AI guides
AI Safety and Privacy: What Not to Put in a Prompt
A simple checklist for keeping passwords, personal data, confidential documents, and sensitive decisions out of casual AI prompts.
Treat every AI prompt, file upload, voice conversation, screen share, and connected app as a data-sharing decision. Before using a consumer or workplace AI tool, decide whether you are authorised to share the information, remove details the task does not need, and check the provider’s current retention and activity controls. A privacy setting can reduce some uses of your data, but it does not make confidential material safe to disclose.
Use a red, yellow, or green check before you prompt
Red data should not go into a general AI prompt: passwords, OTPs, API keys, card or bank details, Aadhaar or PAN numbers, patient records, private customer data, confidential contracts, unreleased source code, and another person’s private work. Yellow data includes internal notes or documents you may use only with permission, an approved account, and the minimum necessary details. Green data is public, non-sensitive information or material you own and are comfortable sharing under the tool’s terms.
- Ask: “Whose data is this, and do I have permission to share it?”
- Ask: “Can I complete the task with placeholders or a smaller excerpt?”
- Ask: “Would disclosure harm a person, customer, employer, or account?”
Redact by changing the example, not hiding the format
Replace names with labels such as “Customer A”, round or invent non-sensitive example numbers, remove exact dates and addresses, and share only the paragraph or error needed for the task. Base64 encoding is reversible and is not encryption or anonymisation. A person can sometimes still be identified after obvious fields are removed, so do not upload a full document merely because you deleted the name.
Check account controls—but understand their limits
Consumer AI products provide different controls for activity, model improvement, temporary conversations, deletion, and connected services. These controls and retention periods can change. Check the official settings page for the account you are using; work and school administrators may control options differently. Turning off model improvement does not grant permission to upload employer or customer data, and deleting a chat may not remove information already sent to a connected service.
Use stricter rules for work, school, health, and money
CERT-In advises people to avoid sharing personal, sensitive, confidential client, and intellectual-property information with public generative AI services. For professional tasks, use only tools approved by the organisation and follow its acceptable-use, access, retention, and incident-reporting process. Keep diagnosis, employment, lending, legal, tax, disciplinary, and other high-impact decisions with qualified humans.
Key takeaways
A practical workflow
- 1Define the exact outcome you want from What Not to Put in a Prompt.
- 2Give the AI the necessary context, constraints, examples, and preferred format.
- 3Review the result for accuracy, tone, privacy, and completeness before using it.
- 4Save or reuse the prompt only after it produces a reliable result for your use case.
Put this into practice
Use our free tool to take the next step. Your data stays in your browser.
Rewrite non-sensitive text in your browserCommon mistakes to avoid
- Pasting an unredacted log, bank statement, medical record, contract, source file, or customer conversation into a public AI service.
- Assuming deletion, temporary-chat mode, Base64 encoding, or turning off model training is the same as confidentiality.
Recommended tools for this workflow
CERT-In generative AI advisory ↗
Read India’s official guidance on sensitive information, approved tools, privacy, and common generative-AI risks.
ChatGPT Data Controls ↗
Check current model-improvement, history, export, deletion, and temporary-chat controls for ChatGPT.
Settings reduce specific data uses; they do not make unauthorised disclosure acceptable.
Gemini Apps Privacy Hub ↗
Review how Gemini activity, uploads, connected apps, feedback, and account controls currently work.
Free Tools India Text Rewriter ↗
Rewrite non-sensitive text with a simple rule-based helper that runs in the browser.
Do not enter secrets or confidential personal, customer, school, or workplace information.
Official sources and further reading
AI products, model availability, and pricing change frequently. Check these primary sources before making a decision.
- CERT-In: Best practices for using generative AI solutions
- OpenAI: ChatGPT Data Controls FAQ
- Google: Gemini Apps Privacy Hub
Free Tools India is independent and is not affiliated with the organisations named in this guide.
Frequently asked questions
What should I check first when using What Not to Put in a Prompt?+
Never enter passwords, OTPs, API keys, payment credentials, or government identity numbers. Start with the official source or your own verified input, then decide whether AI is appropriate for the task.
How do I get a more useful result from What Not to Put in a Prompt?+
Use the minimum necessary information and replace real people, customers, and account details with neutral placeholders. Give the AI a specific goal, relevant context, constraints, and the format you want back; then review the output before using it.
What is the key mistake to avoid with What Not to Put in a Prompt?+
Pasting an unredacted log, bank statement, medical record, contract, source file, or customer conversation into a public AI service. AI can accelerate drafting and analysis, but important facts, decisions, and sensitive work still need human review.