Skip to content
Agentic Levels

Everything starts here.

GuestLocal progress only
PreferencesSign in
01Start with one taskBest first move for beginners.02Check your LevelMeasure where you are.03Score an AI resultFind the habit to practice first.04Return to Your WorkScores, links, and checkpoints.
Start here

Begin

HomeThe main entry point.New to AIStart with one useful task.
Know where you are

Measure

Check your LevelUse this after you have tried AI.Fluency ScoreScore an AI result you can review.
Build the habit

Learn

LevelsLessonsTracks
Find the reference

Library

PromptsReferenceResourcesCompare Tools
Turn it into work

Apply

Your Next MoveChoose what AI should change next.Tool SetupGet the tools ready.
Come back later

Return

Your WorkScores, links, and checkpoints.My PathContinue from your level.Updates
Site

Site

PricingAboutFAQ & FeedbackPreferences

© 2026 Fuentes Studio

Privacy·Terms
yourCouncil
Ready to help
✦

What do you want to understand?

Ask anything about what you're learning.

Tracks›AI, Law and Compliance
L0Lesson 2Free

Privilege and confidentiality 101: what breaks them when you use AI

You can use AI on real matters without risking privilege. Two quick checks before every paste are the whole habit.

After this, you'll be able to explain attorney-client privilege and the duty of confidentiality in plain words, name the three things about AI tools that can break them, and run a two-part safety check before you paste anything.

Before you start

Complete What AI genuinely does for legal work first; that lesson sets the verify-before-you-trust habit, and this one adds the rule that protects your client before you even hit send.

The idea

You can use AI on real client matters without ever putting privilege at risk. The whole habit is two quick checks before you paste, and this lesson makes them automatic. If your instinct is "my client's data is too sensitive to ever touch one of these tools," that instinct is half right: the wrong tool genuinely can cost a client their privilege, which is exactly why this sounds scary. The fix is not to avoid AI. It is to know which tool is safe and what to strip out, so you get the speed without the exposure.

Start with why the risk is real, because the two checks only make sense once you see what they protect.

Two protections are in play. Attorney-client privilege is the rule that confidential communications between a lawyer and their client, made to get or give legal advice, cannot be forced out of you in court. The separate duty of confidentiality is your broader ethical obligation to keep everything about a client's matter private, not just courtroom-protected communications.

Both rest on the same fragile thing: the information staying private. Work product (your private legal analysis, notes, and strategy prepared for a matter) gets similar protection, and it rests on the same foundation. Hand the information to an uninvolved outsider carelessly, and you can waive the protection, meaning you lose it.

Here is what actually breaks them when you use AI. Three things, and they are all about where your words go after you hit send.

First, third-party disclosure: a consumer AI tool is an outside company. Typing privileged facts into it can count as sharing them with a stranger, which is the classic way privilege is waived. In United States v. Heppner, a court found, among other grounds, that because the tool's privacy policy allowed data retention and disclosure to third parties, putting the information in was a disclosure to an outsider that waived confidentiality, so the chats were not privileged.

Second, training on your data: many free public tools reuse what you type to improve the model. Your client's contract terms could resurface, in pieces, in someone else's answer. Third, retention: even tools that do not train on your input may store it on their servers, where it can be subpoenaed or breached.

Three ways the wrong tool breaks privilegeOne careless paste can waive privilege three different ways. All three end in the same place: your client's protection gone.
  1. 1You paste client factsPrivileged details typed into a consumer chatbot to save time.
  2. 2Shared with an outsiderA consumer tool is an outside company. Telling it can be like telling a stranger, the classic way privilege is waived.
  3. 3It learns from your wordsMany free tools reuse what you type. Your client's terms could resurface in someone else's answer.
  4. 4It keeps a copyEven tools that do not train may store your input on their servers, where it can be subpoenaed or breached.
  5. 5Protection goneAny one of these can waive privilege or expose the matter. You do not get it back.
You paste client factsPrivileged details typed into a consumer chatbot to save time.
Shared with an outsiderA consumer tool is an outside company. Telling it can be like telling a stranger, the classic way privilege is waived.
It learns from your wordsMany free tools reuse what you type. Your client's terms could resurface in someone else's answer.
It keeps a copyEven tools that do not train may store your input on their servers, where it can be subpoenaed or breached.
Protection goneAny one of these can waive privilege or expose the matter. You do not get it back.

Now run the safe-use rules. De-identify first: de-identify means strip out anything that could point to the client (names, addresses, case numbers, account numbers, distinctive facts) so the text cannot be traced back. For anything that has to stay client-identifiable, ABA Formal Opinion 512 requires the client's informed consent before you put it into a self-learning AI tool (one that can reuse your input in a later answer), and that consent has to come from a real explanation of the risk, not a boilerplate line buried in an engagement letter. On tools, keep it simple: treat any consumer tool as unsafe for client data, full stop, because you cannot reliably adjudicate its ambiguous terms; the safe choice is a firm-approved enterprise tool with zero data retention (the vendor deletes your input right after answering and never trains on it) under a signed data processing agreement, and always check your firm's AI policy for which tools are allowed.

Treat any consumer tool as unsafe for client data. The safe choice is a firm-approved tool with written zero data retention.
Consumer toolApproved enterprise tool
Your inputMay be stored on their serversDeleted right after answering
Trains on itOften yes, on free tiersNo, never
The termsAmbiguous, you cannot reliably adjudicate themWritten zero data retention under a signed agreement
Safe for client dataNo, treat it as unsafe, full stopYes, if your firm has approved it

Always check your firm's AI policy. A safe tool fed identifying data still exposes the client, so de-identify too.

The point is not to fear AI. It is to know that a single careless paste can cost a client their privilege, and that two quick checks prevent it. Before you paste anything: confirm your tool's data terms, and confirm nothing client-identifying is going in.

The two-check gate before you pasteTwo quick checks stand between a time-saving paste and a waived privilege. Both must pass, every time.
  1. 1You want to pasteThe tempting one-click shortcut. Stop here for two quick checks first.
  2. 2Is the tool safe?Approved by your firm, or written zero data retention. If not, do not paste client data.no→Do not pasteyes→Anything identifying?
  3. 3Anything identifying?Names, case or account numbers, distinctive facts. Strip them all out first.yes→Do not pasteno→Paste de-identified text
  4. 4Do not pasteIf either check fails, the shortcut is not worth a waived privilege.
  5. 5Paste de-identified textBoth checks passed, so the client cannot be traced from what you sent.
  6. 6A human reviewsWhatever comes back, a qualified person verifies it before it is used.
noyesyesno
You want to pasteThe tempting one-click shortcut. Stop here for two quick checks first.
1Is the tool safe?Approved by your firm, or written zero data retention. If not, do not paste client data.
2Anything identifying?Names, case or account numbers, distinctive facts. Strip them all out first.
Do not pasteIf either check fails, the shortcut is not worth a waived privilege.
Paste de-identified textBoth checks passed, so the client cannot be traced from what you sent.
A human reviewsWhatever comes back, a qualified person verifies it before it is used.

Try it (17 min)

Watch out for

  • Treating a consumer AI chatbot like a private notepad. It is an outside company; typing privileged facts into it can be the same as telling a stranger, which is how privilege is waived
  • Assuming 'I deleted the chat' means the data is gone. Deletion on your screen is not deletion on the vendor's servers; only a written zero-data-retention term gives you that
  • De-identifying names but leaving a fingerprint. A unique deal size, an unusual date, or a one-of-a-kind fact can identify a client as surely as a name; strip those too
  • Skipping the firm policy because the tool 'seems fine.' Many firms ban free consumer tools for any client work; the absence of a personal objection is not the same as permission
  • Confirming the tool but forgetting the input check, or the reverse. Both halves are required: a safe tool with identifying data still exposes the client, and a de-identified paste into an unsafe tool still leaks whatever you sent

Paste this into Claude

This exercise is a check you run on yourself and your tool, not a prompt you paste client data into. Do NOT paste any real client information during this drill.

Step 1, check the tool. Open the AI tool you are most likely to reach for. Find its terms of service or privacy/data settings and answer these in writing:
- Does it say it uses your inputs to train its model? (Yes / No / Cannot tell)
- Does it retain your inputs, and for how long? (Look for "zero data retention" or "we delete after processing.")
- Is this tool on your firm's approved-tool list, or have you never checked? (Approved / Not approved / No policy I know of)

Step 2, practice de-identifying. Take a short, made-up matter summary (invent one, no real client) such as: "Acme Corp is suing our client Jane Smith over a $2M unpaid invoice dated March 3." Rewrite it with every identifier removed: "A company is suing an individual over an unpaid invoice in the low seven figures."

Step 3, paste only the de-identified version and ask a general legal question about it (for example, "What defenses are commonly raised against this kind of claim?"). Notice that you got a useful answer without revealing who the client is.

Created by potrace 1.16, written by Peter Selinger 2001-2019 What good looks like

  • You can state, in writing, whether your tool trains on inputs and whether it retains them
  • You know whether the tool is on your firm's approved list, or that you need to ask
  • You produced a de-identified version of a matter summary with every name, number, and distinctive fact removed
  • You confirmed a general legal answer is still useful without any client-identifying detail
  • Across the whole exercise, no real client information was entered into any AI tool

Created by potrace 1.16, written by Peter Selinger 2001-2019 Go deeper (8 min)

Paste this into Claude

Write your personal "paste gate," a two-line rule you read before entering anything into an AI tool at work. Fill in the blanks for your own situation:

"Before I paste, I confirm:
1. This tool is [approved by my firm / has zero data retention in writing / neither, so I will not paste client data].
2. Nothing in what I am pasting can identify the client: no names, no case numbers, no account numbers, no distinctive facts. If I cannot remove an identifier and still get a useful answer, I do not paste."

Then sanity-check it: ask your AI tool, "Read these two rules and tell me one realistic situation where a busy lawyer might break rule 2 without noticing." Use its answer to tighten your own habit.

Created by potrace 1.16, written by Peter Selinger 2001-2019 What good looks like

  • You wrote a two-line gate naming your actual approved tool or stating you will not paste client data
  • Rule 2 lists the specific identifiers you must strip before pasting
  • You identified at least one realistic way a busy lawyer could slip and break the gate
  • The gate is short enough that you would actually read it before pasting

When this breaks

  • "De-identifying is enough, so the tool does not matter" breaks because a tool that retains or trains on data can still expose the matter, and re-identification is sometimes possible; de-identifying and using a safe tool work together, not instead of each other
  • "My firm has not banned it, so I am allowed" breaks because confidentiality is your personal ethical duty regardless of firm silence; no policy means ask before you paste, not paste because no one said no

Created by potrace 1.16, written by Peter Selinger 2001-2019 You can now

✓

Before entering anything into an AI tool, confirm two things out loud: the tool's data terms (approved or written zero data retention) and that nothing client-identifying is in what you are about to paste. If you can confirm only one of the two, that is the signal to stop: a safe tool fed identifying data still risks the client, and a de-identified paste into an unvetted tool still ships your words to an outside server, so both checks must pass before you paste, and a qualified human still reviews whatever comes back.

Key takeaways

Attorney-client privilege and the duty of confidentiality both depend on client information staying private. Pasting it into the wrong AI tool can waive that protection through disclosure, training, or retention. De-identify, use an approved zero-retention tool, and check your firm's policy before you paste. With that protection locked in, the next lesson stands up your first real AI assistant end to end, so your first genuine win never costs a client.

  1. 1Attorney-client privilege protects confidential lawyer-client communications from being forced out in court; the duty of confidentiality is your broader ethical duty to keep all client matters private
  2. 2Three things break them with AI: third-party disclosure (a consumer tool is an outsider), training on your inputs, and retention on the vendor's servers
  3. 3A real court (United States v. Heppner) held that a tool's data-retention-and-disclosure policy meant putting information in disclosed it to a third party and waived confidentiality, so the chats were not privileged
  4. 4Safe-use rules: de-identify (strip every name, number, and distinctive fact), prefer approved enterprise tools with written zero data retention, and check your firm's AI policy
  5. 5Run two checks before every paste: confirm the tool's data terms, and confirm nothing client-identifying is going in; a qualified human still reviews whatever the tool returns

Was this helpful?

Up nextYour first real legal AI win, set up safely→
← Back to AI, Law and Compliance