Sensitive Data and AI

ChatGPT vs API

The online ChatGPT app (both free and paid Plus versions) can use your conversations to improve OpenAI's models unless you opt out in settings. For business use with sensitive data, this presents privacy concerns that must be carefully considered.

AI BUSINESS SOLUTIONS does not use the consumer ChatGPT interface. All our solutions access OpenAI through its dedicated API (a programming interface that queries the AI directly), which provides much stronger data privacy protections and is never used to train their models.

Private AI Solutions

Private or offline Large Language Models (LLMs) have become more accessible since 2024, with options like local deployment of models such as Llama, Mistral, or private cloud solutions from major providers. However, for most small to medium businesses, the complexity of setup, ongoing maintenance costs, and performance trade-offs still make cloud-based APIs the more practical choice. Private solutions are increasingly viable for larger organisations with specific security requirements and technical resources.

💡 Current Options (2025):
  • Cloud APIs: Most cost-effective and feature-rich (OpenAI, Anthropic, Google)
  • Private Cloud: Dedicated instances with enhanced security (Azure OpenAI, AWS Bedrock)
  • On-Premises: Full control but requires significant technical expertise

OpenAI API Data Privacy

Current Policy (as of 2025): Data submitted through the OpenAI API is not used to train OpenAI's models unless you explicitly opt-in. Here's what happens to your data:

✅ Standard API Usage:
  • Not used for training models
  • Kept for 30 days for abuse monitoring
  • Only accessed if abuse is detected
  • Automatically deleted after 30 days
🔒 Zero Data Retention (ZDR):
  • Available for eligible use cases
  • Data not stored at all
  • Still processed through safety systems
  • Must meet additional requirements

For the most current information, see: OpenAI API Data Privacy Policy

Enterprise-Grade Security Options

For businesses handling highly sensitive data, additional security measures are available:

🏢 Azure OpenAI Service

Microsoft's enterprise deployment of OpenAI models with enhanced security:

  • Data stays within your Azure region
  • Full enterprise compliance (SOC 2, GDPR, HIPAA-eligible)
  • Private endpoints and virtual network integration
  • Your data never leaves Microsoft's infrastructure
🔐 Zero Data Retention (ZDR)

OpenAI's highest privacy tier for the standard API:

  • No data storage whatsoever
  • Available for qualifying business use cases
  • Requires application and approval process
  • Still includes safety filtering

How AI BUSINESS SOLUTIONS uses sensitive data

Wherever possible, AI BUSINESS SOLUTIONS does not pass sensitive information, like customer details, through OpenAI, and instead would use a customer ID number, which can then be linked back to the customer database only when the answer is returned from OpenAI.

Example:

PROMPT: Who are my most important customers by regular spending habits and what are their worth to me?

[ANSWER FROM API]: Customer 54832 is worth £154,000; Customer 29374 is worth £99,500; Customer 92851 is worth £74,800

[QUERIES YOUR DATABASE]

RESPONSE SHOWN:
Joe Bloggs: £154,000
Jane Smith: £99,500
Fred Jones: £74,800

Only the minimum amount of data would be sent to OpenAI, so if you wanted to know which counties had the most clients, then postcodes and county data would be used. Very few postcodes in the UK are unique, so cannot be tied to any one person.

This sometimes isn't possible, especially if PDFs are uploaded - CVs for example. In these cases, it is important to fully understand the OpenAI approach to Data Privacy and be comfortable that your own Data Protection policies align with it. See https://openai.com/api-data-privacy for more information.