Skip to content
PrivateAI
← Back to Home
Guides

How to Use AI Tools Privately: Settings, Opt-Outs, and What You Should Never Type

9 min read min readBy PrivateAI Team

You type your work into an AI tool. It helps you. Then it trains on what you wrote.

That's the default for most cloud AI products — and most users never change it. If you're a developer handling client code, a consultant working under NDA, or just someone who doesn't want their private thinking fed into a model that serves millions, the defaults aren't good enough.

The good news: you have more control than the product design suggests. The bad news: exercising that control takes intentional setup, not just one checkbox.

This guide covers exactly what to do — which settings to flip, what to never type regardless of settings, when to use Perplexity instead, and how to handle the AI outputs you actually want to keep.

Last updated: 2026-06-21

Why Cloud AI Is a Privacy Problem by Default

When you use ChatGPT, Gemini, or most consumer AI assistants, your prompts are processed on their servers. Depending on your plan and settings, those prompts may be:

  • Logged for safety review by human contractors
  • Used to improve future model versions (training)
  • Associated with your account, email, and IP address
  • Retained for months or years under their data policies

OpenAI's default settings in the consumer ChatGPT product historically used conversations to train models unless you opted out. Google's Gemini Advanced has its own retention and review policies. Most people using the free tier of anything are, in effect, donating their intellectual work to the model.

The threat model matters here. If you're writing a blog post or brainstorming a recipe, you probably don't care. But if you're:

  • Summarizing a client contract
  • Debugging code that lives in a private repo
  • Drafting strategy memos or competitive analysis
  • Asking about sensitive personal or business finances

...then the default settings are genuinely problematic, and you should know exactly what you're doing before you type.

Step One: Disable Training on Every Platform You Use

This is the minimum viable privacy move. Do it now, before anything else.

ChatGPT / OpenAI

Go to Settings → Data Controls → toggle off "Improve the model for everyone." This opts your account out of using conversations for training. Note: this applies to the consumer product, not the API. API calls are never used for training by default.

Google Gemini

In Gemini settings, disable "Gemini Apps Activity." You can also review and delete past activity at myactivity.google.com. Even with this off, Google may retain data for safety purposes — their policy is less clean than OpenAI's.

Claude (Anthropic)

Consumer Claude conversations may be reviewed for safety. The API — accessed via claude.ai Pro with the right settings or directly via the API key — provides stronger isolation. Anthropic publishes a data usage policy that is worth reading directly; policies evolve.

What these opt-outs don't cover: They stop training use, but they don't prevent storage, logging for safety, or access by internal teams under specific circumstances. For truly sensitive material, opt-outs are not enough on their own.

Step Two: API vs. Consumer Product — Know the Difference

This is the most underrated privacy distinction in AI tools.

Consumer products (ChatGPT.com, Gemini.google.com, Claude.ai) are built for scale and convenience. Training data policies, human review queues, and retention timelines exist to improve those products.

API access is different. When you call OpenAI, Anthropic, or Google through their APIs:

  • Conversations are not used for training (all three providers state this explicitly for API usage)
  • Data retention is shorter and more narrowly scoped
  • There is no UI logging your history by default

If you already pay for a developer account or subscription that includes API access, building a local interface (like Open WebUI pointed at an API endpoint) gives you cloud-model quality with consumer-product privacy risks removed.

The tradeoff: you lose the chat history, the conversation threading, and the convenience of the web UI. For sensitive work, that's a reasonable trade.

Step Three: Prompt Hygiene — The 5 Things You Should Anonymize Before Typing

Even with training disabled and API access in place, you're still sending text to a server. Prompt hygiene is the discipline of removing identifiable information before you type.

1. Names and companies. Replace "Acme Corp" with "Client A" and "Sarah Johnson" with "the VP." Most AI tasks don't need the real names.

2. Dollar figures. "We're negotiating a $4.2M contract" becomes "we're negotiating a contract." The AI rarely needs the exact number to help you think.

3. Internal project names and codenames. These are fingerprints. "Project Thunderstorm" in your prompt is memorable in a log in a way that generic descriptions aren't.

4. Repository names and code structure hints. If you paste code for debugging, strip comments that reference proprietary function names or internal service hostnames.

5. Personal identifiers. SSNs, dates of birth, account numbers — never. Not under any circumstances, regardless of opt-out settings.

Prompt hygiene doesn't take long once it's a habit. Two minutes of editing before you paste saves you from a decision you can't take back.

Use Perplexity When You Need Web-Connected AI Search

Most AI tools don't search the web — they answer from training data, which has a knowledge cutoff. When you need current information, you're pushed toward tools like Perplexity that combine AI with live web search.

Perplexity Pro has a few properties that matter for privacy-conscious users:

  • It sources and cites its answers, so you can verify rather than trust
  • It includes a private search mode that doesn't use your queries to personalize results
  • Perplexity's business model is subscription-based, not advertising-based — their incentive isn't to build a profile on you

For research tasks involving current events, competitive intelligence, or technology trends, Perplexity Pro with private mode enabled is a meaningfully better choice than using a general AI chatbot that guesses from stale training data — and more privacy-conscious than using Google.

Try Perplexity Pro

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.

Tresorit is not cheap compared to Google Drive. For work product you'd sign an NDA over, it's the right call. For everything else, Proton Drive (see below) covers the use case at a lower price point.

Proton Drive and Proton VPN: The Supporting Layer

Proton runs a suite of privacy tools that make sense as a stack for privacy-conscious AI workflows:

Proton Drive offers end-to-end encrypted cloud storage at a lower tier than Tresorit. The free plan includes 1GB. For individuals who need encrypted storage for AI outputs but don't need the business compliance features Tresorit provides, Proton Drive is a sensible fit.

Proton VPN adds IP-level separation between you and the AI service. When you query an AI tool through Proton VPN, the request arrives at the AI provider's servers without your home or office IP attached. This doesn't change what the AI company logs from the content of your prompts, but it does reduce the accuracy of any behavioral profiling tied to your network identity.

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.

Think of Proton VPN as narrowing the fingerprint, not eliminating it. Combined with a browser that limits cookies and tracking (Firefox with uBlock Origin, or Brave), it meaningfully reduces the cross-session profile an AI platform can build about you.

When None of This Is Enough: The Case for Local LLMs

The techniques above reduce exposure. They don't eliminate it. If your threat model includes any of the following, cloud AI with settings isn't the answer:

  • Code or data covered by a signed NDA with specific carve-outs for AI tools
  • Healthcare data subject to HIPAA
  • Legal material where privilege applies
  • Anything that, if leaked, would cause material harm to a client or employer

In those cases, the answer is a local LLM running on hardware you control, with no network request leaving your machine when you query it. Tools like Ollama make this accessible — you can run capable open-source models (Llama 3.1, Mistral, Qwen2.5) locally on a modern laptop without a GPU, though a GPU speeds things up significantly.

Local inference has real limitations: current knowledge cutoff, no web search without additional setup, and resource demands. But for the use cases above, it's the only technically defensible answer.

Quick Reference: Privacy Decision Matrix

| Situation | Recommended Approach |

|---|---|

| General brainstorming, public info | Consumer AI, training opt-out is enough |

| Drafting with client names/details | Prompt hygiene + API access preferred |

| Competitive research needing current data | Perplexity Pro with private mode |

| Code from a private repo | Local LLM or API with stripped identifiers |

| Medical, legal, financial sensitive data | Local LLM only |

| Storing AI outputs | Tresorit (business) or Proton Drive (personal) |

| Reducing IP-based profiling | Proton VPN + privacy-focused browser |

The Bottom Line

You're not helpless against the data practices of cloud AI companies, but you do need to act intentionally. The move that matters most is disabling training data use on every platform you use — do that today. Pair it with prompt hygiene for anything work-related, use Perplexity Pro when you need current web information, and route sensitive AI outputs through Tresorit or Proton Drive rather than conventional cloud storage.

For the most sensitive work, none of this replaces a local LLM. But for the 80% of AI use that falls in the middle — useful work, moderate sensitivity — managed cloud use with the right settings and habits is a practical and defensible approach.


Ready to tighten your AI privacy setup? Start with the two free moves: disable training on every AI platform you use, and set up Proton Drive for AI output storage. Then build from there.

Want a step-by-step audit of your current AI tool stack? Subscribe below and we'll send you the PrivateAI self-audit checklist — a 10-minute exercise that reveals what's actually leaving your machine.

Get the AI Privacy Checklist →