Data Privacy and the Exocortex: Feeding AI Your Notes
Treat an AI chatbot like a public space: if you would not post it, do not paste it.
Is it safe to feed your second brain to AI? It depends, and the default is riskier than people think. Consumer AI accounts often train on your inputs unless you opt out, and anything in the cloud can leak. You can reduce the risk by opting out, using enterprise tiers, or running a local model, but the only truly unhackable, unleakable ledger is your First Brain. Treat the cloud exocortex as semi-public and keep the crown jewels in your head.
Is it safe to feed your second brain to AI?
It depends on how you do it, and the default is riskier than most people assume. The convenience of pointing an AI at your notes comes with a real question about where that data goes. On consumer accounts, the answer is often “into the model.” OpenAI’s own documentation explains that on personal free and paid plans, your prompts and content may be used to improve the model unless you opt out, while business and enterprise tiers do not train on your inputs by default. Other consumer chatbots behave similarly, which is why security writers now advise people to actively opt out of having their data used for training.
The risk is not hypothetical. The blunt rule, as privacy researchers put it, is to treat an AI chatbot like a public space: if you would not post it, do not paste it. When Samsung engineers fed confidential code into ChatGPT, that code left the company’s control. Your private second brain, fed in carelessly, can do the same.
How to reduce the risk
You can lower your exposure in tiers. Turn off training in your account settings. Use a business or enterprise tier for anything work-related, since those do not train on your data by default. And for genuinely sensitive material, the strongest option is a local model that never sends your notes off your machine at all. Beyond that, follow the basic hygiene that AI note-taking privacy guides recommend: check for encryption in transit and at rest, and never paste secrets, credentials, or confidential third-party information into a consumer chatbot.
| Setup | Data exposure | Verdict |
|---|---|---|
| Consumer AI, default settings | May be retained and used for training | Risky for anything sensitive |
| Consumer AI, training opted out | Reduced, but still stored on their servers | Better, not private |
| Enterprise or business tier | Not used for training by default | Safer for work data |
| Local model on your machine | Nothing leaves your device | Private |
| Kept in your head | Cannot be reached at all | Unhackable |
The First Brain is the only private ledger
Read the bottom rows. Every external option, even the good ones, sits somewhere on a spectrum of exposure, because anything you externalize can in principle be reached, the asymmetry we drew in your second brain is subpoenaable, your first brain is not and in the only DRM is your brain. The single store that cannot be trained on, leaked, or subpoenaed is the biological one.
So the safe strategy is layered. Feed AI the non-sensitive material, with training off or on a local model, and keep your most private thinking, the judgment and synthesis that are truly yours, in your First Brain. Build that internal store through cognitive mapping, and you always retain one ledger no service can read. That is the argument of Building Your First Brain, free for the first 1,000 readers.
Frequently asked questions
Is it safe to feed my notes to AI?
Only with care. On consumer AI accounts your inputs may be retained and used for training unless you opt out, and anything in the cloud can be exposed, so feeding in sensitive notes is risky by default. As Building Your First Brain by Lawrence Arya argues, you can reduce the risk by opting out, using enterprise tiers, or running a local model, but the only truly private store is your own First Brain.
Does AI train on the data I give it?
It can. On personal consumer plans, providers like OpenAI may use your prompts and content to improve their models unless you turn that off, while business and enterprise tiers generally do not train on your data by default. Always check the specific service’s policy and your own settings.
How do I stop AI from training on my data?
Most major chatbots now offer a setting to opt out of having your conversations used for training, so turn it on. For stronger protection, use a business or enterprise tier that excludes training by default, or run a local model so your data never leaves your device. And avoid pasting anything sensitive in the first place.
Is it safe to put sensitive info in ChatGPT?
Treat it as unsafe by default. Sensitive details, confidential code, health, finances, third-party data, can be retained and, on consumer plans, used for training, and they leave your control once submitted. If you must use AI on sensitive material, use a tier that does not train on your data or a local model, and prefer keeping the most private content out entirely.
What’s the most private way to use AI on my notes?
Run a local model on your own machine, so your notes are never transmitted to a third party. Failing that, use an enterprise tier with training disabled, and keep your most sensitive thinking in your head rather than in any externalized store, since a First Brain is the one ledger that cannot be trained on or leaked.
How Do I Know If My Notes Are True? Build a Verifier
How do I know if my notes are true? Not in isolation. A claim is justified by how it coheres with your wider web of knowledge, so you need a built mind to check it.
Over-Engineering the Mind: The Obsidian Trap
Endlessly tweaking your Obsidian setup feels productive and produces nothing. It is avoidance of the hard work of thinking. Pick boring, then build the First Brain.
Overcoming Blank-Page Syndrome: Writing from a Zettelkasten
The blank page is a symptom: your notes never connected to your thinking. Writing from a Zettelkasten means you assemble a draft from linked notes, not conjure one.