What you can safely send to Claude, what you can never send, and how to protect your clients and your company.
Not being dramatic. Real companies have lost clients because an employee pasted sensitive data into a public AI tool. Real people have been fired for leaking credentials through an AI chat session.
You are working with clients. You have access to real business data. You need to know the rules.
First, the facts:
Claude (claude.ai — paid plans): Anthropic does not use your conversations to train models by default on paid plans. Your prompts are not permanently stored or shared.
Claude Code (the CLI you use locally): Runs on your machine. Your files, code, and context stay on your device unless you explicitly share output somewhere.
Free or random AI tools: No guarantees. Many free tools do use your input for training. Some store everything indefinitely.
The safest mindset: Treat every AI prompt like an email you're sending to someone outside the company. If you wouldn't email it to a stranger, don't paste it into an AI tool.
These things never go into any AI tool, ever:
| What | Why |
|---|---|
| Client passwords or login credentials | If it leaks, you've compromised their account |
| API keys, tokens, secret keys | These are like passwords for software — leaked = hacked |
| Client's private financial data | Revenue numbers, invoices, bank details |
| Personal information (SSN, ID numbers, birthdates) | Data protection laws. Serious legal exposure |
| Internal salary information | Trust violation + possible HR/legal issue |
| Anything marked "confidential" by a client | Respect the trust they placed in the company |
.env files or credential files |
These contain keys — never paste, never screenshot |
If you ever accidentally paste something you shouldn't have — tell Prime immediately. Don't hide it. The earlier it's caught, the easier it is to fix.
You can absolutely use AI for:
Some things are OK with care:
Client name + industry + general description: Fine. "I'm writing content for a dental clinic in California" is not a secret.
Client problems and challenges: Usually fine, but think before you paste. "Client is struggling with staff turnover" is different from "Client owes $40k to a supplier."
Internal processes and SOPs: Fine for internal use, but don't share detailed internal docs in public-facing AI tools or channels.
Conversations with clients: Summarize instead of paste. "Client asked about social media strategy" instead of copying the full email thread.
When working in Claude Code:
Never add .env files to any project folder that gets shared or committed to GitHub — even accidentally. The pre-commit hook on HivePowered projects blocks this automatically, but you should know why.
Your local ~/.claude/ folder has memory — this is only on your machine. Don't share it with others.
CLAUDE.md files get committed to git — treat them like public documentation. No real credentials, no client-specific passwords, no sensitive internal info.
Skills you build are saved as files — check what's in them before sharing any skill files externally.
You are responsible for what you paste.
Claude will work with whatever you give it. It doesn't know what's sensitive and what isn't. That judgment is yours.
When in doubt: summarize instead of paste. Describe instead of share. Ask Prime if you're not sure.
✅ SAFE: Public content, task plans, general research, your own writing
⚠️ THINK FIRST: Client details, internal processes, meeting notes
❌ NEVER: Passwords, API keys, financial data, personal IDs, .env files
If you're ever unsure — ask before you paste. Takes 30 seconds. Saves everything.
HivePowered AI — AI Like a Pro Training