Meta fined €1.2 billion. Amazon hit for $812 million. Microsoft ordered to pay $20 million for retaining children’s data without parental consent. The headlines keep coming and the pattern is clear — regulators are no longer issuing warnings. They are issuing penalties.

For founders building AI-powered products and services, the privacy playbook has become essential reading. Most now follow the same five steps. But after building an EdTech platform for a UK university, I discovered these steps share one fundamental flaw — and fixing it changed everything.

The standard playbook

If you have spent any time researching AI and data protection, you have encountered these five steps in some form. They represent the consensus view on protecting client data when using AI tools.

Step 1: Classify your data

Before any data touches an AI system, know what you are working with. Public information, internal documents and sensitive client data require different handling. The founders who skip this step are the ones who end up in compliance nightmares later. A simple three-tier classification — public, internal and confidential — takes an afternoon to implement and prevents most accidental exposures. Start here before evaluating any AI tool.

Step 2: Choose AI tools with proper agreements

Free versions of ChatGPT and other consumer AI tools train on your inputs by default. Enterprise versions offer contractual guarantees that your data stays private. Look for SOC2 compliance, explicit no-training clauses and clear data retention policies. The contract matters as much as the capability. Building trust and transparency with customers starts with the vendors you choose to trust with their information.

Step 3: Redact and anonymize before sending

Mask personally identifiable information before it reaches any AI system. Names become placeholders. Account numbers get tokenized. Email addresses disappear. This can be automated at the API layer or handled through pre-processing scripts. The goal is simple: If data does leak, it should be meaningless to anyone who intercepts it.

Step 4: Isolate AI from production systems

Treat AI tools like a new employee on their first day — limited access, supervised interactions and no keys to the production database. Use read-only replicas. Create sandboxed environments. The AI gets what it needs to do its job and nothing more. One misconfigured API connection can expose your entire customer base.

Step 5: Build human guardrails

Technology alone cannot solve this. Written policies, approval processes for new AI tools and regular training for your team create the human layer that catches what automation misses. According to recent research, 27% of employees admit they would feel comfortable sharing sensitive work information with AI tools without checking company policy first. Your policies need to be clearer than their assumptions.

The blind spot

These five steps are necessary. Follow them. But they share one assumption that most founders never question — all of them accept that data will leave your environment at some point. Enterprise agreements protect data after it reaches a third party. Redaction scrubs data before it travels. Policies govern what gets sent. Every step manages what happens around the transmission of data, not whether transmission happens at all.

This matters because trust is still required somewhere in the chain. You trust your enterprise AI vendor’s security. You trust their employees. You trust their subprocessors and their jurisdiction’s legal protections. For most use cases, this calculated trust is acceptable. But for founders handling children’s data, health information, financial records or academic data, “acceptable” may not be enough.

Microsoft’s $20 million settlement proves that even trusted vendors make mistakes — and regulators hold the data controller responsible regardless. Understanding what’s at stake before a breach happens is the difference between preparation and damage control.

The 6th step most founders miss

When building an AI-powered learning platform for Artificial Intelligence University, we needed privacy guarantees that went beyond contracts and policies. Student data could not risk exposure — full stop. We evaluated every major AI provider and found none offered what we needed. So we built it ourselves.

The solution was client-side filtering — detecting and redacting sensitive data within the browser before anything transmits to any AI provider. The approach is detailed in our technical white paper published through AIU.

The principle is straightforward: If personally identifiable information never leaves the user’s device, no third party can misuse it, leak it or retain it improperly. Enterprise agreements become a backup layer rather than the primary protection. This is how we built CallGPT to handle privacy — processing at the source rather than trusting the destination.

The founders who solve privacy at the point of origin rather than the point of arrival build something competitors cannot easily replicate: genuine trust. As AI tools become standard infrastructure, the differentiator will not be whether you use them. It will be whether your clients ever had to wonder where their data went. The first five steps protect you from liability. The sixth protects something more valuable — your reputation.

Sign up for the Entrepreneur Daily newsletter to get the news and resources you need to know today to help you run your business better. Get it in your inbox.