How do you stop AI vendors using client data for training?

Preventing AI vendors from keeping client data starts before upload

If a professional services firm uses an AI tool with client files, emails, call notes or claims data, the first question is not whether the tool is impressive. It is whether the vendor can retain that data, reuse it for model training, or pass it into a service chain you cannot inspect.

The safe position is simple: client data should not be retained for vendor training unless the firm has made a conscious, documented decision that the use is lawful, proportionate and contractually controlled. For most regulated or confidential work, the answer should be no.

The safest approach is a written no-training control backed by evidence

To prevent client data from being retained or used in AI training, require three things before the tool is approved: a contract term that bans training and secondary use, product settings that disable retention and telemetry where possible, and vendor evidence that explains where data is stored, for how long, and who can access it.

Do not rely on a sales page that says data is secure. Ask for the current data processing agreement, sub-processor list, retention policy, model training terms, support access controls and deletion process. If the vendor cannot explain these points clearly, the tool should not receive confidential client material.

Check which AI tools are safe to use with client data

What the contract needs to say

Your contract or order terms should state that the vendor may process client data only to provide the service, not to train models, improve shared products, build benchmarking datasets, or create derived data for its own purposes. The wording should cover prompts, uploaded files, outputs, logs, support tickets, metadata and any human review process.

It should also include deletion rights, breach notification, sub-processor notification, audit or assurance rights, and a clear instruction that data cannot be moved into consumer or public model environments. For law firms, insurers and financial services teams, this is a confidentiality and regulatory governance issue as much as a cyber question.

What to check in the product settings

Many AI tools have separate settings for chat history, training, product improvement, analytics, support review and workspace retention. Someone should capture screenshots or exports of the approved settings and attach them to the vendor record. If the tool has admin controls, lock the safe configuration at workspace level rather than relying on individual users.

Where possible, use enterprise workspaces, private tenants, region controls, SSO, role-based access and data loss prevention. Avoid unmanaged browser plugins or personal accounts for client work. They are hard to monitor and often sit outside the policies your firm believes it has in place.

The governance process should be practical, not theoretical

A useful AI vendor review can be short. Classify the data, identify the user group, check the training and retention terms, record the approved use cases, and define what users must not upload. Then review the vendor again when the contract, model, product tier or sub-processor list changes.

This process should sit inside a named owner model. Legal, risk, information security and operations may all have a role, but one person needs to own the AI vendor register and keep the evidence current.

Put lightweight AI vendor governance in place

A simple control checklist

• Confirm whether the vendor can train on prompts, uploads, outputs, logs or feedback.
• Check whether training is off by default or must be disabled by an admin.
• Review retention periods for user content, system logs and support records.
• Check whether human reviewers, contractors or sub-processors can see client data.
• Record the approved use cases and banned data types.
• Keep evidence of the contract terms, settings and vendor assurance material.

What to tell staff

Staff guidance should be blunt. Do not paste confidential client information into any AI tool unless it is on the approved list for that type of data. If the tool is not approved, use anonymised examples or ask for review first. If the work involves privileged, regulated, personal or commercially sensitive information, assume the stricter rule applies.

This is not about slowing people down. It is about making safe AI use easier than risky AI use.

Conclusion

The best control is not a long AI policy that nobody reads. It is an approved vendor list with evidence behind it, clear upload rules for staff, and a repeatable review process for new tools. That gives teams room to use AI while keeping client confidentiality, insurance expectations and regulatory duties under control.

Build the approved AI tooling process for your team