Skip to main content

Data privacy: protecting yourself from AI data collection

Time: 10:10 AM to 10:40 AM
Every API call you made this week sent data to a third-party server: your voice, your questions, and images from the camera. This section covers what that means and how to protect yourself.

What you shared

By default, when you use the OpenAI API:
  • Your prompts, completions, and uploaded images may be logged
  • The account owner can opt out of training data usage, but this is not the default
  • Even “private” API usage still sends data over the internet to OpenAI’s servers

Practical protections

1

Use API opt-outs

Check your API provider’s data usage settings and disable training on your data where possible.
2

Avoid sending personal information

Never include names, addresses, medical data, or other personally identifying information in prompts.
3

Use local models when sensitivity matters

For private or sensitive data, run models locally so nothing ever leaves your machine. You will do this in the next section.

Enterprise and government context

Federal agencies and defense contractors cannot use commercial cloud LLM APIs for sensitive work. Data residency requirements, classification levels, and FIPS compliance all restrict what systems can be used and where data can be processed.

Metadata is data too

Even if your prompt content is encrypted or private, the fact that an API is being queried at a specific time, frequency, and volume can reveal information about your activities. Metadata patterns can be just as revealing as the data itself.
After this section, take a 10-minute break (10:40 AM to 10:50 AM).