Skip to main content
Contracts

ChatGPT Virtual Assistant Contract: Scope + Confidentiality

Updated 9 min read

TL;DR

ChatGPT drafts a clean virtual assistant contract, but it misses the clauses a VA needs most: it writes the scope as vague general support instead of an itemized task list with a change-order trigger, and its confidentiality clause never names the logins, inboxes, and customer data you actually handle. The prompt below fixes both, plus the offboarding clause AI forgets. Here is what to check before you send it.
On this page

See the canonical entry point at Using AI to Generate Professional Freelance Documents: The Complete Guide (Contracts, Proposals & Invoices).

You are onboarding a new client and they want an agreement, so you ask ChatGPT for a virtual assistant contract. Ten seconds later you have a clean document with hours, rate, and a termination clause. It reads like a real agreement.

The trouble is that a generic model does not know what a virtual assistant actually handles. It writes the scope as a vague line about "general administrative support," it produces a boilerplate confidential-information clause that could apply to anyone, and it says nothing about what happens to your access and the client's data when the work ends. Those gaps matter more for a VA than almost any other freelancer, because you hold the client's passwords, their inbox, and their customer list. This post gives you a VA-specific prompt, then the three clauses you rewrite before sending.

The prompt that drafts a VA contract

Paste this into ChatGPT, Claude, or Gemini, using placeholders for the real client details.

You are an expert at drafting freelance virtual assistant contracts.
Draft a contract from the details below.

SERVICES: [itemized list, e.g. "inbox triage, calendar management,
  3 social posts/week, monthly expense log"]
HOURS / RETAINER: [e.g. "20 hours/month retainer"]
FEE + SCHEDULE: [e.g. "$X/month, invoiced on the 1st"]
TERM + NOTICE: [e.g. "month-to-month, 14 days' notice"]

Rules:
1. Scope: list the agreed tasks as ITEMIZED services with volume caps
   (hours/week or count/month). Anything not listed is out of scope and
   needs a written change request before it is done.
2. Confidentiality: name the specific categories I handle (passwords and
   account logins, client inbox and correspondence, customer contact
   lists, business plans). Confidentiality survives termination.
3. Offboarding: on termination, the Client revokes my access and I
   return or delete the Client's data and credentials within a set
   number of days.
4. Plain English. Flag any clause that depends on my jurisdiction.

Output the contract, then list the decisions you made that I should
confirm.

The rules are doing the work. Strip them out and the model writes a generic services agreement that leaves your scope open and your privacy clause toothless. Even with the rules, confirm the three clauses below, because those three are where access, scope, and data exposure actually get defined.

Clause 1: itemize the scope and build in a change order

Vague scope is the VA's biggest recurring problem, and generic AI writes the vaguest version of all. "General administrative support" is not a scope, it is an invitation. A 2024 survey of 147 virtual assistants found that scope creep was the single most common client issue, named by 21% of respondents:

The biggest client issue is scope creep, where a client "creeps" in more and more work, without adjusting pay.

Source: Project Untethered, 2024 VA Survey

The fix is two parts. First, list the tasks you actually agreed to, with volume caps on the ones that balloon: a set number of hours per week, a stated number of posts per month. Second, define what happens when a request lands outside that list. VA educator Emily Reagan puts the rule simply:

If your work goes beyond the scope of the contract, have your client provide a written work request.

Source: Emily Reagan, EmilyReaganPR.com

That written request is the trigger for a change order, not silent free labor. The same survey found that 30% of VAs do not track their hours at all, which is exactly how an itemized scope quietly drifts into a full plate of unbilled extras. The deeper version, a static contract paired with a living task list, lives in the VA scope and change-order guide; the scope-creep guide covers the same boundary for any freelancer.

Clause 2: a confidentiality clause that names what you touch

A confidentiality clause is only as strong as the things it actually lists, and generic AI writes the version that lists nothing specific. "The Contractor shall keep Confidential Information confidential" sounds fine and protects little, because it never names what a VA is trusted with. Legal GPS spells out the categories that belong in a VA's clause:

Passwords and account logins. Client or customer contact lists. Business strategies and email campaigns.

Source: Legal GPS, Do Virtual Assistants Need an NDA?

So the prompt instructs the model to name them: the logins you are given, the client inbox you read, the customer list you manage, the plans you see. The clause should also survive the end of the engagement rather than expiring with it. For most clients an embedded clause is enough; a separate NDA is worth a lawyer's eye only in higher-stakes cases, which Legal GPS frames as high-profile clients, regulated data like HIPAA or financials, or a client's own heavily customized NDA. If a client hands you a dense agreement of their own, the NDA prompt guide covers how to read it before signing.

Clause 3: the offboarding clause AI forgets

The clause generic AI omits completely is what happens when the relationship ends. A VA leaves with the keys to the kingdom still in hand: saved passwords, inbox access, a shared drive. A contract that ends cleanly says, in writing, that on termination the client revokes your access and you return or delete their data and credentials within a set window. In practice that window is short, often 7 to 14 days, and the steps are concrete: the client removes you from the shared inbox and the password manager and rotates any credentials you knew, while you delete the local copies of files you downloaded to work on. Spelling that out turns a vague promise into a checklist both sides can follow.

This protects both sides. The client is not left wondering who can still log in, and you are not holding sensitive material you no longer have a reason to keep. Picture the alternative: a month after a client leaves, your browser still autofills their account logins and a customer export still sits in your downloads folder. A standard AI-drafted contract says nothing about that, which is why it has to be a named rule in the prompt.

Here is what to rewrite:

ClauseWhat generic AI writesWhat a VA contract needs
Scope"General administrative support"Itemized tasks with volume caps, plus a written change-request trigger
Confidentiality"Keep Confidential Information confidential"Named categories: logins, client inbox, customer lists, business plans
SurvivalSilent, or expires with the contractConfidentiality survives termination
OffboardingOmittedOn termination, client revokes access and you return or delete data in a set window

Read it once, because AI invents legal specifics

The rewrites are the predictable gaps. The other rule is to read the whole document, because AI will state a legal specific with total confidence that is simply wrong. In Mata v. Avianca (2023), lawyers were fined $5,000 for filing a brief ChatGPT had stuffed with fabricated cases. You are not in court, but a contract that governs access to a client's accounts deserves the same read-through. As Pactly notes, any text generated by an AI must be treated as a draft and requires final legal oversight.

pro tip

Never paste real logins or customer data into a chatbot. Draft with placeholders, because one analysis found that sensitive data makes up 11% of what employees paste into ChatGPT, and a VA holds more of a client's keys than most. Use a generic client name and round figures while drafting, then add the real details privately.

Or start from a contract built for VA work

The prompt works, and the VA-specific version above is far better than a generic request. The friction is the same as every AI-document workflow: you fill in the rules, fix the clauses, and reformat the output for every new client.

If you would rather skip that and start from a contract where the itemized scope, the named confidential categories, and the offboarding clause are already set, FreelanceDesk builds it with those choices baked in and generates locally in your browser, so client logins and details never reach a third-party model, and it is free.

To go deeper, the VA scope and change-order guide covers the full two-document system, and the scope-of-work prompt covers how to itemize deliverables for any project. The generic AI-contract prompt covers the base this one builds on, and the NDA prompt guide covers the standalone agreement for clients who need more than an embedded clause.

Before you send the AI-drafted VA contract

The scope lists itemized tasks with volume caps, not general administrative support
Anything outside the list needs a written change request before you do it
The confidentiality clause names logins, client inbox, customer lists, and business plans
Confidentiality survives the end of the engagement
An offboarding clause revokes your access and returns or deletes client data in a set window
You drafted with placeholders, never real logins or customer data
You read the full document once and confirmed no clause cites an invented law

References

Frequently Asked Questions

Related Articles

FreelancingMay 31, 202610 min read

The Virtual Assistant Contract: Scope, Task List, and the Change-Order Clause That Stops Creep

The Filipino VA juggling three US clients does not lose hours to one demanding client. They lose hours to three clients adding 'small Friday extras' that compound into 12 unbilled hours per month. The scope clause, the change-order clause, and the two-document system that stops the pattern.

FreelanceDesk
ContractsJun 5, 20265 min read

Use ChatGPT to Write a Freelance NDA (The Prompt + the Clauses AI Gets Wrong)

A copy-paste prompt that makes ChatGPT draft a real freelance NDA, plus the four decisions the AI makes for you without asking: one-way versus mutual, how long confidentiality survives, what counts as confidential information, and which jurisdiction governs. What to set before you send it.

FreelanceDesk
ContractsJun 4, 20269 min read

How to Use ChatGPT to Write a Freelance Contract (Prompt + What to Fix Before You Send)

A copy-paste ChatGPT prompt that drafts a real freelance service contract, plus the three clauses the AI almost always leaves too generic to protect you: scope, payment terms, and IP-transfer-on-payment. What to keep, what to rewrite, and how to check it before you send.

FreelanceDesk

Tired of recreating documents from scratch?

Save clients, templates, and brand kit in one place. $49 once. Your data never leaves your browser.

Get 45 Templates + Unlimited Docs for $49