Can I use ChatGPT for confidential client information?
Yes on the paid tiers (Plus, Team, Enterprise) for most non-regulated data, with privacy controls turned on. No on the free tier (training opt-out is per-account, not default). For regulated industries (medical, legal, financial advice) use the API or Azure OpenAI Service Australia East region instead of consumer plans. Always anonymise before pasting names/account numbers.
Yes on paid tiers with privacy controls turned on, for most non-regulated data. No on the free tier (training is opt-out, not opt-in). For regulated industries (medical, legal, financial advice), use the API or Azure OpenAI Service Australia East region instead of consumer plans. Always anonymise before pasting names + account numbers.
The four-rule playbook
Rule 1: Paid tier only for business work.
Free ChatGPT and free Claude.ai may use your conversations for training unless you’ve opted out. The $30 AUD/month consumer plans (Plus, Pro, Claude Pro) have a stronger no-training guarantee by default. For any client data, pay the $30.
Rule 2: Anonymise before pasting.
You don’t need to send Sarah Khan’s full name to get useful AI assistance with her bookkeeping question. Replace identifying details with placeholders (“Client A”, “Suburb B”, “Account 1234”). Process. Map back.
This handles 90% of confidential-data scenarios at zero extra cost.
Rule 3: API or enterprise for regulated work.
For data classes the Privacy Act treats as sensitive (health information, biometrics, tax file numbers, criminal records, or anything covered by your professional confidentiality framework), don’t use consumer ChatGPT or Claude. Use:
- OpenAI API with the Enterprise tier
- Anthropic API directly
- Azure OpenAI Service Australia East region (for data residency)
- AWS Bedrock Sydney region (for Anthropic with data residency)
All four have no-training-by-default guarantees and proper data processing agreements.
Rule 4: Get explicit client consent.
For any AI processing of client data in regulated industries, the right move is explicit consent. A line in your engagement letter: “We may use AI tools to assist with general document drafting and research. Any sensitive information will be anonymised or processed through our enterprise AI environment with no third-party data sharing.” Clients sign. You’re covered.
What you can safely paste into paid ChatGPT/Claude
- Email drafts (with names + identifying details anonymised)
- Spreadsheets with PII removed
- General research questions
- Document templates without specific client info
- Anonymised case discussions
What you should NOT paste
- Tax file numbers
- Medicare numbers
- Specific health records
- Active legal matter detail
- Financial account numbers
- Anything covered by NDA without client consent
- Anything with photo/video of identifiable people without consent
The Australian regulatory layer
Three things to know:
- Privacy Act 1988 governs personal information handling. Cross-border data transfer is permitted with reasonable steps. Enterprise AI plans qualify; consumer ones are a grey area.
- Industry-specific frameworks (AHPRA for health practitioners, ASIC for financial services, Law Council guidelines for legal practitioners) layer on additional obligations.
- APRA CPS 234 applies to APRA-regulated entities (banks, insurers, super funds) and requires specific cloud-data controls. Talk to your compliance team before any AI tooling.
If you’re not sure where you sit, default to the cautious path: anonymise + paid tier + explicit client consent.
See also
- Is my data safe with Claude or ChatGPT? for the broader privacy answer.
- How much does ChatGPT cost per month in Australia? for which tier to pay for.
- Australian AI compliance landscape 2026 for the full regulatory deep-dive.
Get the next one in your inbox
Want this built for your business?
Book a free 30-minute AI audit. We'll map your business and show you exactly which systems we'd build first. No pitch deck, no scoping fee.
Book my free AI audit