How to use ChatGPT with confidential data (a GDPR-safe workflow)

To use ChatGPT safely with client or patient data, remove personal data before the text ever leaves your device. Here is the secure four-step workflow.

Updated

To use ChatGPT safely with sensitive documents, remove every piece of personal data before the text leaves your device. Anonymize the document locally, work with the anonymized version in the AI tool, then restore the originals afterward. That way no personal data is ever sent to the AI provider.

Why is pasting confidential data into ChatGPT a problem?

The moment you paste a document containing names, addresses, case numbers, or diagnoses into a cloud AI tool, that text leaves your building and is processed on the provider’s servers, often outside the EU. For personal data, that is a transfer to a third party, which needs a legal basis and usually a data-processing agreement.

The risk is routine, not hypothetical: an analysis by Cyberhaven (2023) found that around 11% of the content employees paste into ChatGPT is confidential. Banning AI does not fix this, it just drives usage into the shadows. The safe path is not to transmit the data in the first place.

The solution: strip personal data before you use AI

Instead of handing the original document to the AI, replace every piece of personal data with a neutral placeholder. “John Smith” becomes [PERSON_1], an IBAN becomes [IBAN_1], consistently across the whole document. The AI works on the anonymized version and returns an anonymized answer. Only on your device are the real values restored.

The key is that this step happens locally. Cloud-based anonymization only shifts the trust problem to another vendor, because the data still leaves your machine. With a local tool, the document content never leaves your computer at all.

Four steps to use ChatGPT safely with sensitive documents

  1. Open the document locally. Load or paste it into a tool that runs entirely on your device, for example Stript. No upload, no API.
  2. Detect and review the personal data. Names, addresses, phone numbers, IBANs, tax IDs, and more are highlighted. You confirm or correct the suggestions, so you stay in control.
  3. Anonymize and use your AI tool. Copy the anonymized version into ChatGPT, Claude, or any other tool and ask your question.
  4. Paste the answer back and restore the originals. Drop the AI’s response back in, and the placeholders are automatically replaced with the real values.

The workflow itself is just a few steps. How long the local analysis takes depends on the size of the document and your machine.

Not every detected name is sensitive: why context is the key

Most tools work at one of two levels, and both fall short.

The simplest level is a find-and-replace list. It only replaces what you already know about, and misses everything else.

The second level is automatic name detection (named-entity recognition), which many tools rely on. That is better, but it confuses two things. Not every detected name is personal data: “Angela Merkel” in a news quote, a court, a public authority, or a city are names, but not protected personal data. And in reverse, not every piece of personal data is a classic proper name. Plain name detection therefore flags too much and too little at the same time.

Stript works at a third level: it judges, for each match, whether it is genuinely personal data in this specific context. “Patient Angela Müller” in a medical letter gets anonymized, while “Angela Merkel” in a news quote and “Munich District Court” stay untouched. That cuts false positives and, at the same time, catches personal data that plain name detection misses. You stay in control, because you confirm every decision.

Why local anonymization beats a cloud service

Many anonymization services advertise “hosted in Germany.” That is better than a US server, but it does not solve the core issue: your data is still transmitted to someone else’s server and processed there. A fully local tool is the only option where the document content never leaves your computer, and you can verify the network traffic yourself.

Who is this for?

  • Law firms: summarize or draft pleadings, contracts, and client correspondence without exposing client data.
  • Tax and accounting: analyze filings and client records with AI without breaching confidentiality.
  • Doctors and clinics: process medical letters and findings without transmitting health data (GDPR Art. 9).
  • Data protection officers: enable AI use across the company instead of banning it.

Frequently asked questions

Is this legal advice? No. Stript is a tool that avoids transmitting personal data to AI providers. The data-protection assessment of your specific case remains your responsibility.

Is the data really processed locally? Yes. Detection and anonymization run entirely on your device. The document content is never uploaded, and you can confirm this from the network traffic.

Can I turn the result back into a PDF or Word file? Yes. The mapping between placeholders and original values is stored locally and encrypted, so the original document can be restored.


Use any AI tool with your sensitive data, entirely on your device. Download Stript for free →