Two settings most operators never touch — plus the security layer that matters the moment you put client data in front of AI. Do Part 1 this week. Read Parts 2–3 before you deploy AI for any client.
Find "Help improve Claude."
When ON, your conversations can be used to train future models — your client data, sales numbers, strategy docs go into the soup. When OFF, they stay private.
Settings → Data Controls → "Improve the model for everyone" → OFF.
Claude remembers things about you across chats. It shapes every output. If memory has wrong or stale info, every chat is subtly wrong.
Your business, role, voice rules · standing preferences (tone, formatting, banned words) · recurring clients + offers · anything you'd otherwise re-explain every chat.
Old clients you no longer work with · closed projects · wrong assumptions Claude inferred · anything that'd be a privacy risk on a screen-share.
Read every line. Do this once a month, forever.
Your AI's memory is your AI's brain. Don't let it run on outdated assumptions about your business.
I am not a lawyer. This is operator-level awareness, not legal advice. For your actual contracts, your jurisdiction, and your client situation — hire a real attorney. This is the landscape so you can have informed conversations.
| What you're handling | The move |
|---|---|
| Your own business data | Use AI freely (training toggle off, of course). |
| Client's general strategy + voice | Get consent in your scope of work. One line covers it. |
| Client's customer / employee / financial records | Anonymize first. Replace names with [CLIENT A]. Strip identifying numbers. |
| HIPAA / FERPA / regulated data | Do NOT paste. Get specialized legal advice first. |
| Law | Who it covers | The standard |
|---|---|---|
| CAN-SPAM (US) | Anyone emailing US recipients | Opt-OUT. Legal IF: accurate sender, honest subject, physical address, working unsubscribe. Up to ~$51,744 per bad email. |
| GDPR (EU) | Anyone emailing EU recipients | Stricter. Documented source, easy opt-out, no scraped lists. Up to 4% of global revenue. |
| CASL (Canada) | Anyone emailing Canadian recipients | Strictest. Requires consent BEFORE sending. Opt-out alone isn't enough. |
You disclose that you use AI tools in delivering the work. Protects you from "I didn't know you used AI."
Client data won't be used to train AI models. The #1 thing clients will start asking about.
Your NDA explicitly addresses AI tools as third-party processors. Old NDAs only contemplate human disclosure.
Who owns work product when AI was involved. Purely AI-generated content currently can't be copyrighted in the US.
If AI hallucinates something wrong and the client relies on it — who's liable? Limit your exposure.
1-minute fix. (Part 1 above.)
Delete stale, fix wrong. (Part 1b.)
No raw client records. Real sender info, working opt-out, no fabricated rapport.
Schedule this for this quarter.