TL;DR
On this page
Your cursor is hovering over the send button. You have typed your client's name, their rate, and a paragraph about the project into ChatGPT so it can draft a contract, and a small doubt has surfaced: is this fine, or did you just hand a stranger your client's private business, maybe even break the NDA you signed last month?
This walkthrough is part of the complete guide to generating client documents with AI.
The reassuring news is that you can absolutely use AI to draft the contract. The catch is that the default way most people do it is the riskier way, and the fix takes about ten extra seconds. Here is what actually happens to what you paste, when it matters, and the simple workflow that keeps you and your client protected.
What actually happens to what you paste
It comes down to your account tier. Per OpenAI's data-usage policy, conversations on the free and Plus tiers can be used to improve its models by default. You can switch that off in Settings under Data Controls, but the change is not retroactive and most people never touch it. Business, Team, Enterprise, and API usage, by contrast, are excluded from training by default.
| ChatGPT tier | Trained on your inputs by default? |
|---|---|
| Free / Plus | Yes, unless you opt out in Data Controls |
| Team / Business | No, your inputs are excluded by default |
| Enterprise | No, your inputs are excluded by default |
| API | No, your inputs are excluded by default |
It also helps to be clear about what counts as the sensitive part. It is not just obvious secrets. A client's name, the rate you agreed, the scope of the work, and the names of their own products or customers can all be confidential, especially under an NDA. Those are exactly the fields you are tempted to paste so the draft comes back specific, and they are the ones worth protecting.
The reason this is worth a moment of your attention is how common the habit is. In an analysis of 1,600,000 workers, Cyberhaven found that 11% of what employees paste into ChatGPT is confidential, and that 8.6% of employees have pasted company data into it at least once. People are not being reckless, they are being efficient, and the sensitive details ride along by accident. A law firm puts the caution plainly:
You should not enter confidential information into ChatGPT because it saves all user inputs. It may breach your obligation to protect the confidentiality of that information.
Source: Romano Law, "Caution: Do Not Enter Confidential Information Into ChatGPT"
That is the worst-case framing. It is also avoidable without giving up AI at all.
If you signed an NDA, the stakes are higher
A lot of freelance work comes with a confidentiality agreement, and that changes the calculation. Most NDAs prohibit disclosing the client's confidential material to any third party without consent, and a cloud AI service is a third party. The act of sending the data, not just storing it, can be the problem. As the attorneys at Sapience Law explain:
Sending that data to an AI system run by a third-party cloud provider could meet the definition of "disclosure," even if it's for the purpose of rephrasing, summarizing, or analyzing the content.
Source: Sapience Law, "Are You Violating Your NDA by Using AI Tools?"
They add that the platform not permanently storing the data does not change the analysis, because the exposure can come from the transmission itself. This is the part that surprises people: turning off model training makes the tool safer, but under a strict NDA it is not a complete defense, because the disclosure already happened the moment the data left your machine. The only airtight protection is to make sure there is no confidential data in the prompt to disclose.
The safe workflow: draft with placeholders
This is the whole solution, and it is what legal-tech practitioners actually recommend. Instead of pasting real values, draft with generic tokens and fill in the truth privately afterward. As the team at Pactly advises for any public model:
Replace all confidential elements with placeholders: replace client names with [Company A], monetary amounts with [$Fee], and addresses with [Address].
Source: Pactly, "Is It Safe to Upload Contracts to ChatGPT?"
In practice the steps are quick:
The placeholder workflow for AI contract drafting
The model still produces a complete, well-structured contract, because the structure does not depend on the real names. You get the speed of AI drafting and your client's details never travel to a third-party server. The deeper drafting walkthrough, including the scope, payment, and IP clauses the model leaves too generic, is in how to use ChatGPT to write a freelance contract, and the confidentiality-agreement version is in the AI NDA prompt.
pro tip
Worried the placeholder version is somehow less valid? It is not. A contract is binding because of its terms and signatures, not the drafting method, which is covered in is an AI-generated contract legally binding. Filling in the real names afterward changes nothing about enforceability.
The simplest version: keep it local
Placeholders solve the problem, but they are still a manual step you have to remember on every contract. The cleanest way to sidestep the question entirely is to not send the data to a third-party model at all.
That is the approach FreelanceDesk takes. The contract builder runs locally in your browser, so when you type a client's name and rate, that information never leaves your device, never reaches a third-party AI, and never raises an NDA question, because nothing was transmitted. You fill in the real details from the start, export a clean PDF, and the privacy decision is already made for you. It is free to use. For the format fundamentals, see freelance contract essentials.
Either path works. Use placeholders with a public model, or keep the whole thing local. Both let you draft fast without trading away your client's trust.
References
- 11% of Data Employees Paste into ChatGPT Is Confidential : Cyberhaven
- How Your Data Is Used to Improve Model Performance : OpenAI
- Caution: Do Not Enter Confidential Information Into ChatGPT : Romano Law
- Are You Violating Your NDA by Using AI Tools? : Sapience Law
- Is It Safe to Upload Contracts to ChatGPT? : Pactly
