A virtual assistant at a laptop pausing before pasting a client email into an AI chat window, soft natural light.
AI · Australia · chatgpt · client data · Coach · Privacy Act · Small Businesses · VAs ·

Putting Client Data into ChatGPT? The Privacy Risk Nobody Warns You About

It's a tiny, harmless habit. You copy a client's email, paste it into ChatGPT, and ask for a polished reply. Ten seconds, brilliant result, on with your day. 

Multiply that by every email, every client list, every set of notes you've fed it this year. You've quietly sent a pile of other people's personal information into a tool you don't control. In Australia, that carries privacy risk most people never get warned about. Let's fix the blind spot. 

Table of Contents 


Why Client Data in ChatGPT Is a Privacy Issue in Australia 

Personal information is anything that can identify someone. A client's name, email, phone number, address, or details about their situation all count. 

When you paste that into an AI tool, you're disclosing personal information to a third party. The OAIC has issued guidance on using commercially available AI products precisely because this is a privacy event, even when it doesn't feel like one. Your obligations to handle that information carefully don't disappear because the disclosure was quick and convenient. 

The discomfort is fair. You'd never email a client's details to a stranger. Pasting them into an AI tool can be closer to that than you'd think. 

Where Your Data Actually Goes 

Most people picture AI as a sealed box. You ask, it answers, nothing leaves. That's not always how it works. 

Depending on the tool and your settings, what you type can be stored, processed overseas, or used to train the model. That means a client's information could sit on servers in another country, governed by rules very different from ours. You've lost sight of it, and you can't get it back. For a business that promises clients discretion, that's a real exposure. 

The good news is that many tools let you turn off training and tighten data settings. Most people just never check. Knowing where your data goes is the first step to controlling it. 

The Risks That Land on You, Not the AI Company 

Here's the part that stings. If something goes wrong with that data, the AI company's terms generally push the responsibility onto you, the user. 

So if client information is exposed, misused, or mishandled after you put it in, you're the one who answers to your client and potentially to the regulator. You collected the data, you disclosed it, and you carry the duty to protect it. The platform is not standing beside you when a client asks how their private details ended up in an overseas system. 

With the new serious invasion of privacy tort in force since 10 June 2025, individuals also have stronger ability to take action over privacy breaches. The stakes for getting careless are rising, as we explain in our overview of AI and Australian privacy law. 

The Confidentiality Trap Hiding Underneath 

Privacy is only half the problem. The other half is confidentiality, and it's easy to trip over. 

If you've signed an agreement promising to keep a client's information confidential, pasting it into an AI tool could breach that promise, separate from any privacy law. Coaches, VAs, OBMs, and consultants handle sensitive client material all day. One careless paste can put you in breach of your own contract. We dig into this in our guide on AI and confidentiality, and it's worth a read if you handle anything private. 

So before client information goes anywhere near AI, ask two questions. Is this a privacy risk, and is this a confidentiality breach? Often it's both. 

How to Use AI Safely with Client Information 

  • Strip identifying details before pasting. Swap real names for placeholders. 

  • Turn off training and history in your AI tool's settings where you can. 

  • Never paste sensitive or confidential material without checking your obligations first. 

  • Have a current Privacy Policy that reflects your AI use honestly. 

  • Check your client contracts for confidentiality terms before using AI on their work. 

FAQ 

Is it illegal to put client data into ChatGPT in Australia? 

It isn't automatically illegal, but it can create privacy and confidentiality risks depending on the data and your obligations. The safest approach is to strip identifying details and check your contracts. 

Can I get in trouble if my client never finds out? 

The risk doesn't depend on whether they find out. A data exposure, a breach claim, or a confidentiality dispute can surface in ways you don't control. Better to handle the information carefully from the start. 

How do I make AI tools safer to use? 

Turn off model training, avoid pasting identifying or sensitive details, keep a current privacy policy, and review your confidentiality obligations before using AI on client work. 

Protect Your Clients and Yourself 

AI is one of the best tools you've ever had for getting work done. It's also a quiet privacy and confidentiality risk every time client information goes in. The fix isn't to stop using it. It's to use it with your eyes open and your paperwork in place. 

A current Privacy Policy sets out how you handle personal information, and a solid Services Agreement sorts confidentiality with your clients. Together they let you use AI without putting your clients, or yourself, at risk. 

The Ten-Second Pause That Saves You 

You don't need a privacy degree to use AI safely. You need one small habit. A ten-second pause before anything client-related goes in. 

In that pause, ask three quick questions. Does this contain anyone's personal details? Have I promised this client confidentiality? Could I do this with the names stripped out? Most of the time you can swap real details for placeholders and get the same great result with none of the risk. The tool doesn't need to know your client's name to write a better email. 

That pause is the whole game. It's the difference between AI as a quiet liability and AI as the best assistant you've ever had. Build the habit once and it protects you on autopilot, every single day.

Shop Our Templates

About the Author

Riz is the Founder & Director of Foundd Legal, a lawyer with 20+ years' experience and a long history of building online and ecommerce businesses.

She helps creatives and online business owners protect and grow their businesses with clear, practical legal tools that actually make sense.

LEARN MORE ABOUT RIZ

 

 

SIGN UP TO OUR FREE BUSINESS CHECKLIST

Disclaimer

We do our best to keep this content accurate and up to date, but laws change, interpretations evolve, and the internet isn't perfect. Occasionally, information may be outdated or contain errors.

This content is for general information only and isn't legal advice. If you choose to rely on it, you do so at your own discretion. For advice specific to your business, you'll need support tailored to your situation.

All rights reserved. © Foundd Legal Pty Ltd

Back to Legal Resources blog

You may also like

View all
A virtual assistant at a laptop pausing before pasting a client email into an AI chat window, soft natural light.
Putting Client Data into ChatGPT? The Privacy Risk Nobody Warns You About
Privacy policy AI disclosure Australia December 2026 laptop
Does Your Privacy Policy Mention AI? New Rules Land December 2026
Australian creative business owner reviewing legal documents before EOFY
What every creative business owner should review before 30 June
AI privacy law Australia small business laptop privacy policy
Using AI in Your Small Business? What Australian Privacy Law Actually Says
AI design copyright infringement Australia designer comparing images
Could Your AI-Generated Design Be Copying Someone Else?
AI logo trade mark Australia founder branding studio
A Logo Made by AI Could Put Your Trade Mark at Risk
Page Bg

Explore our legally legit templates!

Page Bg
Shop all templates