Guide

AI privacy for Australian business: what's actually safe to feed Claude or ChatGPT

The honest, plain-English data-safety playbook for Australian small businesses using Claude and ChatGPT in 2026. APP coverage, training-data settings, what to never paste, when to use the API instead of consumer chat, and the regulated-industries cheat sheet.

Jenn Director, DotVA + Editor, On Autopilot · Melbourne Published 19/05/2026 · Updated 19/05/2026 · 15 min read

Key takeaways

The single biggest decision: free tier vs paid tier vs API. Free Claude and free ChatGPT may use your conversations for training; paid Claude Pro and ChatGPT Plus don't by default; API tiers never do. For any business work you'd be uncomfortable having published, use paid or API.
The Australian Privacy Act (APP) applies to most businesses with $3M+ turnover and to all healthcare providers regardless of size. If you're regulated, the consumer chat tiers (free and paid) are not the right tier; the API or Claude on Bedrock / Azure OpenAI Australian regions are. This is the most common compliance mistake we see.
The honest 'never paste' list: TFNs, Medicare numbers, full credit card numbers, full bank account + BSB combos, third-party personal details without their consent, anything subject to legal privilege, anything covered by a specific NDA. Most of the AI horror stories trace back to one of these.
For 95% of Australian small business writing work (drafts, replies, summaries, social, content), paid consumer Claude or ChatGPT is fine. The deep-end compliance complexity only applies to specific regulated work. Don't over-engineer the privacy posture for normal marketing copy.

In short

For 95% of Australian small business writing work (drafts, replies, summaries, marketing copy) paid Claude Pro or ChatGPT Plus is privacy-fine. The deep-end compliance gets real for three things: regulated client data (allied health, legal, financial planning), customer PII at scale (Shopify customer lists, CRM exports), and anything covered by an existing NDA. For those, use the API tier with a data-processing agreement, or Claude on AWS Bedrock Sydney for data residency. This guide is the honest map of when each tier applies, what’s never safe to paste, and how to write the privacy posture that won’t blow up later.

The three privacy tiers (this is the whole framework)

Almost every Australian small business privacy decision around AI reduces to one question: which tier are you on?

Tier 1: Free consumer (Claude.ai free, ChatGPT free)

Privacy posture: Anthropic does not train on consumer Claude by default (as of mid-2026). OpenAI free tier may train on your conversations unless you toggle off ‘Improve the model for everyone’ in account settings. Both store conversations indefinitely on their servers.

Right for: experimentation, personal use, drafts that wouldn’t bother you if they leaked.

Wrong for: anything involving customer/client data, anything regulated, anything you wouldn’t want screenshotted.

Tier 2: Paid consumer (Claude Pro, ChatGPT Plus, ChatGPT Team)

Privacy posture: No training on your data by default on either platform. Data still stored on US-based infrastructure. No data-processing agreement signed; no audit logs; no data-residency guarantee.

Right for: the bulk of small business writing work, drafts and replies that involve light client mentions, brainstorming, internal admin.

Wrong for: systematic use of regulated client data, anything subject to the Privacy Act’s higher-risk categories (health information, biometric data, genetic data), or work where a regulator could ask “where exactly did this data live for the 90 days before you ran this prompt?”

Tier 3: API / enterprise (Anthropic API, OpenAI API, Claude on AWS Bedrock, Azure OpenAI, ChatGPT Enterprise)

Privacy posture: Commercial data-processing agreement available. No training on your data ever. Audit logs available. Data residency in Australian regions available (Bedrock Sydney, Azure Australia East). SOC 2 / ISO 27001 reports available on request.

Right for: regulated industry use, systematic processing of customer data, anything where compliance documentation matters.

Wrong for: light personal use (it’s overkill for writing one customer email a week).

The decision tree: ask “would I be comfortable if this content was on a server in the US, with no DPA, and a regulator asked about it?” If yes → Tier 2 is fine. If no → Tier 3.

The “never paste” list

Six categories that should never go into consumer Claude or ChatGPT, free or paid:

Tax File Numbers (TFNs). ATO confidentiality, regulated by the Tax Administration Act. Strict liability.
Medicare numbers + full names together. Sensitive health-system identifier under the Privacy Act.
Full credit card numbers. PCI-DSS issue, not just privacy. Many CC processors will revoke if discovered.
Full bank account + BSB + name together. APP-protected and a target for fraud.
Third-party personal details without consent. “Here’s my customer Sarah Johnson’s address and DOB, draft me a…” is collecting and disclosing PII without notice. Don’t.
Anything covered by legal privilege. Privileged communications lose their privilege when shared with third parties. Solicitor-client privilege is a particular trap.

For most of these you can anonymise and still get useful AI work done. “Draft a reply to a Medicare-registered patient who’s asking about [X]” works; you don’t need to paste the Medicare number.

The Privacy Act (APP) in plain English for small business

The Australian Privacy Principles apply to:

Businesses with $3M+ annual turnover (the “APP entities” threshold)
All health service providers regardless of size (including allied health, dental, vet)
Specific categories including credit reporting, residential tenancy databases, and others

If you’re not in those categories, the APP technically doesn’t apply to you directly. But:

Your customers’ expectations and your competitors’ privacy policies still apply commercially
State-based health records acts (e.g. Victoria’s Health Records Act) cover smaller operators in specific industries
If you ever cross the $3M threshold the APP applies prospectively; building the privacy posture now is easier than retrofitting later
The 2024-2025 APP reforms (now in force) expanded individual rights (right to erasure, right to object) and increased penalty maxima to ~$50M for serious breaches

The practical posture for any Australian small business doing customer-facing work in 2026:

Treat APP as if it applies, even if you’re under the threshold
Use paid AI tiers, not free, for any customer-data-adjacent work
Disclose AI use in your privacy policy
Add a “cross-border disclosure” notice if you use US-based AI infrastructure (consumer tiers)
Keep an “AI use register” if you’re in a regulated industry: which prompts touched customer data, on which tier, when

That last one sounds heavy; it’s a 5-row spreadsheet for most small businesses.

The regulated-industries cheat sheet

If you’re in one of these industries, the consumer tiers are usually the wrong starting point. The recommended setup:

Allied health / dental / vet (AHPRA / state Health Records Acts)

Patient data → API tier only (Anthropic API with commercial DPA, or Claude on AWS Bedrock Sydney)
Admin / marketing → paid consumer tier fine
Disclose AI use in patient privacy notice
Keep documentation of which AI workflows touch patient data
AHPRA expectation: clinician retains professional judgement and accountability. AI drafts notes; clinician reviews and signs.

Legal (Legal Profession Acts, solicitor-client privilege)

Client communications → API tier with DPA only
Solicitor-client privilege: sharing with consumer Claude/ChatGPT may waive privilege. Don’t risk it.
Internal admin → paid consumer fine
Law Society guidance (each state): review your jurisdiction’s 2024-2025 AI guidance. Most states now have published one.

Financial planning / tax (TPB / ASIC / Corporations Act)

Client financial data → API tier with DPA only
TPB-registered tax agents and BAS agents have specific disclosure duties when AI is used in client work
Tax File Numbers never go to AI, even API. Anonymise first.
ASIC RG 271 (now updated for 2025) covers AI in financial advice. Read it.

Healthcare (private and public)

Most restrictive class. Default to API tier with DPA. Often Claude on Bedrock Sydney for data residency.
OAIC, state health regulators, AHPRA, and individual hospital networks all have separate AI policies. Read your specific one.
Public health employees: check your state’s specific policy. NSW Health, Victorian DOH, Queensland Health all have AI policies as of 2025.

Education (TEQSA / state education acts)

Student records under APP plus state-specific protections.
API tier for systematic student-data work.
Paid consumer fine for lesson planning, marking rubric drafting, parent-comm drafts that don’t name students.

If your industry isn’t listed above and you’re not sure, the default safe stance: paid consumer for non-client-data work, API tier for anything involving client data.

What the privacy policy should say

If you use AI in your business, your privacy policy needs a paragraph. Here’s a template:

Use of AI tools. We use third-party AI tools (including but not limited to Anthropic’s Claude and OpenAI’s ChatGPT, on their paid tiers) to assist with drafting, summarisation, and analysis. We do not train AI models on your personal information. Where AI processing is involved in handling your data, we use commercial tiers that include data-processing agreements and do not train on user inputs. AI outputs are reviewed by a human team member before being acted on or communicated to you. AI tool providers may store data on overseas (US) infrastructure; this is a cross-border disclosure under the Australian Privacy Act, and we have taken reasonable steps to ensure equivalent protection. You can request that we not use AI tools in handling your specific matter; contact [email] to make that request.

Adapt to your specifics. The four bits that matter:

Name the tools (or the class)
State the training-data posture
Acknowledge cross-border disclosure
Offer an opt-out

For most Australian SMBs, that paragraph plus your existing privacy policy is the entire compliance pass for normal AI use.

What actually gets businesses in trouble

In 12 months of Australian small business AI work, the issues we see real businesses run into:

Number one (40% of cases): A staff member pastes a customer’s full email into ChatGPT free tier to draft a reply, without thinking. The customer’s name, contact details, and a complaint about a third party all go into the training set. Months later it surfaces in a different context.

Number two (25%): A regulated industry operator (most often an allied health solo) uses consumer Claude for patient note drafting. AHPRA inquiry surfaces it. Not the AI that’s the problem; the documentation and accountability gap.

Number three (15%): A founder feeds a CRM export into ChatGPT for analysis without anonymising. 5,000 customer records now live on US infrastructure with no DPA. APP cross-border disclosure breach.

Number four (10%): A consultant uses AI to draft a deliverable for a client without disclosing. Client finds out, contract terminated, reputational damage.

Number five (10%): Everything else (prompt-injection leaks, hallucination causing factually wrong public statements, IP issues with AI-generated content).

The first four are all preventable with the framework above. The privacy posture isn’t hard; it just has to be deliberate.

What we do internally

For full transparency, the privacy posture across our own businesses:

Marketing / blog / internal admin: paid Claude Pro and ChatGPT Plus. Australian English voice files, consistent style.
DotVA client work: Claude API with commercial DPA. No client-identifying data in consumer tiers ever.
Lead Gen Empire (20 content sites): Claude API for systematic content generation, paid consumer Claude for one-off editorial. No customer data flows to AI on the network (we don’t collect much).
Boring Ventures financial / legal: API tier for anything sensitive, paid consumer for admin. We keep an internal log of which AI workflows touched any client/customer data.

Total monthly AI spend across the businesses: under $500 AUD. The discipline is in the tier selection, not the budget.

What’s next

Claude for absolute beginners for the starting point.
Australian AI compliance landscape 2026 for the deeper regulatory map.
Is my data safe with Claude or ChatGPT? for the quick Q&A version.
Free 30-minute audit if you want help mapping the right tier for your specific workflows.

Common questions

Does Anthropic or OpenAI train their AI on what I type?

Default behaviour as of mid-2026: Anthropic does NOT train on consumer Claude conversations (free or Pro) unless you opt in. OpenAI free tier may train on your conversations unless you turn off 'Improve the model for everyone' in settings; ChatGPT Plus and Team plans don't train by default; ChatGPT Enterprise and API never train. Always check the current settings in your account; defaults shift over time. For sensitive business work, use API or Enterprise tiers.

I'm an allied health practitioner / lawyer / financial planner. Can I use ChatGPT or Claude for client work?

Yes, but the tier matters. Consumer ChatGPT (even paid) is generally not the right tier for regulated client data: it lacks the BAA / data-processing agreement you'd want under APP, and your professional body (AHPRA, Law Society, TPB) will not be impressed if a complaint surfaces. The right tier for regulated work is Anthropic's API with their commercial DPA, Claude on AWS Bedrock (Sydney region), or Azure OpenAI (Australia East). Use the consumer tier for non-client work (your own admin, marketing, drafts that don't name clients).

What if I paste a client's name and an email they sent me into Claude to draft a reply?

This is the everyday grey area for Australian small business. The honest answer: for routine business correspondence (a quote follow-up, a polite refusal, a thank-you note), it's low risk on paid tiers and most Australian SMBs do it. For sensitive correspondence (a complaint about a third party, a personal disclosure, anything in regulated industries), don't paste verbatim. Either anonymise the names ('Client A', 'their accountant Sue') or use the API tier. The risk isn't theoretical; it's that you've made a Privacy Act decision without thinking about it.

What's the difference between Claude on Bedrock and Claude on claude.ai for privacy?

Same model, different infrastructure. claude.ai (consumer) runs on Anthropic's US infrastructure. Claude on AWS Bedrock Sydney runs in AWS's Australian region with Australian data residency, BAA-style agreements, and audit logging. For regulated work where data residency matters (healthcare, government, some financial services), Bedrock Sydney is the right answer. For everything else, claude.ai is fine. The Bedrock setup adds maybe $50-200 AUD/month complexity for a small team and is overkill if you don't need data residency.

Do I need to disclose to my customers / clients that I use AI?

Legally in most cases no. Ethically and increasingly, yes. The 2026 baseline: disclose AI use in your privacy policy, mention it in client engagement letters for professional services, and add a one-line acknowledgement in any deliverable where AI did more than 20% of the drafting. We do this on this site (a methodology page covers our use). It costs nothing, and the trust premium when customers ask 'do you use AI?' and you can say 'yes, here's how' is real.

What about uploading PDFs or files to Claude? Same rules?

Same rules apply to file uploads on consumer Claude and ChatGPT as to typed text. The free tier may train on file contents; paid doesn't. The same 'don't paste' rules apply: no TFNs, no Medicare numbers, no full account details, no third-party PII without consent. File uploads are convenient for summarisation and analysis; they're not a privacy shortcut.

I run a Shopify store with customer data. Can I feed Claude my order history?

Two-step answer. Step 1: aggregate and anonymise. 'My top 10 products in March' is fine; 'here are the names and addresses of my 500 customers' is not. Step 2: use the API if you're doing anything systematic with customer data (categorisation, segmentation, automated reply drafting). Claude's API has a commercial DPA you can sign; consumer Claude doesn't. For one-off questions about your store, anonymise first.

Is Claude / ChatGPT covered by the Australian Privacy Act?

Anthropic and OpenAI are foreign companies, so the Act applies to YOUR use of them rather than to them directly. Your obligations: collection notice if your customers' data flows to AI, reasonable security (use paid tier, not free, for any work involving customer data), and a 'cross-border disclosure' acknowledgement in your privacy policy (because your customers' data flows to US-based infrastructure on consumer tiers, or to AWS Sydney / Azure Australia East on API tiers). The Privacy Act doesn't ban AI; it requires you to be honest about it.

You'll be talking to Jenn, Director, DotVA + Editor, On Autopilot Replies within one business day, AEST. jenn@onautopilot.com.au

Want this built for your business?

Book a free 30-minute AI audit. We'll map your business and show you exactly which systems we'd build first. No pitch deck, no scoping fee.

Book my free AI audit