If you work with contracts, patient records, employee files, or financial statements, you've probably had the same hesitation before pasting something into an AI tool: where does this actually go after I hit send?
It's a reasonable question, and most of the answers you'll find online don't actually answer it. They either say "AI companies are using your data, be careful" without explaining what that means in practice, or they say "don't worry, it's all encrypted" without addressing the actual concern, which has nothing to do with encryption in transit and everything to do with what happens to the content afterward.
So here's a straight answer: it depends entirely on which tool you're using, what tier you're on, and whether you read the part of the privacy policy most people skip. Some of what's "true" about this also changed meaningfully in the last year. Below is what's actually going on, not the simplified version.
Training and processing are not the same thing, and the difference matters
When you upload a document and ask a question about it, two different things could be happening, and they have completely different privacy implications.
Processing means the AI reads your document to generate an answer to your specific question, right now, in that conversation. Once the response is generated, that's the end of its involvement in producing an answer. This is sometimes called "inference" — the model is making an inference from your input, not learning from it permanently.
Training means the content of your document — or the conversation containing it — gets added to a dataset that's later used to adjust the underlying model's parameters, so that the model behaves differently in the future for other users, based partly on what you submitted. This is a much bigger deal, because it means your content doesn't just get read once — it potentially becomes a permanent, untraceable influence on a system millions of other people interact with.
The confusion between these two is where most of the anxiety — and most of the genuine risk — comes from. A tool can process your document without ever training on it. A tool can also train on your document by default, without making that obvious, unless you go looking for the setting that turns it off.
What's actually happening across the industry right now
This isn't a hypothetical concern. A 2025 study from Stanford's Institute for Human-Centered AI examined the privacy policies of six major U.S. AI developers and found that all six used user inputs — including files shared during a conversation — to train their models by default, unless the user took the initiative to opt out. Some retained that data indefinitely. Practices varied on whether the data was de-identified first, and on whether human reviewers could read your actual conversation as part of improving the model.
One detail from that research is worth sitting with: the researchers noted that even content shared in what feels like a separate, contained upload — a file, not just a typed message — can still end up in the same training pipeline as the rest of the conversation. Uploading a file doesn't put it in a different privacy category from typing the same information directly into the chat box.
The pattern that shows up consistently, across nearly every major provider, is a split between consumer and business tiers. Free and personal-plan users are frequently opted in to training by default, with an opt-out buried a few menus deep in account settings. Business, enterprise, and API-tier customers are far more commonly excluded from training by default, often with that exclusion written directly into a separate commercial agreement rather than a general consumer privacy policy. This isn't universal, and it isn't permanent — terms change — but if you're using a free or personal-tier AI product for work, the default you're operating under is very likely the more permissive one, not the safer one.
It's also worth knowing that at least one major AI lab changed its default specifically in this direction during 2025 — shifting from not training on consumer conversations by default to doing so unless the user opts out. That's a real, documented shift, not a theoretical risk. Defaults like this can and do move, in either direction, and a privacy stance you read about a tool a year ago may no longer describe how it behaves today.
Why an uploaded document is a bigger deal than a typed message
There's a reasonable instinct to think "I'm careful about what I type into chatbots" handles this. Uploading a full document is a different category of exposure, for a few concrete reasons.
A typed message is something you composed, in the moment, with at least some awareness of what you're choosing to reveal. A document — a contract, a patient chart, an HR file — was written for an entirely different purpose, by someone who never anticipated it being read by a third-party AI system. It contains names, dates, account numbers, diagnoses, salary figures, and clauses you didn't write and may not have full authority to share, packed in at a density no one types into a chat box by hand.
There's also a compounding effect once that information is in a system designed to draw inferences from it. Stanford's researchers gave a useful illustration of this dynamic: a chatbot asked for "heart-healthy" recipe ideas can infer a health condition from that single request, and that inference can quietly propagate through an AI company's broader ecosystem — into ad targeting, into data shared with other products, into categories that outlive the original conversation entirely. A full medical record or financial statement gives a system vastly more to infer from than a single dinner-recipe prompt ever could.
What "de-identified" actually promises, and what it doesn't
Several major providers state that they de-identify or anonymize data before using it for training, and it's worth understanding exactly what that claim does and doesn't cover, because the phrase carries more confidence than the practice usually deserves.
De-identification works reasonably well on structured, columnar data — strip a name and account number from a row in a spreadsheet, and what's left is genuinely hard to trace back to a person. Free-text documents are a different problem entirely. A contract, deposition, or clinical note is full of indirect identifiers that don't look like personal data on a quick scan: a specific date combined with a city and an employer, a rare diagnosis paired with an age and a job title, a settlement amount referenced alongside a case number. Automated redaction tools are reasonably good at catching obvious patterns like names and phone numbers, and considerably less reliable at catching the combination of small details that, together, still point to one specific person or company.
This is exactly the problem HIPAA's "Safe Harbor" de-identification method tries to solve, by requiring removal of eighteen specific categories of identifiers — not just a name, but things like admission and discharge dates, vehicle identifiers, and full-face photos — precisely because partial redaction reliably fails to anonymize real clinical documents. A vendor saying "we anonymize before training" is not the same as a vendor demonstrating they meet that bar, and the difference matters a great deal more for a 40-page contract or patient file than it does for a one-line chat message.
What this means by profession
The generic privacy concern applies to everyone, but the practical stakes differ depending on what you're uploading.
Legal. Attorney-client privilege and work-product protections exist because confidentiality is the foundation of the relationship. Sharing privileged material with a third-party AI tool that trains on your input — or that doesn't contractually guarantee it won't — creates a real question about whether that confidentiality has been preserved or inadvertently waived. Several state bar associations have begun issuing guidance specifically about generative AI and client confidentiality, and a recurring theme in that guidance is that the duty of confidentiality applies to how you use a tool, not just whether you disclosed using one — meaning the vendor's actual data practices are squarely the lawyer's responsibility to verify, not a detail you can reasonably skip.
Medical. If a document contains protected health information, HIPAA generally requires a signed Business Associate Agreement with any vendor that handles it on your behalf. Most general-purpose AI chat tools do not offer a BAA on their free or standard consumer tier — and if a tool can't or won't sign one, uploading PHI to it isn't a gray area, it's a compliance problem, independent of how good the tool's general privacy policy sounds. This applies even to documents you've manually redacted, given how unreliable manual redaction tends to be on clinical free text specifically.
HR. Employee files routinely contain social security numbers, disciplinary history, compensation data, and performance reviews. Beyond the obvious confidentiality expectation employees have, this kind of data is increasingly covered by state-level biometric and employee-privacy statutes — some jurisdictions impose specific notice-and-consent requirements before biometric or detailed personnel data can be processed by a third-party system at all. A careless upload can turn into an internal incident, a regulatory inquiry, or both, long before it becomes a public one.
Finance. Pre-release earnings figures, M&A due-diligence material, and client account details carry their own confidentiality obligations, and in some cases genuine securities-law exposure if material nonpublic information were to leak or be reconstructed from a model's outputs. Regulation FD concerns around selective disclosure don't disappear just because the "disclosure" in question was to an AI system rather than a person — if the underlying information was material and nonpublic, the analysis doesn't really change. None of this needs to involve a dramatic breach to be a problem — it just needs to be in a system you don't fully control, without a clear answer about where it goes.
None of this means professionals in these fields should avoid AI tools. It means the question "does this tool train on what I upload" stops being a minor preference and starts being closer to a due-diligence item, the same way you'd check a vendor's data-handling terms before sending them a contract to review.
A practical checklist before you upload anything sensitive
Rather than trying to track every AI company's current policy — which will be out of date within months regardless of who writes it down — it's more useful to know what to check yourself, for any tool, at any time:
- Does the policy explicitly mention files and uploads, not just chat messages? Some policies only address "conversations" and leave uploaded document content ambiguous. If a policy doesn't clearly say what happens to uploaded files specifically, that's itself a signal worth noting.
- Is the training opt-out the default, or something you have to find and switch off? A tool that excludes training by default and lets you opt in is making a fundamentally different choice than one that includes you by default and requires you to dig through settings to opt out.
- Is there a stated retention period, and a real path to request deletion? "We may retain data" with no timeframe and no deletion process is a meaningfully weaker commitment than a specific retention window with a documented way to ask for early removal.
- Is your data isolated, or could it theoretically surface for another user? This is a different question from training — it's about whether the system architecture keeps your content scoped to your own session, or whether there's any path, even an unintended one, for it to be retrieved outside that scope.
- Does the free tier actually qualify for the same protections as the paid tier? If a vendor's strongest privacy commitments are reserved for enterprise contracts, confirm which tier you're actually on before assuming those protections apply to you.
If a tool can't give you a clear answer to the first two questions in particular, that's usually enough information on its own.
What opting out doesn't undo
One more thing worth knowing, because it changes how you should think about the checklist above: turning off training going forward, or deleting your account, generally does not undo training that already happened. Once a document's content has contributed to an actual training run and the resulting adjustments are baked into a model's parameters, there typically isn't a mechanism to selectively reverse that — the model doesn't store your document as a retrievable file, but the influence it had on the model's behavior doesn't disappear just because you later deleted the original. Opting out is a forward-looking control, not a recall button.
This is exactly why the timing matters: the moment to check a tool's training policy is before you upload something irreplaceable, not after.
Where a document-specific tool fits into this
General-purpose AI chatbots have to make these tradeoffs at the scale of hundreds of millions of users with wildly different use cases, which is part of why the defaults skew the way they do — broad data collection has historically been treated as the path to a better general-purpose model. A tool built specifically around document analysis doesn't have the same incentive structure, because the product isn't trying to become a better general conversationalist; it's trying to answer questions about your document correctly.
LearnByAI's document chat is built on that distinction deliberately: documents are processed to answer your questions — retrieved from, searched, summarized — and that's where their involvement ends. They aren't fed into model training, and sessions are isolated so one user's content isn't reachable from another's. The specifics of how that works, including how long data is retained and how to request deletion, are laid out in full on the privacy policy rather than asserted here — which is exactly the kind of thing worth checking yourself rather than taking a vendor's word for, on any tool you use, including this one.
The actual takeaway
You don't need to memorize every AI company's current training policy — they'll keep changing. What's worth remembering is the distinction this entire question rests on: processing your document to answer a question is not the same as that document becoming part of a model's training data, and which one is happening to you by default depends heavily on whether you're on a free consumer plan or a paid business one. For anything genuinely confidential — a client's contract, a patient's chart, an employee's file, a company's financials — that's a five-minute check worth doing before you upload, not after.
