Treat scripts, outlines, research notes, and prompts as production data. Even if your deployment is private, habits that minimize exposure reduce risk when you scale teams or integrate tools.
What to avoid pasting into prompts
Secrets: API keys, passwords, private URLs with tokens.
Personal data: government IDs, full addresses, health details—unless your policy explicitly allows and you have a lawful basis.
Third-party confidential info without permission.
Workspaces and separation
Use separate workspaces for distinct clients or brands so presets, rules, and accidental shares stay bounded. Never rely on “we will remember not to”—structure beats discipline at 2 a.m.
Collaboration hygiene
Least privilege: grant editor access only where needed.
Rotate access when contractors leave.
Export critical scripts periodically if your org requires backups outside the app.
Policies and compliance
Retention, subprocessors, and regional rules are defined by your deployment’s legal documents—not this guide. For regulated industries, run official DPIA or legal review before heavy AI use on sensitive topics.
A sane default
If you would not put it in a shared Google Doc with your client CC’d, do not put it in a prompt without safeguards.