Your private information should be private.

I recently saw a “Claude Expert” post on threads about how Claude Cowork organized her tens of thousands of files in her downloads folder.

I immediately ran to the comments, thinking everyone would be talking about how UNSAFE that is from a data privacy perspective – but instead it was full of people asking her how she did it.

The worst part? This expert had NO IDEA that in doing this, she gave Claude access to read and store all of her local files on her server…

What does that mean?

Tools like Claude, ChatGPT, and Gemini use your data to train their AI models. To do so, they store all of your AI conversations on their private servers, and train their tools on it.

So, if you’re asking it medical questions? It knows your medical data. If you are asking it to write in your brand voice? It’s learning from that and teaching it to your competitors.

And if you are giving it access to your downloads folder??? You best believe it is storing alllllll that data.

(And I don’t know about you, but I download invoices, tax documents, etc. that have information I don’t exactly want shared with big tech…)

What can I do about it?

Assume everything you put into AI could become public information.

Your best protection against AI (besides just NOT using it) is to NEVER share proprietary information, financial or medical information, or any other private information with the tool.

Because you can assume they are saving that data to their servers, those files are at least more prone to data leakage, if not from the tool itself ACTIVELY SELLING YOUR DATA to third-parties.

But don’t I need to “adopt AI” to stay relevant?

Actually, quite the opposite! Don’t get me wrong, there are usecases in which AI can be incredibly helpful and time-saving–BUT, if you’re a creative service provider, the value you bring to your work is that it is HUMAN.

Whether you’re a wedding photographer capturing once-in-a-lifetime memories of a couple’s most cherished day, or a brand designer, bringing intention and strategy to a business–your HUMANITY and unique perspective is what makes you valuable.

And YOUR voice is what makes you stand out to your audience, not AI’s.

Implement automation first.

There are a million and one ways you can save time as a business owner without AI–like through templatization and automation.

Email templates that are written in your brand voice, how you would have written it, will always land better than one written by a chatbot.

Automations that take the responsibility of responding to every email off your plate, remember to send the emails you forget, gather reviews, or get your clients on the schedule.

Until you have strong automation workflows in place, AI is just going to feel like a band-aid. And a bandaid that guzzles more water than my asthmatic ass doing a HIIT class without my inhaler.

Still hell-bent on using AI? Here are some ways to keep yourself safe:

Software-Specific AI

If you’re hell bent on using AI, the safest way to use AI is through software specific AI tools that can only read within that tool, like ClickUp’s AI, ClickUp Brain and Super Agents—so long as you do not store financial or sensitive client information (address, contact info, etc.) in that tool.

Using a vetted VPN

After that, using a VPN can add an additional level of protection. While a VPN can help protect your data by masking your location from tools that will use your precise location (which is any website that allows cookies btw), not all VPNs are created equal.

A study from 2025 showed that Urban VPN and 1Click VPN had specific scripts written into them to essentially track your every keystroke and click on your computer. CREEPY, I KNOW!

And while this is a really common issue anytime you’re using the internet, let’s not feed into it.

Proton VPN is well-vetted and does not scrape your data.

Update Your Settings

If you pay for an AI tool like Claude or ChatGPT, or even a locally-based tool like Aftershoot, you have to explicitly go into your account settings and toggle off the setting for allowing it to use your conversations to “make the tool better” or for modeling.

While most of these tools still are often hard-coded to save at least some of your interactions, this will at least limit how much it saves (again, in theory).

Avoid tools that “agentize” or can run on your server without your explicit permission

I’m looking at you, Claude Code & Claude Cowork…

You may have heard about all the cool things Claude Code can do. And unfortunately, one of the things it does really well is get access to ALL of your private server data.

Because while Claude Code does offer permission levels, it is very easy to make the mistake of giving it blanket access to your system–aka giving it access to alllllll of your files, without realizing it.

If you are unfamiliar with how to containerize Claude’s access to your system (like if you read that and said “wtf does that mean??”)–your data is probably at risk with Claude Code and similar tools.

Transparency with your clients is key

As a general rule, if you are using AI, you need to be disclosing how and when in your contract, before your client even signs.

ESPECIALLY if you are a photographer using AI culling and AI editing tools like Aftershoot, Imagen, Evoto, etc.–you need to be disclosing this in your contract.

If you don’t, you and your business could potentially be held liable for your clients’ image and likeness being put into AI without their consent. While the legal precedents here are murky and vary state by state, even a client happy with their gallery could spin up a lawsuit if they found out those images were used to train AI without a lawsuit. And even if they don’t win, that’s a hell of an expense for your small business.

Need help identifying the best solution for your business?

Save time in your business without putting your proprietary goodies at risk 💖