Is that AI tool safe for work?

Adobe Inc. · Image

The bigger governance question is output provenance and indemnity scope rather than training. Firefly is 'commercially safe' and IP-indemnified mainly for enterprise customers, so individual and free users should not assume the same legal coverage for generated assets.

Canva Pty Ltd · Design

There is a genuine discrepancy between Canva's stated opt-in default and third-party reports of training toggles being on by default for Free/Pro accounts, so an at-work individual user should explicitly verify and disable both 'usage' and 'content' AI-training toggles in privacy settings.

OpenAI · AI assistants

Consumer/free ChatGPT uses your chats for training unless you proactively disable it, so staff pasting work data into personal accounts can leak it into model improvement.

Anthropic · AI assistants

Even when a consumer opts out of training, conversations flagged for safety review can still be retained up to two years and used to improve models without notifying the user.

Anysphere · Coding

On the free/Pro tier Privacy Mode is opt-in and OFF by default, so an at-work user who does not enable it has their code, prompts and editor actions stored and used to train Cursor's models.

DeepSeek (Hangzhou DeepSeek Artificial Intelligence) · AI assistants

The hosted DeepSeek app and API store user prompts and personal data on servers in the People's Republic of China (subject to Chinese law) and use inputs to train models by default. This is a major governance risk that has led to government bans and restrictions in Italy, South Korea, Australia, and multiple US federal agencies.

ElevenLabs Inc. · Audio

On the default consumer tier your submitted audio/voice data is used to improve models unless you flip the opt-out toggle, and voice cloning carries real consent/likeness-misuse exposure if someone uploads a voice they aren't authorized to clone.

Fireflies.ai Corp. · Meetings & notetakers

Fireflies' bot auto-joins calendar meetings to record/transcribe, creating consent exposure, and HIPAA-grade Private Storage plus EU data hosting are gated to Enterprise deals.

Gamma Tech, Inc. · Design

On individual Free/Plus plans your presentation content is fed into AI model improvement by default, so an at-work user must manually opt out (or move to a Team/Business workspace) to keep client material out of training.

GitHub (Microsoft) · Coding

On individual (free/Pro) plans, code snippets can be retained and used for model improvement unless opted out, so developers on personal accounts may expose proprietary code.

Google · AI assistants

Personal Gemini accounts have human reviewers reading a sample of chats (kept up to 3 years even after you delete activity), so confidential work content typed into a personal account can be seen by reviewers.

Grammarly, Inc. · Writing

On free/Premium consumer tiers Grammarly uses de-identified content for product improvement/training unless you opt out, and HIPAA coverage requires an Enterprise BAA (not available on Free/Premium/Business).

Jasper AI, Inc. · Writing

Jasper relies on third-party LLM providers (e.g., OpenAI/Anthropic) under no-training API agreements, so an at-work user's confidential prompts still transit external model vendors and trust rests on contractual rather than self-hosted controls.

Microsoft · Productivity

Copilot inherits the user's existing permissions, so over-shared SharePoint/OneDrive content becomes far easier for employees to surface. That is an oversharing and governance risk rather than a training one.

Midjourney, Inc. · Image

All prompts and generated images are public by default and licensed for model training, and Stealth Mode (Pro/Mega only) merely hides outputs from the public gallery without exempting them from training, so confidential work-related content should not be used.

Notion Labs, Inc. · Productivity

Some AI features can optionally enable data-retaining LLMs via workspace settings, so an admin must confirm the workspace stays on zero/short-retention configurations.

Otter.ai, Inc. · Meetings & notetakers

Otter trains its own models on de-identified user content by default and its meeting assistant can auto-join calendar meetings, raising consent and surveillance concerns (it is the subject of a wiretap/consent class action).

Perplexity AI, Inc. · Search

On consumer plans data is used to improve models unless you turn off the default-on 'AI data retention' toggle, and reporting alleges Perplexity shared conversational data with ad/tracking platforms (incl. in Incognito).

Read AI, Inc. · Meetings & notetakers

The biggest gotcha is the auto-join bot behaviour. Read can be invited by any participant and join meetings automatically, so sensitive conversations may be silently recorded or transcribed unless hosts and participants actively remove it.

Salesforce · Productivity

The 'no training' guarantee covers generative LLMs, but Slack's non-generative machine-learning features have historically processed customer messages on an opt-out (not opt-in) basis, so admins must proactively review AI/ML data settings rather than assume default protection.

Synthesia Limited · Video

The main governance gotcha is consent provenance for AI avatars and voices. Synthesia requires documented consent for any likeness, so an at-work user must ensure they have rights to any face or voice they upload to create a custom avatar.

Zoom Communications, Inc. · Meetings & notetakers

AI Companion must process meeting audio/transcripts to function, and those inputs can be retained up to ~30 days for support/debugging, so disabling or admin-scoping the feature is the only way to keep sensitive conversations out of that processing pipeline.