AI, Privacy, and the Boring Legal Stuff (Read This Once)

Rule 1 — Never paste customer PII into free public AI

PII = personally identifiable information. Names, emails, phone numbers, addresses, payment info, health data, anything regulated. Free tiers of AI tools may use your input to train future models. If you're handling customer data, pay for the business tier.

Rule 2 — Know which AI tier you're on

ChatGPT Free, Plus, Team, Enterprise — each has different data-handling. Same for Claude, Gemini, and Copilot. Business tiers explicitly don't train on your data. Check once. Save the link to the policy.

Rule 3 — Update your privacy policy if AI touches customer data

If AI summarizes calls, drafts responses, or scores leads — say so. One line: "We use AI tools to assist with [X]. No customer data is used to train AI models." Plain English. Done.

Rule 4 — Keep a "where we use AI" doc

Clients and customers may ask. Have a single page: which tasks AI touches, which tools you use, what the human-in-the-loop process is. Update quarterly.

Rule 5 — Industry-specific rules win

Healthcare (HIPAA), finance (PCI/SOX), legal (privilege), childcare — your industry's rules override general AI guidance. When in doubt, ask your industry attorney. One $400 call beats a $40,000 fine.