Confidentiality · 22 June 2026
Your AI is reading your confidential data. The real question is where it goes.
It is already happening in every department. Almost no one has decided, on purpose, where that data actually goes. Here is the straight version, and the first move that costs nothing.
Walk into almost any company right now and you will find the same quiet fact: people are already feeding sensitive information into AI. A draft contract pasted into a chatbot to "tighten it up." Board numbers dropped in for a quick summary. A client's confidential brief turned into talking points before a meeting. The tool did not ask permission, and nobody filed a form. It is already happening, every day, in every department.
So the question is not whether your company uses AI on sensitive data. It does. The only real question is whether you know where that data goes when it does, and whether you decided that on purpose.
Most companies have not. They are busy debating policy while the data is already leaving the building. Here is the straight version of what is actually going on, what it means for you, and the paths that make sense depending on what you genuinely need.
What actually happens to your data
"The AI saw it" is not one thing. Where your data goes, and what gets done with it, sits on a spectrum, and the differences are the whole game:
- Consumer chatbots (the free tiers people use without thinking). Your inputs may be retained and, depending on the setting and the provider, used to improve the model. This is the one to worry about, not because the provider is malicious, but because it is uncontrolled and invisible to you.
- Enterprise AI on a no-train contract. The same frontier models, but under a business agreement: your data is not used for training, retention is limited, and a data-processing agreement sits behind it. The data still leaves your perimeter and runs on the provider's infrastructure, but it is governed and accountable.
- Private, dedicated (VPC) deployment. The model runs single-tenant inside your own cloud account. Your data does not go to the model vendor at all. You get most of the sovereignty of "local" with almost none of the operational burden. This is the option most companies have never been told about, and it is often the right one.
- On-premise, fully local. The model runs on hardware you own, inside your walls. Nothing leaves. This is genuine air-gap, and it is the only option when "nothing leaves, ever" is a hard rule.
Four very different answers to "where does my data go." Most of the anxiety in the market comes from people picturing the first one while they actually need the second or the third.
What it means for your company
The risk is rarely the model itself. It is three things underneath it:
- Shadow AI. Your people are already pasting confidential material into whatever tool is open in their browser. No policy you write stops a deadline-pressured employee from using the fastest thing in front of them. The exposure is real, it is happening now, and it stays invisible until something leaks.
- The data you are legally on the hook for. Client confidentiality, regulated data (health, financial, legal), trade secrets and IP. If any of that flows into an ungoverned tool, you have a contractual and possibly a regulatory problem, whether or not anything ever actually goes wrong.
- An unclear data path. When a client or an auditor asks "where does our data go when your team uses AI," the honest answer for most companies today is "we are not sure." That sentence loses deals and fails audits.
None of this is an argument against using AI. It is an argument for knowing where the data goes and deciding it deliberately.
The two questions that decide everything
Before anyone talks about hardware or vendors, two questions settle the whole thing.
Question 01Is this a hard requirement or a preference?
Is there a genuine regulatory, legal, or contractual rule that data cannot leave your perimeter? Or is it a strong preference: "we do not want our data training someone's model or sitting on a server we do not control"? These feel identical to the person asking, and their answers differ by an order of magnitude in cost. A preference is solved by a contract and a private deployment. A hard air-gap is solved by buying and running infrastructure. Do not build a server room to solve a contract problem.
Question 02How sensitive is the data, and who needs it?
Not all of your data is sensitive, and not all of it needs the same treatment. The cleanest architectures tier it: the genuinely confidential material gets the strict path, and the everyday work gets the fast, capable path. Treating everything as maximally sensitive is as much a mistake as treating nothing that way.
The best paths, by what you actually need
- Most companies (a privacy preference, not heavily regulated). Sanction one enterprise AI tool on a no-train agreement, and govern it. Make the approved tool the fast, easy option so people stop reaching for the consumer chatbot. The win here is mostly governance, not technology. You close the shadow-AI hole and you can finally answer the "where does our data go" question cleanly.
- Sensitive workloads, but no air-gap mandate. Run the sensitive work in a private, dedicated deployment inside your own cloud, and keep the everyday work on the governed enterprise tool. Single-tenant, your account, no vendor access to the data, at a fraction of the cost and complexity of on-premise.
- Regulated, or air-gap mandated. On-premise, on hardware you own, with the right open model sized to it. And even here, allow a hybrid where the rules permit: keep the sensitive majority local and route only the hard, non-sensitive work to a frontier model, so you do not sacrifice capability on the small slice that genuinely needs the best.
- The universal move, whichever path you land on. Put a boundary between your people and the models that decides by the sensitivity of the data, and enforce it in code, not in a policy document. A rule in a handbook gets ignored under deadline pressure. A control that physically routes confidential data to the right place does not. Privacy as architecture, not as a promise.
The principle
Underneath the local-versus-cloud noise, the real goal is simpler: control. Knowing where every piece of data goes, deciding it by sensitivity, and enforcing that at the boundary rather than hoping people follow the rules. The companies getting this right are not the ones who banned AI, and they are not the ones who let it run wild. They are the ones who made the data path a deliberate decision instead of an accident.
And the practical first move costs nothing in hardware. Before you evaluate a single vendor, map two things: what data you hold and how sensitive each kind is, and where that data is going today through the tools your people already use. That map tells you which of the paths above you need. Most companies discover they need far less, and far cheaper, than the headlines suggested. The model was rarely the problem. The thing nobody had decided, where the data actually goes, was the problem.
If your answer is "we are not sure"
Map where your data goes. Start there.
This is the work we do with founder-led teams: requirement before technology, the data path made deliberate, and the boundary enforced in the architecture rather than the policy. If your honest answer to "where does our data go when we use AI" is "we are not sure," that is the place to start.