Q&A

Is my data safe with Claude or ChatGPT for Australian business use?

Jenn Yang portrait
Jenn Director, DotVA + Editor, On Autopilot · Melbourne Published · 3 min read
Short answer

Depends on the tier. Free Claude.ai and free ChatGPT can retain your inputs and use them to train models (with caveats). The paid Anthropic API, Anthropic Console, ChatGPT Enterprise/Team tiers, and OpenAI API explicitly do not train on customer data. For Australian business with client-identifying information, always use the paid/API tiers.

This is the question every Australian business owner should ask before pasting client data into any AI tool. Answers in order of “safest for AU business” to “most caution required”:

Safest, explicitly do not train on your data

  • Anthropic API (via Anthropic Console for production use)
  • Anthropic Console itself for direct interaction
  • Claude Team / Claude Enterprise (the team/enterprise subscriptions)
  • OpenAI API
  • ChatGPT Team and ChatGPT Enterprise
  • Microsoft Copilot for Microsoft 365 (covered under Microsoft’s commercial data protection)
  • Cloud-hosted Claude on Amazon Bedrock or Google Vertex AI (data stays in AWS/GCP)

All of these have commercial contracts that explicitly state your inputs and outputs are NOT used to train models, are NOT retained beyond 30 days (often less), and are NOT shared with other customers.

For Australian business with client-identifying data, this tier is the floor.

Medium, terms vary, read carefully

  • Claude.ai Pro (the $20 USD/month consumer subscription), Anthropic’s policy is that Pro user inputs are NOT used for training by default, but the consumer ToS reserves more rights than the API tier. Acceptable for non-client data; we’d still default clients to the API.
  • ChatGPT Plus, similar consumer-grade ToS. OK for general use, not ideal for sensitive client data.

Highest caution, free tiers

  • Free Claude.ai, inputs may be reviewed by humans for safety + may be used for training in some contexts.
  • Free ChatGPT, similar. OpenAI’s policy lets them use free-tier inputs for training unless you opt out (and even then, retention semantics aren’t the same as the paid API).
  • Free Gemini, free Copilot, free anything, assume your inputs could end up training the next model unless the provider’s commercial terms say otherwise.

For business use, just don’t put client-identifying data into free tiers. Use a paid one. The $31 AUD/month for ChatGPT Plus or Claude Pro removes most of the concern; the API tier removes it entirely.

What the Australian Privacy Act + APP require

For most small businesses (under $3m revenue), the Australian Privacy Principles only apply if you handle sensitive information (health, government IDs) or trade in personal info. But the practical bar from clients is higher than the legal one:

  • Your clients expect you to treat their data carefully
  • “We pasted your contract into ChatGPT to summarise it” is a conversation you don’t want to have
  • Engagement letters can require professional secrecy that AI processing technically violates

The clean approach for any business:

  1. Use a paid/API tier for any client-identifiable data
  2. Document AI use in your Privacy Policy
  3. Where possible, strip identifiers before AI processing (use placeholders or pseudonyms)
  4. For regulated professions (legal, financial planning, allied health), check your professional body’s AI guidance, most have published one in 2025-2026. Where to find it: AHPRA at ahpra.gov.au (search “artificial intelligence” or “AI position statement”), the TPB at tpb.gov.au (Practice Notes), and your state Law Society’s professional standards page. For our full Australian business privacy framework see the AI privacy guide.

Where data physically lives

Anthropic API: US-east primary, EU secondary. Some AU-hosted offerings via Vertex AI. OpenAI API: US-based, with EU residency option for paid customers. Microsoft Azure / Bedrock: regional residency options including AU regions.

If you have a contractual requirement that data must stay in Australia (rare for SMB, common for some government / health contracts), you’d want to use Amazon Bedrock with the Sydney region selected, or an equivalent residency-controlled deployment.

Quick decision rule

  • Personal admin, drafts, brainstorming: any tier
  • Internal business content, ops: paid consumer tier minimum
  • Client-identifiable data: API or Enterprise tier, always
  • Regulated client data (legal, health, financial): API + explicit privacy-policy disclosure + pseudonymisation where feasible

If you want help setting up the right data-handling posture for your specific business, that’s part of every free AI audit we run.

Jenn Yang portrait
You'll be talking to Jenn Yang, Director, DotVA + Editor, On Autopilot Replies within one business day, AEST. jenn@onautopilot.com.au

Want this built for your business?

Book a free 30-minute AI audit. We'll map your business and show you exactly which systems we'd build first. No pitch deck, no scoping fee.

Book my free AI audit