You pressed send.
Then what?
Where the text goes, who can keep it, and what that means for privilege. Seven stages.
The question nobody asks.
Most professionals evaluate an AI tool by what comes back: is the answer good, is the drafting sound, did it save an hour? Almost nobody asks the other question — where did the input go?
For a lawyer, the second question is the one that matters. Pasting a privileged document into the wrong tool is a disclosure — whether or not anything useful comes back at all.
Three tools, three journeys.
Read the sentence that matters.
The single most consequential sentence in any AI tool’s terms is the one about what the provider may do with your content. Consumer tiers commonly reserve the right to retain inputs and use them for training. Enterprise agreements commonly exclude it. Same company, same model — different contract.
“We may use content you provide to develop and improve our services, including to train our models. Content may be retained for as long as necessary for these purposes.”
“Customer content is not used to train models and is retained for zero days following completion of processing, save as required by law.”
Where the servers are.
UK GDPR restricts transfers of personal data outside the UK and the EEA unless safeguards are in place. Client matters routinely contain special category data — health, disability, race, religion or belief, sexual orientation — where the bar is higher still.
A UK or EU endpoint keeps the processing inside the jurisdiction, with a contractual promise that it stays there. That single term removes most of the transfer analysis before it starts.
One clarification: “endpoint” means the servers that process your request — not where the company is headquartered. A US company can offer a UK endpoint; a UK company can process everything abroad. Ask about the servers.
Privilege is unforgiving.
An AI provider is a third party.
Legal professional privilege protects communications — but confidentiality is its foundation, and disclosure to a third party can put it at risk. Sending a privileged document to an AI provider is sending it to a third party. That is the starting point, not a technicality.
Whether privilege survives depends on the terms on which the material is shared. An enterprise agreement with confidentiality obligations, zero retention, and no-training terms is a defensible basis for saying confidence was preserved. A free consumer tool with a training licence is not.
Regulatory duties point the same way: BSB Core Duty 6 and the SRA’s confidentiality rules apply regardless of the technology. The obligation does not change because the recipient is a model rather than a person.
Five questions for any vendor.
Match the tool to the material.
Confidence, by contract.
Once the data question is settled, the interesting question returns: what can these tools actually do? Next: agents — AI that doesn’t just answer, but acts.
Next: What Is an AI Agent? →