MarkDone
AI Privacy

What files should you never paste into ChatGPT or Claude?

Updated July 2026 ยท 7 min read

Pasting files into an AI tool can feel harmless. You are just trying to summarize a document, debug a config, or get help with a messy export.

The risky part is that files are rarely as clean as they look. A README can mention a private endpoint. A log can contain a bearer token. A spreadsheet can include customer email addresses. A config file can hold credentials you forgot were there.

Before you paste anything into ChatGPT, Claude, Gemini, a coding agent, or an internal AI tool, treat the file like something you are about to email outside your company. If that thought makes you hesitate, review it first.

The short rule

Never paste a file into an AI tool until you know what is inside it.

If the file contains secrets, private customer data, legal material, unreleased business information, or internal system details, redact it or leave it out.

That does not mean you can never use AI with real work. It means the context needs to be prepared intentionally instead of dumped raw.

1. Environment files and configs

Files like .env, .env.local, config.yml, settings.py, and deployment manifests are some of the riskiest files to paste raw.

They often contain:

If you need AI help with a config, replace real values with placeholders first.

DATABASE_URL=[REDACTED]
STRIPE_SECRET_KEY=[REDACTED]
INTERNAL_API_HOST=[REDACTED]

The model usually needs the structure, not the real secret value.

2. API keys, tokens, and private keys

Do not paste raw API credentials into an AI tool. This includes obvious secrets and less obvious authentication material:

A good rule: if the value proves identity, grants access, signs requests, decrypts data, or lets someone spend money, it should not be pasted.

3. Customer data and personal information

Spreadsheets, support exports, CRM dumps, invoices, and analytics CSVs often contain personal data even when the task sounds harmless.

Watch for:

If the model only needs patterns, remove direct identifiers. Replace names with roles, emails with placeholders, and exact account IDs with stable fake IDs.

4. Contracts, legal documents, and financial files

AI tools are useful for summarizing dense documents, but contracts and financial files deserve extra caution.

Be careful with:

For many use cases, you can paste only the clause or section you need help understanding. Keep names, amounts, dates, and parties out unless they are essential to the task.

5. Logs and error reports

Logs look technical, so people often treat them as safe. They are not always safe.

Application logs can contain:

Before pasting logs, search for terms like authorization, token, cookie, password, secret, apikey, email, and session.

6. Source code from private projects

Private source code is not automatically unsafe to use with AI, but it should be prepared. A whole repository can contain far more than the files relevant to your question.

Avoid blindly pasting:

For coding help, a smaller, labeled context pack is usually better than a giant raw paste. Include the files that explain the bug or feature and leave unrelated material out.

7. Raw exports from databases, analytics, and support tools

Exports are dangerous because they combine scale with low visibility. One CSV can contain thousands of rows of data you would never paste manually.

Before sharing an export with AI, ask:

For many analysis tasks, totals, categories, anonymized rows, or a small representative sample are enough.

A practical checklist before using AI

Use this quick review before you paste or upload files:

CheckWhat to do
SecretsRemove API keys, tokens, passwords, private keys, and database URLs.
PeopleRemove names, emails, phone numbers, addresses, and account identifiers unless truly needed.
BusinessRemove unreleased plans, pricing, contracts, payroll, forecasts, and negotiation details.
InfrastructureRedact internal hosts, private endpoints, request headers, and stack traces that reveal too much.
RelevanceExclude files, rows, columns, or sections that do not help answer the question.

How MarkDone helps

MarkDone's AI Context Builder is designed for this preparation step. It lets you drop PDFs, DOCX files, Markdown, JSON, YAML, CSV, and text files into your browser, then builds one structured context.md file.

It also helps you review the handoff before you paste it into an AI tool:

Prepare AI context before you paste Use MarkDone's AI Context Builder to scan, redact, and package files into one local context.md.
Open AI Context Builder

What is safe to paste?

Safe depends on your situation, but these are usually better candidates:

The strongest workflow is not "never use AI." It is "prepare the context first."

Final takeaway

AI tools are useful because they can reason over messy material. That does not mean you should give them messy material raw.

Review the files, remove secrets, redact personal data, cut irrelevant sections, and keep source boundaries clear. The result is safer for you and easier for the model to use.

For a broader look at file privacy, read what really happens when you upload a file. For a full context workflow, see how to build an LLM context pack from local files.