Skip to main content
Explainers · Confidentiality
A Visual Primer

You pressed send.
Then what?

Where the text goes, who can keep it, and what that means for privilege. Seven stages.

Scroll
01

The question nobody asks.

Most professionals evaluate an AI tool by what comes back: is the answer good, is the drafting sound, did it save an hour? Almost nobody asks the other question — where did the input go?

For a lawyer, the second question is the one that matters. Pasting a privileged document into the wrong tool is a disclosure — whether or not anything useful comes back at all.

WHAT EVERYONE EVALUATES
The answer. Is it accurate? Is it well written? Did it save time? All fair questions — and all about what comes out.
WHAT MATTERS FIRST
The input. Where did it go? Who can keep it? Who can read it? The disclosure happens on the way in — before any answer exists.
Judge the tool by the journey of the input, not the quality of the output.
02

Three tools, three journeys.

Your device
You paste the document and press send.
Provider's servers
Location: often the US — and often not fixed in any contract you hold.
Residency not guaranteed
Retained
Often 30 days or more; sometimes indefinitely. Deleting the chat does not always delete the copy.
Retention
Reviewed and reused
May be reviewed by humans, or used to improve models, unless you opt out — where an opt-out exists at all.
May become training data
VerdictPrivileged material: never.
Same document, three destinations. The tool decides where it goes — you decide the tool.
03

Read the sentence that matters.

The single most consequential sentence in any AI tool’s terms is the one about what the provider may do with your content. Consumer tiers commonly reserve the right to retain inputs and use them for training. Enterprise agreements commonly exclude it. Same company, same model — different contract.

CONSUMER-STYLE TERMS
“We may use content you provide to develop and improve our services, including to train our models. Content may be retained for as long as necessary for these purposes.”
A licence to keep your document and learn from it.
ENTERPRISE-STYLE TERMS
“Customer content is not used to train models and is retained for zero days following completion of processing, save as required by law.”
A promise to process it and keep nothing.
The words to search for in any terms: “train”, “improve”, “retain”.
04

Where the servers are.

UK GDPR restricts transfers of personal data outside the UK and the EEA unless safeguards are in place. Client matters routinely contain special category data — health, disability, race, religion or belief, sexual orientation — where the bar is higher still.

A UK or EU endpoint keeps the processing inside the jurisdiction, with a contractual promise that it stays there. That single term removes most of the transfer analysis before it starts.

One clarification: “endpoint” means the servers that process your request — not where the company is headquartered. A US company can offer a UK endpoint; a UK company can process everything abroad. Ask about the servers.

UK endpoint ✓EU endpoint ✓Elsewhere, uncontracted !
05

Privilege is unforgiving.

!

An AI provider is a third party.

Legal professional privilege protects communications — but confidentiality is its foundation, and disclosure to a third party can put it at risk. Sending a privileged document to an AI provider is sending it to a third party. That is the starting point, not a technicality.

Whether privilege survives depends on the terms on which the material is shared. An enterprise agreement with confidentiality obligations, zero retention, and no-training terms is a defensible basis for saying confidence was preserved. A free consumer tool with a training licence is not.

Regulatory duties point the same way: BSB Core Duty 6 and the SRA’s confidentiality rules apply regardless of the technology. The obligation does not change because the recipient is a model rather than a person.

06

Five questions for any vendor.

1
Where is the data processed?
Not where the company is based — where the servers are. And is that location a term of the contract?
2
How long is it retained?
Is zero retention available? If so, is it switched on for your account, or just available in theory?
3
Is it used to train models?
Is that excluded in writing — in the agreement you signed, not a blog post that can change tomorrow?
4
Who are the subprocessors?
Who else touches the data — hosting providers, safety reviewers, analytics services — and on what terms?
5
Can you audit?
Logs, certifications, breach notification. If something goes wrong, will you find out, and can you prove what happened?
A vendor who cannot answer these in writing has answered them.
07

Match the tool to the material.

Consumer tools
free tier, open terms
Nothing client-related. Learning, drafting templates, public research.
Enterprise
UK/EU, zero retention
Most client work, including privileged material, where the contract supports it.
Local
your own machine
The most sensitive work: no third party, nothing leaves your machine.
The tool is not the risk — the mismatch between tool and material is.

Confidence, by contract.

Once the data question is settled, the interesting question returns: what can these tools actually do? Next: agents — AI that doesn’t just answer, but acts.

Next: What Is an AI Agent? →