Skip to content
PrivateAI
← Back to Home
Workflow & Productivity

How to Use AI at Work Without Leaking Sensitive Data: A Complete Workflow Guide

11 min readBy PrivateAI Team

The Uncomfortable Truth: Your AI Assistant Has a Very Good Memory

Here's the situation most developers, consultants, and knowledge workers are quietly ignoring: every prompt you send to ChatGPT, Gemini, or Claude (cloud version) is transmitted to a third-party server, stored, potentially reviewed by human trainers, and used to improve models. The exact retention and usage policies vary — and they change. What doesn't change is that once your prompt leaves your device, you have lost control of it.

For most queries that's fine. But if you're pasting in:

  • Client source code under NDA
  • Internal database schemas or API keys (even accidentally)
  • Draft contracts, financial projections, or HR documents
  • Proprietary business logic you've spent years developing

...then you're not just violating your own privacy. You may be violating a client contract, GDPR obligations, or your employer's acceptable-use policy. Several large enterprises have already banned consumer AI tools after employees inadvertently uploaded confidential data. Samsung's 2023 source code leak via ChatGPT is the case study everyone cites — and it won't be the last.

The answer is not to stop using AI. It's to build a workflow where the right tool handles the right task, with your most sensitive work staying on hardware you control.


The Three-Layer Private AI Stack

Think of private AI work in three layers:

  1. Sensitive processing — tasks involving confidential data (code, documents, client info). This must stay local.
  2. Research and web queries — gathering information from the public web. This can use a cloud tool, but should use one with a privacy-respecting policy.
  3. Storage and sharing — saving outputs, collaborating with clients or teammates. This needs end-to-end encryption.

Each layer has a tool designed for it. The rest of this guide walks through setting up all three.


Layer 1: Local LLMs for Sensitive Processing

For anything involving data you can't afford to leak, the answer is a local model — one that runs entirely on your own machine, with zero network calls.

Why Ollama is the practical choice in 2026

Ollama has become the de facto standard for running open-weight models locally. It abstracts away the complexity of model loading, GPU memory management, and API serving behind a single clean interface. You get a local REST endpoint at http://localhost:11434 that behaves like the OpenAI API — meaning tools built for ChatGPT often work with Ollama out of the box.

Installation is a one-liner:

```bash

curl -fsSL https://ollama.com/install.sh | sh

```

Then pull a model:

```bash

Good all-rounder for coding and analysis

ollama pull llama3.2

Stronger for complex reasoning (requires ~8GB VRAM or RAM)

ollama pull qwen2.5-coder:14b

Lightweight, fast, surprisingly capable

ollama pull phi4-mini

```

For most knowledge work on a modern MacBook Pro or a mid-range workstation, llama3.2 or qwen2.5-coder will cover 80% of your tasks. If you're on Apple Silicon, Metal GPU offloading means these models run meaningfully faster than on equivalent Intel/AMD CPUs.

Connecting your editor to a local model

If you use VS Code, install the Continue extension and point it at your Ollama endpoint. You get inline code completion and a chat panel — functionally similar to GitHub Copilot, but with zero data leaving your machine.

For ~/.continue/config.json:

```json

{

"models": [

{

"title": "Local Qwen Coder",

"provider": "ollama",

"model": "qwen2.5-coder:14b",

"apiBase": "http://localhost:11434"

}

]

}

```

Every autocomplete suggestion and every chat message stays local. Your proprietary code never hits a remote server.

What local models are good at (and what they're not)

Local models running on consumer hardware are excellent for:

  • Code review, refactoring, and explanation
  • Drafting documents and emails from your own notes
  • Summarizing long texts you've pasted in
  • Answering questions about code you've written

They are weaker on:

  • Real-time information (they have a training cutoff, no web access)
  • Tasks requiring broad world knowledge with high accuracy
  • Very long context windows on constrained hardware

For anything requiring current web information, you move to Layer 2.


Layer 2: Privacy-Respecting Web AI for Research

Not every AI query involves sensitive data. When you need to search the web, research a library, or ask about current events, a local model can't help — it doesn't have internet access by design.

The instinct is to reach for ChatGPT or Google Gemini. But both use your queries to train models and associate your activity with your account. There's a better option.

Perplexity Pro: Web AI that doesn't build a profile on you

Perplexity Pro is a search-AI hybrid that retrieves live web results and synthesizes answers with citations. Unlike Google's AI or ChatGPT with search, Perplexity explicitly does not use your queries to train its models when you're a Pro subscriber. Your searches are not tied to a persistent behavioral profile the way Google queries are.

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.

For a private AI workflow, Tresorit handles:

  • Saving and versioning AI-generated drafts and analysis
  • Sharing deliverables with clients without exposing them to third-party platforms
  • Archiving sensitive prompts and outputs that you want to retain but not expose

Tresorit integrates with Windows, macOS, iOS, and Android, and has a Teams tier for sharing encrypted folders with collaborators without giving the platform visibility into contents.

A practical folder structure for professional use:

```

/Tresorit/

/Clients/

/ClientA-2026/

/research/ ← Perplexity exports, public research

/ai-drafts/ ← local LLM outputs on confidential material

/deliverables/ ← final docs shared with client

/Templates/ ← prompt templates for recurring work types

```

Everything in this structure is encrypted in transit and at rest with keys you control. If Tresorit were subpoenaed, the encrypted blobs they'd hand over would be useless without your keys.


Securing the Communication Layer

Storage is solved. What about sending AI-assisted work to clients via email?

Standard email — Gmail, Outlook, even corporate email — is not end-to-end encrypted by default. Your email provider can read every message. If you're sending a contract draft or analysis you generated with sensitive data, that's another exposure point.

Proton Mail: Encrypted email with zero knowledge

Proton Mail provides end-to-end encrypted email between Proton users. For external recipients (Gmail, Outlook), you can send password-protected encrypted messages. For internal team communication, everything is E2EE by default.

Affiliate Disclosure: This article may contain affiliate links. If you make a purchase through these links, we may earn a small commission at no extra cost to you. We only recommend products we genuinely believe in. This helps support our work and allows us to continue providing free content.