ChatGPT, AI Assistants and GDPR

The Hidden Risk of AI Assistants

Many people already use ChatGPT, Claude, Gemini, Copilot, Grok, or other AI assistants in daily workflows.
Users paste:

emails
support tickets
contracts
meeting notes
medical information
customer requests
private messages
internal documents

into AI systems to save time.

The problem: These texts often contain personal or confidential information.

Examples include:

names
email addresses
customer IDs
contract numbers
IBANs
phone numbers
patient information
private addresses
internal company data

In many cases, users do not even realise how much sensitive information they are sending to public AI tools.

Why This Can Become a GDPR Problem

Under the GDPR and similar data protection regulations, personal data must be carefully protected.
The transfer of unfiltered personal data of customers, employees, or patients to external AI systems can create risks regarding:

Confidentiality
Data processing agreements
International data transfers
Compliance obligations
Professional confidentiality
Internal security policies

This becomes particularly problematic when people casually use public AI tools, generative AI platforms, or AI chatbots in everyday work, research, support, legal reviews, medical communication, or private tasks.

A Safer Workflow Before Using AI

A safer approach before using ChatGPT, Claude, Gemini, Copilot, Grok or other LLMs is:

Remove, anonymize or pseudonymize sensitive information locally
Verify the cleaned version
Use the sanitized text in AI systems
Restore pseudonymized placeholders locally afterwards if needed

This helps reduce privacy, confidentiality and compliance risks while still keeping the text useful for AI-assisted work.

Example

Original Text

Customer Peter Müller from Berlin called regarding invoice 48372.
His IBAN is DE89370400440532013000 and his email is [email protected].

Pseudonymized Version

Customer [PERSON_1] from [LOCATION_1] called regarding invoice [NUMBER_1].
His IBAN is [IBAN_1] and his email is [EMAIL_1].

The useful context remains intact while sensitive information is removed.

Why Local Processing Matters

Many redaction, anonymization and AI privacy tools require users to upload documents or text to a cloud service.
For sensitive information, this can itself become a security, privacy or compliance concern.

Redaxa works differently.

All text processing happens locally on your own PC. No document uploads. No cloud processing. No external AI required.

This makes Redaxa especially suitable for:

GDPR-sensitive environments
legal departments
healthcare and patient information
research material
private communication
business documents
users who want to prepare text before using AI assistants

Use Redaxa Before Sending Text to AI Systems

Redaxa helps users safely prepare text before sharing it with ChatGPT, Claude, Gemini, Copilot, Grok or other AI assistants:

detect sensitive information automatically
highlight risky content
redact personal data
anonymize or pseudonymize sensitive information
prepare text safely before using LLMs, AI chatbots or generative AI tools

The application works locally and supports multiple languages.