've pasted in
- Answering questions about code you've written
They are weaker on:
- Real-time information (they have a training cutoff, no web access)
- Tasks requiring broad world knowledge with high accuracy
- Very long context windows on constrained hardware
For anything requiring current web information, you move to Layer 2.
Layer 2: Privacy-Respecting Web AI for Research
Not every AI query involves sensitive data. When you need to search the web, research a library, or ask about current events, a local model can't help — it doesn't have internet access by design.
The instinct is to reach for ChatGPT or Google Gemini. But both use your queries to train models and associate your activity with your account. There's a better option.
Perplexity Pro: Web AI that doesn't build a profile on you
Perplexity Pro is a search-AI hybrid that retrieves live web results and synthesizes answers with citations. Unlike Google's AI or ChatGPT with search, Perplexity explicitly does not use your queries to train its models when you're a Pro subscriber. Your searches are not tied to a persistent behavioral profile the way Google queries are.
Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.
For a private AI workflow, Tresorit handles:
- Saving and versioning AI-generated drafts and analysis
- Sharing deliverables with clients without exposing them to third-party platforms
- Archiving sensitive prompts and outputs that you want to retain but not expose
Tresorit integrates with Windows, macOS, iOS, and Android, and has a Teams tier for sharing encrypted folders with collaborators without giving the platform visibility into contents.
A practical folder structure for professional use:
```
/Tresorit/
/Clients/
/ClientA-2026/
/research/ ← Perplexity exports, public research
/ai-drafts/ ← local LLM outputs on confidential material
/deliverables/ ← final docs shared with client
/Templates/ ← prompt templates for recurring work types
```
Everything in this structure is encrypted in transit and at rest with keys you control. If Tresorit were subpoenaed, the encrypted blobs they'd hand over would be useless without your keys.
Securing the Communication Layer
Storage is solved. What about sending AI-assisted work to clients via email?
Standard email — Gmail, Outlook, even corporate email — is not end-to-end encrypted by default. Your email provider can read every message. If you're sending a contract draft or analysis you generated with sensitive data, that's another exposure point.
Proton Mail: Encrypted email with zero knowledge
Proton Mail provides end-to-end encrypted email between Proton users. For external recipients (Gmail, Outlook), you can send password-protected encrypted messages. For internal team communication, everything is E2EE by default.
Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.