Custody — when to move to AI you control
Working with Claude — CC BY 4.0
Most of this course is about getting good work out of Claude: making it show you how solid each claim is, keeping the judgment with you. This lesson is about the other side of the same coin — where that work goes once you’ve typed it in, and who can reach it after you close the tab.
Custody is the plain word for it. When you paste a document into any online AI tool, you’re handing a copy to someone else’s computers. That’s rarely a simple good-or-bad question. What matters is whether you’ve asked the three prior questions before you do it — and whether, for a given piece of work, the answers say “public tool is fine” or “this needs AI I control.”
The three prior questions
Ask these before the work goes in, not after.
1. Where does your data go? With the standard Claude apps and website, your conversations are, at the time of writing, processed on servers in the United States by default. Commercial and enterprise routes can pin processing and storage to other regions — the direct API offers geographic controls, and Claude via AWS Bedrock or Google Vertex can be configured to keep data in EU, Asia-Pacific or other regions — but that’s a deliberate configuration, not the out-of-the-box behaviour, and the specifics shift, so confirm the current setup for your account. The point of the question: know the answer before it matters, not during an incident.
2. Whose law governs it? Wherever the data physically sits, and whichever company holds it, that jurisdiction’s law can reach it — court orders, lawful-access requests, the provider’s own terms. Data stored offshore is still within legal reach — just under a different set of laws than the ones you’d expect at home. For anything touching client confidentiality, health information, or obligations under New Zealand law, that’s a question to raise with your own adviser, not to guess at. (This lesson is general education, not legal advice — for your specific obligations, get proper counsel.)
3. What should never go in — to any public tool? A short, boring list is worth more than a long policy. For most people it’s: other people’s personal or health information you were trusted with; passwords, keys and financial credentials; anything under a confidentiality or non-disclosure agreement; unpublished commercially sensitive material; and — a live matter here — information with obligations attached under te Tiriti and Māori data sovereignty, which deserves its own care rather than a default upload. Write your list down. “I’ll remember” is how the wrong thing ends up pasted at 5pm on a Friday.
What the current terms actually say
Grounding this rather than hand-waving, because it changes the maths:
- On the consumer tiers (free and Pro), Anthropic’s terms let your conversations be used to help train future models if you allow it — and that permission carries a long retention window for the material used. If you decline, a shorter retention applies and your chats aren’t used for training. Conversations flagged for safety review are an exception — they can be looked at regardless of that preference. Settings and exact windows change, so check your current account settings and the live terms rather than trusting this paragraph’s numbers.
- On the commercial and enterprise routes (Claude for Work, the API, Bedrock and similar), the default is different: inputs and outputs aren’t used to train models. Eligible customers can also arrange zero-data-retention, where content isn’t kept after the response — subject to approval, and with some safety records still retained.
The lesson from that isn’t “consumer bad, enterprise good.” It’s that the tier you’re on decides the rules, and most people never checked which tier they’re on.
When a business should move to AI it controls
You don’t need to leave public tools for everything. You do need a threshold. Move toward AI you control when:
- you’re routinely handling other people’s confidential or personal information as a core part of the work — a clinic, a law practice, an accountant, an iwi organisation holding community data;
- a regulator, funder or contract requires you to say where data is processed and under whose law, and “a US server, probably” won’t pass;
- the material is valuable enough that a copy sitting on someone else’s system is a real commercial risk, not a theoretical one; or
- you simply want the answer to “who can reach this?” to be you, and no one else.
If none of those bite, a public tool used with a written keep-out list is a reasonable place to be. Match the custody to the stakes.
Think of the most sensitive thing you’ve ever put into an AI tool. Under whose laws does it now sit — and if you had to explain that choice to the person it belonged to, could you?
What would “AI you control” need to change for that conversation to be an easy one?
The bridge — and its cost
“AI you control” mostly means running an open-weight model on infrastructure whose location and access you decide — your own hardware, or hosting inside a jurisdiction and organisation you trust. Community and self-hosted options exist, and this course sits alongside people doing exactly that.
The trade-off is real. The open models you can self-host are, today, generally less capable than the flagship you’ve been learning to direct — weaker at long, subtle reasoning, and more work to run and keep patched. You’re trading some capability, and taking on some maintenance, in exchange for custody. For a lot of everyday work that trade is worth it; for the hardest reasoning tasks you may still reach for the flagship, with a strict keep-out list. Knowing which work belongs where is the skill. There’s no upsell here — just the recommendation to size the tool to the stakes, and to keep the choice yours.
That’s custody: not a product you buy, but a habit of asking where the work goes before you send it, and keeping the authority to decide with the person who owns the work. And it runs deeper than data. Let the machine do the calculating and the synthesising; keep for yourself the decisions about what’s worth doing and where it all ends up. That last authority is the one worth guarding most — it’s the reason the rest of it matters.
Dedicated to my big sister Judy, who gave me the idea to write a course to help people learn how to use AI thoughtfully.
Shared freely, in good faith. If it's been of value, a koha toward development and running costs is warmly welcomed.
Leave a koha →