AI and your business data: the privacy questions to ask before you sign

The unease, taken seriously

The question arrives in every audit conversation, usually phrased exactly this vaguely: "but is the AI… reading everything? Where does it all go?" — and the vagueness deserves respect rather than dismissal, because it's pointing at something real: you're considering wiring customer conversations, financials, and operational detail through systems you don't fully understand, run by companies you've never met. A business owner who didn't feel that unease would be the worrying one.

But vague unease produces bad strategy in both directions: paralysis (no AI anywhere, while competitors compound the advantage) or resignation (everything adopted, nothing checked, fingers crossed). The exit from both is the same move this site applies to everything — convert the feeling into measurable specifics. The unease decomposes into exactly seven answerable questions, and businesses that ask them get to be both safe and fast. Here's the decomposition.

The tier distinction that decides most of it

The single most consequential fact in this topic: "AI" is not one data arrangement — the tier is. Consumer-grade free tools often use your inputs to improve their models by default; that's part of how free gets funded, it's usually disclosed in the terms nobody reads, and it's the version most privacy horror stories actually describe. Business and API tiers of the major providers run the opposite arrangement: contractual commitments not to train on your data — standard clauses, in writing, in data processing agreements, because enterprise customers demanded them years ago and the market complied.

The practical rule that follows is one sentence long: anything touching customer or business data runs on vetted business-tier services — never on anyone's personal free account. Most small-business AI exposure isn't a sophisticated breach; it's that sentence, unwritten — the assistant pasting a client contract into a free chatbot at 16:40 on a deadline, helpfully, invisibly. Which previews the real risk ranking:

Real risks vs. theater

The real ones, ranked: Shadow AI — unvetted tools used by helpful people with deadlines; the dominant exposure, and invisible until an incident makes it visible. Vendor sprawl — every AI tool is a data processor, and ten unvetted tools is ten unaudited pipelines with ten retention policies nobody read. Retention ambiguity — what's logged, how long, deletable or not; the question that separates professional vendors from improvised ones. Access control — who at the vendor can see your data and what's logged when they do.

The mostly-theater: fears that business-tier models "leak" your prompts to other customers (not how the arrangements or the technology work at reputable providers), and the notion that AI use inherently breaches GDPR — proper agreements with compliant processors are routine, well-trodden, and no more exotic than your email provider's. The pattern worth internalizing: the real risks are organizational, not technological — which is excellent news, because organizational risks yield to policy, and policy is free.

The breach you should worry about isn't the model leaking your prompts. It's your most helpful employee, on a deadline, pasting the client list into whatever tool worked last time.

The seven vendor questions

1. "Is our data used for training — and where is that commitment in writing?" The first sort. Business-grade vendors point to the clause in seconds.
2. "Where is our data processed and stored — which jurisdiction?" Matters for GDPR and sector rules; honest vendors know their own geography.
3. "What's retained, for how long, and can we delete it on request?" Logs are normal; unbounded, undeletable logs are a choice — theirs, unless you ask.
4. "Who at your company can access our data, and what's logged when they do?" Support-access with audit trails is professional; shrugging is an answer too.
5. "Do you offer a DPA, and which subprocessors do you use?" Every serious vendor has both documents ready; the subprocessor list tells you who else is in the pipeline.
6. "What certifications can you show?" SOC 2 and ISO 27001 aren't magic, but they're third-party evidence that someone audited the claims.
7. "What happens to our data when we leave?" Export and deletion on exit — the question that's awkward to ask later and trivial to ask now.

The meta-signal outranks any single answer: honest vendors answer in minutes, from existing documents, slightly bored — they've been asked before. Vendors who improvise, deflect, or need to "check with the team" on question one have told you about their operation, which was the point. (Same tell as the ROI conversation: the professionals are recognizable by what they expect to be asked. We build under exactly these answers ourselves, in writing — it's also why agents grounded in your own knowledge base are the privacy-conservative architecture: the system answers from documents you control, not from data you scattered.)

The one-page team policy

The shadow-AI risk dissolves under one page, written this week:

1. Approved tools, listed. The business-tier, vetted services — named, with who holds the accounts. Short list, reviewed quarterly.
2. The never-paste list: customer personal data, financials, credentials, anything under NDA — never into unapproved tools, full stop, with examples (people comply with specifics, not categories).
3. The fast request path: "found a useful tool? Ask — we vet within a week." This clause is the load-bearing one: prohibition doesn't stop usage, it stops visibility, and a fast yes-channel keeps the helpful people inside the fence. (Pure behavioral design: make the safe path the easy path.)
4. One named owner of the question — vetting, the list, the annual review. Unowned policies are decorations.

Communicate it without theater: this isn't surveillance, it's the same logic as not discussing client business in cafés — professional hygiene for a new surface. Teams accept hygiene framed as competence; they route around hygiene framed as suspicion.

Privacy as a trust asset

The closing reframe, because there's an upside hiding in the homework: done properly, your AI data posture becomes a sellable trust signal. The clients trusting you with their data increasingly ask their own version of the seven questions — and "here's our tool policy, our vendors' DPAs, and how your data flows" is an answer that closes deals while competitors stammer. Trust is most of what service prices are made of; the businesses that did this boring page early will spend the next decade quietly collecting on it. The unease you started with was real. Converted into seven questions and one page, it becomes the moat.

Frequently asked questions

Does AI train on my business data?

Consumer free tiers often do by default; business and API tiers contractually don't — in writing, in the DPA. The rule: customer data only ever touches vetted business-tier services.

What are the real AI privacy risks for a small business?

Ranked: shadow AI (employees pasting data into unvetted tools — the dominant one), vendor sprawl, retention ambiguity, access control. Mostly theater: business-tier prompt "leaks" and AI-inherently-breaches-GDPR fears.

What should I ask an AI vendor about data privacy?

Seven questions: training use in writing, jurisdiction, retention and deletion, internal access, DPA and subprocessors, certifications, exit terms. Honest vendors answer from existing documents, slightly bored.

Do I need an AI policy for my employees?

Yes — one page, this week: approved tools, the never-paste list with examples, a fast request path (bans stop visibility, not usage), and one named owner.