There are six things you should never paste into ChatGPT or any consumer AI tool: credentials, full government IDs, complete financial account numbers, customer or client records, unpublished source code, and HR or legal material tied to real people. This guide turns that list into a categorized checklist, and pairs every banned category with a safe rewrite so you can still get the answer you came for. If leaking it would trigger a disclosure notice, a contract breach, or a call from your security team, it does not belong in a prompt box.
The risk is not theoretical. Recent surveys find that a large share of employees who use AI tools admit to pasting sensitive business data into them, while a minority of organizations have any formal AI policy at all. Most CISOs now rank unsanctioned AI use among their top data concerns.
The one-line test: would you read this aloud in a crowded elevator? If not, redact it before it goes in the prompt box.
Why this matters more than it used to
Consumer AI chat happens in your browser, so it feels private. It is not. Free and personal-tier chat tools may retain conversations, and prompts can train future models unless you have explicitly turned that off. Anything you type can also surface in support reviews, logs, or a future breach. The text you paste does not vanish when you close the tab; it becomes a record held by a company you do not control, on terms you rarely read.
The most quoted cautionary case shows how ordinary the failure looks. In 2023, Samsung engineers pasted internal semiconductor source code and a confidential meeting transcript into ChatGPT to debug and summarize. Multiple separate leaks followed within weeks of the tool being allowed, and Samsung banned external generative AI on company devices soon after. A smart employee, a legitimate work task, and a paste that turned proprietary data into someone else's training context. The categories below are where that pattern repeats.
Notice what the Samsung engineers were not doing: they were not careless, and they were not trying to leak anything. They were trying to work faster. That is the trap. The danger is rarely a malicious insider; it is a capable person solving a real problem who reaches for the nearest tool. The fix is not more caution in the abstract. It is a short, repeatable habit applied to a small number of categories, which is exactly what the rest of this guide gives you.
The do-not-paste-into-AI checklist
1. Login credentials, passwords, PINs, and keys
Never paste a password, PIN, API key, database connection string, OAuth token, or recovery code. Developers troubleshooting a broken script are the classic offenders, because the failing config often carries a hardcoded secret right next to the line they want fixed. The secret rides along by accident, and the model only needed the logic.
Safe rewrite: replace the secret with a placeholder before you paste. Swap the real key for API_KEY_HERE or sk-xxxx, and ask the model about the logic, not the literal value. If a secret has already touched a chatbot, treat it as compromised and rotate it. A credential is one of the few categories where the damage is reversible, but only if you act fast, so rotation is the cheapest insurance you can buy.
2. Full PII: SSNs, passports, driver's licenses
Never paste a complete Social Security number, passport number, national ID, or driver's license number, whether yours or anyone else's. The same goes for a full name bundled with a home address, date of birth, and phone number, which together are enough for identity theft. The risk compounds when fields combine: a single number is a weak key, but a number plus a name plus a birth date is a ready-made profile.
Safe rewrite: describe the category, not the value. Instead of pasting a real ID, write "a nine-digit US SSN" or "a 9-character alphanumeric passport number" so the model can still help you validate a format or draft a form. The model can reason about the shape of an identifier perfectly well without ever seeing a real one.
3. Financial account and card numbers
Never paste a full bank account number, routing number, credit card number, or CVV. Asking ChatGPT for general budgeting or tax-concept help is fine; pasting the actual account that holds your money is not. The line is simple: questions about money are safe, the keys to a specific account are not.
Safe rewrite: tokenize. If you genuinely need to reference a specific account in a prompt, use the last four digits only ("the card ending 4421") or a made-up token. The model rarely needs the real number to draft a dispute letter or explain a statement line. The work it does is on the words around the number, not the number itself.
4. Customer, client, and patient data
Never paste a customer list, a client contract, patient records, or a spreadsheet of user emails into a personal chatbot. This is the category most likely to breach a contract or a regulation, because the data is not yours to share. A finance analyst dropping customer records into a public model "because it gets the job done faster" is one of the most common shadow-AI failure modes security researchers name.
Safe rewrite: anonymize first. Replace real names with Customer A, Customer B, strip emails and IDs, and keep only the structure the model needs. To rewrite an email to a specific client, paste your draft with the name redacted and add the personal details back yourself afterward. A useful test: if your draft leaked tomorrow, would any single person in it have grounds to complain? If yes, the names should not be in the prompt.
5. Unpublished source code and proprietary corporate data
Never paste unreleased source code, internal architecture diagrams, non-public financials, pricing models, or product roadmaps into a consumer tool. This is the exact category that ended Samsung's open-door experiment. Exposing it can get you fired and hand a competitor an edge. Unlike a password, you cannot rotate a leaked roadmap; once it is out, it stays out.
Safe rewrite: abstract the problem. Recreate the failing logic as a small, generic snippet with no proprietary names, no real table schemas, and no business specifics. You usually only need the pattern, not the real codebase, to get a useful fix. If you cannot reproduce the bug without the real names, that is a signal to use an approved internal tool instead.
6. Legal, health, and HR material tied to real people
Never paste privileged legal documents, someone's medical history, or HR and performance notes naming real employees. A performance review, a disciplinary file, or a settlement draft carries other people's sensitive data plus legal exposure for your organization. Privilege can be waived by careless disclosure, and the people named never agreed to have their records sent to a third party.
Safe rewrite: separate the writing task from the identity. Ask for a neutral performance-review template or a plain-language explanation of a clause, then fill in the real names, conditions, and facts in your own document offline. The model is good at structure and tone; it does not need to know who the review is about to help you write it well.
The most overlooked leak: meeting transcripts
The single most underestimated paste is a meeting transcript dropped in for a quick summary. Auto-generated transcripts from calls about layoffs, an acquisition, a security incident, or a compliance investigation are dense with the most sensitive material a company holds, and they get uploaded constantly because summarizing them feels harmless. Security analysts flag this upstream-data problem directly: an AI prompt that pulls from a file like "Draft_Layoffs_2025" can expose decisions that were never meant to leave the room.
What makes transcripts uniquely dangerous is density. A single document can name a dozen people, quote them verbatim, and attach numbers, dates, and decisions to each one. Most leak checklists treat data as discrete fields, but a transcript bundles every category on this list into one file and then labels who said what. That is why it deserves its own habit, separate from the rest.
Before you paste any transcript, scan it for three triggers: people's names, dollar figures, and the words layoff, acquisition, audit, breach, or legal. If any appear, redact them or summarize the transcript yourself first.
Safe rewrite: feed the model your own bulleted notes instead of the raw transcript. Strip names and numbers, keep the themes, and ask it to tighten your structure. You get the polish without exposing who said what about whom.
Safe by category: paste this, not that
| Category | Never paste this | Paste this instead |
|---|---|---|
| Credentials | Real password, API key, token | A placeholder like API_KEY_HERE |
| Government ID | Full SSN or passport number | The format only: "a 9-digit ID" |
| Financial | Full account or card number | Last four digits or a token |
| Customer data | Real names, emails, records | Customer A, Customer B, redacted |
| Source code | Unreleased proprietary code | A generic, anonymized snippet |
| Transcripts | Raw call transcript | Your own de-identified notes |
Why the regulatory floor keeps rising
Data-protection and AI rules are tightening across major markets. The EU AI Act phases in obligations for high-risk AI systems over the next few years, and lawmakers have already pushed key deadlines back at least once as they refine the rollout. Treat any single date as provisional rather than fixed. The direction of travel is what matters: organizations are increasingly expected to document and control what information their AI tools can access and reproduce.
Translation for an individual employee: "I did not know it was sensitive" is becoming a weaker defense. As tools increasingly log and retain prompts, a casual paste can be traced back to you. The practical takeaway does not depend on any one statute. Build the habit of redacting before you paste, and you stay ahead of whatever the rules settle into. You are not betting on a deadline; you are building a habit that survives every version of the rule.
None of this means avoiding AI. It means putting a five-second filter between your clipboard and the prompt box. Run the categories in your head, redact what trips a wire, and paste the rest. The habit costs almost nothing once it is automatic, and it holds up regardless of which regulation applies to you.
Where MemX fits
Most of the pasting in this guide comes from one impulse: you want to ask questions about your own material and the chatbot is the fastest box to type into. That is the specific gap MemX is built for. MemX is a consumer AI memory layer over your own files on Android, iOS, and WhatsApp, so you query your documents and notes inside a system designed to hold them, not a shared public model. It is private by architecture: per-user isolation and encryption at rest. That is not end-to-end encryption and not a zero-knowledge claim, and it does not replace your employer's policy for work data. For personal material, though, it removes the reason to paste sensitive content into a tool that was never meant to keep it.
01what should you never put into ChatGPT
Never put in login credentials, full SSNs or passport numbers, complete bank or card numbers, customer and client records, unreleased source code, or legal, health, and HR material naming real people. If a leak would breach a contract or trigger a disclosure notice, keep it out of the prompt.
02is it safe to paste company data into ChatGPT
Not into a personal or free-tier account. Prompts can be retained and used to improve models unless you have turned that off, and the data may not be yours to share. Samsung banned the tool after engineers leaked internal code this way. Use an approved enterprise tool, and anonymize first.
03can I share my bank account number with ChatGPT
No. Never paste a full account, routing, or card number. General budgeting questions are fine. If you must reference a specific account, use only the last four digits or a made-up token, which is enough for the model to help draft a dispute letter or explain a charge.
04why are meeting transcripts risky to upload to AI
Transcripts of calls about layoffs, acquisitions, audits, or breaches concentrate a company's most sensitive decisions, and they get uploaded casually for quick summaries. Redact names, dollar figures, and trigger words first, or summarize the meeting in your own de-identified notes before pasting.
05how do I use AI safely without leaking data
Run a five-second filter before pasting: replace secrets with placeholders, government IDs with their format, account numbers with last-four tokens, and real names with Customer A. Describe the problem instead of pasting raw proprietary data. The model rarely needs the real value to help.
