Data Privacy Checklist
Protect Client Information When Using AI Tools
AI tools process the text you give them. Before pasting anything, ask: "Would I be comfortable if this showed up in the output or training data?"
Before You Paste: The 3-Second Check
STOP and ask:
- Is there a name? Remove or replace with "Client A"
- Is there an address? Remove or use "123 Main St" placeholder
- Is there financial info? Remove specific numbers
- Is there personal info? (SSN, DOB, account numbers) Never paste these
If you answered YES to any: sanitize first, then paste.
Quick Sanitization Guide
| Original |
Sanitized Version |
| John and Sarah Smith |
"my clients" or "the buyers" |
| 742 Evergreen Terrace |
"[property address]" |
| Pre-approved for $650,000 |
"approved for [amount]" |
| SSN: 123-45-6789 |
NEVER include |
| Bank account info |
NEVER include |
| Birth dates |
NEVER include |
| Email addresses |
Remove or "[client email]" |
| Phone numbers |
Remove or "[phone]" |
What's Safe to Share with AI
Generally safe:
- Property features (beds, baths, square feet)
- Neighborhood names (public info)
- General market conditions
- Transaction stages ("under contract," "inspection complete")
- Generic scenarios ("a first-time buyer who...")
- Your Context Card info
- Template prompts with placeholders
Safe with caution:
- Listing descriptions (public anyway)
- General feedback patterns ("showings say price is high")
- Transaction timelines
- Negotiation strategies (keep vague)
Never share:
- Full names paired with addresses
- Financial documents
- Pre-approval letters
- Tax returns
- Social Security numbers
- Bank/account information
- Medical information
- Legal documents in full
- Passwords or login credentials
AI Tool Privacy Tiers
Not all AI tools are equal. Know what you're using:
Tier 1: Consumer Tools (Most Common)
- ChatGPT (free/Plus): Data may be used for training (opt-out available)
- Claude (free): Data may be used for training
- Most free tools: Assume data is not private
Best practice: Sanitize everything. Don't share sensitive info.
Tier 2: Business/Enterprise Tools
- ChatGPT Enterprise/Team: Data not used for training
- Claude Pro with workspace: Better privacy controls
- Microsoft Copilot (business): Enterprise data protection
Best practice: Still sanitize, but more protected.
Tier 3: Offline/Local Tools
- Local LLMs (like running Ollama on your computer)
- Air-gapped systems
Best practice: Data never leaves your device. Safest option.
Chat History Settings
In ChatGPT:
- Settings → Data Controls
- Toggle OFF "Chat history & training"
- Conversations won't be used for training
- Note: May limit some features
In Claude:
- Check workspace/account settings
- Review data usage policies
- Use Projects for better organization
Regular cleanup:
- Delete sensitive conversation threads
- Don't let conversations accumulate indefinitely
- Start fresh chats for different clients/topics
Deal Sheet Privacy
When using Deal Sheets:
DO include:
- Property address (needed for context)
- General buyer/seller situation ("nervous sellers," "first-time buyers")
- Transaction status
- General goals
DON'T include:
- Full legal names
- Contact information
- Financial specifics beyond price
- Personal medical/family details
- Anything you wouldn't say to a colleague in public
Team AI Policies
If you have team members using AI:
Establish:
Document and enforce consistently.
State Privacy Laws
California (CCPA/CPRA):
- Stricter consumer data protections
- Right to deletion
- Disclosure requirements
Other states with privacy laws:
- Virginia, Colorado, Connecticut, Utah (as of 2024)
- More states adding regulations
Check your state's requirements and adjust practices accordingly.
Client Consent Considerations
When to consider getting consent:
- Processing significant personal data through AI
- Using AI for analysis that affects decisions
- When clients explicitly ask about your tools
Sample consent language:
Our team uses AI-powered tools to improve service efficiency.
Information you share may be processed through these tools.
Your data is [describe protections]. You may opt out of AI
processing by letting us know your preference.
Incident Response
If you accidentally shared sensitive data:
- Immediately: Delete the conversation/chat thread
- Assess: What was shared? Who could be affected?
- Document: Record what happened and when
- Notify: Broker and possibly affected clients (consult legal)
- Prevent: Update your process to prevent recurrence
Better to over-disclose than under-disclose if there's a breach.
Weekly Privacy Audit
Every Friday (5 minutes):
The Golden Rule
Treat AI chat boxes like public whiteboards.
Would you write this information on a whiteboard in a coffee shop?
- No → Don't paste it into AI
- Yes → Safe to use
From the AI Acceleration Resource Room