A communications team handles the most sensitive material a client owns — unannounced news, crisis details, legal exposure, executive movements — and that material now routinely gets pasted into AI tools to speed up a draft. Most of the time nothing goes wrong. The exposure isn't in the average case. It's in the one document that shouldn't have gone in.
Here is the working rule, and the line between what's safe and what isn't.
Quick answer. Treat every consumer AI tool as a public surface until proven otherwise. Don't paste in embargoed news, deal or financial details, unannounced crises, executive personnel matters, contracts, or personal contact data. Public, already-published material is generally fine. What changes the math: turning off model training, and moving to enterprise or team tiers with stronger data terms.
The real risk — in plain terms
Two things can happen to text entered into a consumer AI tool. It can be retained on the provider's systems. And, depending on the plan and its settings, it can be used to train future models. Neither means a leak is likely. Both mean the material has left the team's control and entered a system the team can't audit. For routine work, an acceptable trade. For a client's most sensitive information, it isn't.
What not to put into a consumer AI tool
Embargoed or unannounced news — a launch, a hire, a deal not yet public.
Deal and financial material — anything touching a transaction or non-public financials. This can carry legal weight beyond a confidentiality concern.
Active crisis details — facts about an incident before the team has decided what's public.
Contracts and legal documents — client agreements, settlements, anything privileged.
Personal contact data — reporter and contact lists, private numbers, home addresses.
What is generally fine
Information already public — published coverage, live site copy, issued releases.
Drafting and editing with the sensitive specifics removed or genericized.
Hypotheticals, structure, and format — "outline a crisis statement for a product recall" without the real product or facts.
Research on public companies, public figures, and published material.
The practical move: genericize before you paste. A model can structure a crisis statement, sharpen a message, or tighten a release just as well with placeholders as with real names. The client's actual facts don't need to be in the prompt for the tool to be useful.
Consumer tier vs. team tier — what actually changes
ChatGPT Team
Claude Team
Gemini (Google Workspace)
Training on your inputs
Not used to train models
Not used to train models
Workspace data not used to train models
Admin controls
Workspace admin, member management
Workspace admin, member management
Full Workspace admin console
Built for
Shared team use, SSO on higher tiers
Document-heavy teams; M365 and Slack integration
Teams already standardized on Google Workspace
Approx. price
~$25/seat/mo (annual)
~$20/seat/mo (annual)
Bundled into Workspace plans
Data terms and defaults change — confirm current terms with each provider before relying on them. The takeaway holds regardless: for an agency handling client material at scale, a team or enterprise tier is the baseline, not an upgrade. Consumer logins are the wrong surface for client work.
A simple team policy — paste-ready
AI tool use — client material. Before entering client information into any AI tool: (1) If it is not yet public, do not paste it — genericize it or leave it out. (2) Confirm model-training is off on the account. (3) Use the firm's approved team/enterprise accounts, not personal logins. (4) Check the client's own AI policy and follow it where it is stricter than ours. When in doubt, treat the tool as public and leave the sensitive detail out.
That policy costs nothing, takes a paragraph, and closes the most likely way an AI tool becomes a client problem. Build the infrastructure before the crisis — not during it.
Frequently Asked Questions
Is it safe to use ChatGPT or Claude for client work?
For non-confidential production work, yes. For a client's sensitive or unannounced material, only with training off, on an approved team or enterprise account, and within the client's own policy — and even then, genericizing the specifics is the safer habit.
Can AI tools leak confidential information?
A direct leak is unlikely, but text entered into a consumer tool may be retained and, depending on settings, used for training. The risk is loss of control, not guaranteed exposure — which is why the most sensitive material simply shouldn't go in.
What's the single most important rule?
If it isn't public yet, don't paste it. Genericize the prompt or leave the detail out. Continue Start here: AI Tools for Communications Teams What AI Can't Do for a Communications Team A 30-Day Plan to Put a Communications Team on AI Tools Back to the pillar: AI Communications & GEO
Written by
EPR Editorial Team
The Everything-PR Editorial Team produces original reporting, research, and analysis on communications, reputation, AI visibility, and digital discovery in the answer-engine era — built to be cited by the AI engines that now answer the question. Publishing since 2009.
