The five categories of information that should never go into a tool you do not control.
A reported share of working professionals admit to pasting confidential company information into public AI tools. The fix is not fear. It is a redline you carry in your head and apply every time, before the data ever reaches the prompt box.
The five-category redline
Client and customer data. Anything that identifies a real person you do business with.
Unreleased or confidential company information. Financials, plans, strategy, anything under embargo or NDA.
Credentials and secrets. Passwords, API keys, tokens, internal links. Never in a prompt.
Colleagues’ personal information. HR, health, performance details that are theirs, not yours to share.
Material you do not have rights to. Licensed or proprietary content you are not cleared to process.
When you must use sensitive material
Strip it first. Swap real names and numbers for placeholders, run the task on the redacted version, then restore the real details yourself. The absence of a company policy is not permission. Read No AI Policy at Work? and the private-chat leaks for the stakes.