JDCS
Get in touch
Start a conversation Or call 0418 858 937

jdcs.au · Mid North Coast, NSW

Getting started · 7 min read

Is your business data safe with AI?

Used properly, AI is safe for business data. But "properly" is doing a lot of work in that sentence, so here's what it actually means, in plain English, with no scare tactics and no overclaiming.

The short version: reputable business AI doesn't train on data sent through its API. Good builds send only the fields the job needs, with anything identifying stripped out in code. And when work is genuinely sensitive, it can run on Australian servers or a local AI model that never sends anything out. Privacy is matched to the job, not promised in absolutes.

What actually happens to your data

There's a real difference between typing into a chatbot and a properly built AI automation, and it's worth understanding because it changes everything about privacy.

When you paste something into a consumer app like the free version of ChatGPT, you're handing over whatever you typed, in full, to a service you don't control. That's fine for low-stakes things. It's a poor idea for a customer list or a contract.

A built automation works differently. The system decides exactly what gets sent, when, and to where. It can pull a customer's enquiry, strip out the name, phone number and address, and send only the remaining text to an AI for drafting. The sensitive bits never leave your systems because the code doesn't let them. That control is the whole point.

The other difference is the door you go through. Free consumer apps and paid business API access are not the same product, even from the same company, and they come with different rules.

Does AI train on my data?

This is the question everyone asks, and the honest answer has two parts.

For the business APIs that serious tools are built on (OpenAI, Anthropic and the like), the answer is no: data sent through their APIs is not used to train their models. That's stated in their terms, and it's the version JDCS builds on.

The free consumer apps can be different. Some may use your chats to improve their models unless you turn that off in the settings. It isn't sinister, but it's a real distinction, and the trap is assuming the chatbot in your browser behaves the same way as the API behind a business automation. It often doesn't. The rule of thumb: know which one you're using, and for anything to do with customers or your business, use the kind that doesn't train on your data.

The three levels of privacy

Privacy isn't all-or-nothing. There are three sensible levels, and a good build matches the level to how sensitive the job really is.

  • 1. External AI, non-identifying fields only. The automation sends just the text the AI needs to do its job, with names, contact details and anything identifying stripped out first. This is enforced in code, not left to good intentions. It's the right fit for most everyday jobs.
  • 2. Australian servers, for data residency. When data should stay in the country, the automation runs on Australian-hosted infrastructure so your information has local residency rather than bouncing offshore. Used when residency genuinely matters to the work or your obligations.
  • 3. Local AI models, nothing leaves. For the most sensitive jobs, the AI itself runs on a server you control. Nothing is sent to any third party at all. It costs more to set up and isn't needed for most work, but when a job handles truly sensitive data, it's the safest option going.

The point isn't to use the heaviest option for everything. It's to be as private as the job needs, and no more, so you're not paying for protection a quoting automation doesn't require.

Australian Privacy Act, briefly

If you handle customer data in Australia, the relevant rules are the Privacy Act and the Australian Privacy Principles (the APPs), which set out reasonable obligations around how personal information is collected, used and kept. This isn't legal advice, and the detail depends on your business, but the spirit is simple: handle people's data carefully and only use it for what they'd reasonably expect.

One small honesty note. You'll sometimes see automation sellers wave around "GDPR compliant" as a badge. GDPR is the European regime. Here, the framework that actually applies to your customers is the Privacy Act and the APPs. It's a small thing, but it tells you whether someone has done the homework for your jurisdiction or is reciting a script. JDCS keeps to what's true for Australia rather than borrowing badges that sound impressive.

Questions to ask anyone building AI for you

You don't need to be technical to keep someone honest. Ask these five, and listen for clear answers rather than vague reassurance:

  • Where does my data actually go? A good answer names the services and what's sent to each.
  • Is my data used for training? The answer should be no for anything built on business APIs, and they should be able to say why.
  • Who can see it? Inside your business, inside theirs, and at any third party in the chain.
  • Can it stay in Australia if I need it to? The honest answer is yes when the job calls for it, via Australian servers or local AI, not "everything is always self-hosted".
  • What happens on exit? If you walk away, you should keep your data and your automation. No hostage situations.

Still weighing up whether any of this is worth it? That's a fair question too, and we've written plainly about whether AI is worth it for a small business.

Bottom line: AI can be very safe for business data, but only when someone has decided, on purpose, what leaves your systems and what doesn't. Ask where your data goes, insist on non-identifying fields only by default, and keep the sensitive jobs on Australian servers or local AI. As private as the job needs is the right standard.

Worried about a specific job?

The first conversation is free. You'll get a straight read on exactly where your data would go, and the privacy level that actually fits the work, with no obligation.

Start a conversation

Privacy questions, answered.

Is it safe to use AI with customer data?
Yes, when it's set up properly. Reputable business AI tools don't train on data sent through their APIs, and JDCS builds so only non-identifying fields ever leave your systems. For sensitive jobs, the work can run on Australian servers or local AI instead.
Does ChatGPT train on what I type?
It depends on which version you use. The free consumer app may use your chats to improve its models unless you opt out. Business API access, the kind JDCS builds on, does not train on the data sent to it. Know which one you're using.
Can my data stay in Australia?
Yes. When a job needs it, JDCS can host the automation on Australian servers so your data has local residency, or run a local AI model that never sends anything out. It's matched to how sensitive the work actually is.
What is a local AI model?
A local AI model runs on a server you control rather than calling an external service. Nothing is sent to a third party. It's the most private option, used by JDCS when a job handles genuinely sensitive data that shouldn't leave the building.
How does JDCS keep data private?
JDCS keeps data as private as the job needs. Non-identifying fields only are sent to external AI, enforced in code; sensitive work runs on Australian servers or local AI. Nothing is overclaimed, and you're told exactly where your data goes.
Keep reading
AI automation An AI receptionist: stop letting jobs go to voicemail 7 min read·Read AI automation How to automate quoting so no enquiry goes cold 7 min read·Read AI automation Automated lead follow-up, so no enquiry slips through 6 min read·Read