Millions of people are using AI chatbots and typing their most personal thoughts every day. A student reaches out to ChatGPT to get assistance with a family issue. A confidential organisational document is pasted by a professional to obtain a quick summary. A description of someone’s health symptom or a personal relationship issue that the person has never shared with another person.
These conversations are intimate, as if you wrote them in a diary or whispered them to a trusted friend. They are not. Are AI companies taking your data? No, it’s not technically true: the terms of service are a document that no one reads, and you agreed to let them use it when you accepted them. While the legal and ethical are two worlds apart, there is a space between them where the problem resides.
The study conducted by Stanford University noted that all six of the major AI companies: OpenAI (ChatGPT), Google (Gemini), Anthropic (Claude), Meta AI, Microsoft (Copilot) and Amazon (Nova) have default settings that enable them to use everyone’s conversations to train their AI. If you do not know how to turn it off, your conversations are feeding the machine. It is your responsibility to protect yourself, not the company’s.
What do the chats contain? More personal than most people would think. People share about their mental well-being, medical situation, relationships, finances, and legal concerns. Professionals regularly paste sensitive business documents, client deals, and in-house reports to get a quick summary, which are then stored on foreign company servers for an indefinite period.
This risk is actual, not hypothetical.
In February 2026, a data leak occurred from the AI chat application called Chat & Ask AI, which exposed more than 300 million messages from 25 million users. The reason behind it was a simple Firebase configuration error. Private chats, file uploads, and confidential and sensitive documents suddenly became exposed to strangers who could misuse them. Information that was meant to be safe and personal was left wide open and exposed.
One of the most disturbing recent examples was not from an AI company; it was from a tool in millions of browsers. Security experts have found that the Urban VPN Proxy extension for the browser was a free tool that, in 2025, started to secretly record the conversations of AI chatbots on users’ computers and sell them to data brokers. Personal relationships, mental health and legal matters had subtly become commodities to be discussed.
It is a risk that most people do not think about, i.e., browser extensions, particularly free ones, are mostly given access to all of the data on all websites you visit, including information from the AI conversations. A grammar checker, free VPN, and productivity tool which are installed months ago can all see everything you type into the chatbot. The extension is invisible, but it is reading and stealing all your information and data.
Nepal is not excused from these risks. Students, government officials, journalists and professionals in Nepal are actively using AI tools and uploading their information to servers in the US and around the world, where users are subject to foreign laws which have no duty to protect Nepali citizens.
A positive move was the National AI Policy 2082, passed in August, 2025 in Nepal. It created a blueprint for an AI Regulation Council, recognised the significance of data privacy, and outlined guidelines for responsible AI practices. In principle, Nepal’s Privacy Act 2075 also prohibits the use of personal data without consent.
However, the AI Act, which would put these commitments into effect, has not yet been adopted by Parliament. The Privacy Act 2075 was written before large language models (LLM) were exposed to the world and does not address the issues related to AI training data, indefinite data retention or the obligations of foreign companies operating digital services within Nepal.
To really ensure the safety of its citizens’ data, the government needs to take several steps. First, the AI Regulation Council, as written in the national policy, should be formed immediately and not only with political nominees, but with independent technical and privacy experts.
Second, the upcoming Artificial Intelligence Act should mandate affirmative consent: companies should not be allowed to use any conversation without explicit consent, as the opt-out is not being widely used. Thirdly, a law must be enacted to ensure that users of the system are informed of the breach within 24-72 hours if their information is made public. Fourthly, the Privacy Act 2075 should be updated to the AI era with specific responsibilities for foreign companies providing services in Nepal.
Regulation takes time. Meanwhile, there are steps that individuals can take to be meaningful.
Treat each AI chatbot like a public forum rather than a private diary. Never use words that you would not be okay with being printed in a newspaper with your own name mixed with sensitive information, medical details, work documents (confidential ones) or personal information about other people (disclosures). Take advantage of opt-out and privacy options. Users can opt out of OpenAI’s training on their conversations via the privacy portal.
ChatGPT’s Temporary Chat does not store conversations or utilise them for training. Other platforms will allow you to do the same, but you have to go out of your way to do it. Check browser extensions. Get rid of what is not needed and trusted at the moment. Avoid free VPNs, which have been around for a while and often sell your data. If you are handling sensitive or confidential data, utilise enterprise AI tools that have a clause that they will not train on your information. The free consumer versions of popular chatbots are not designed for that level of confidentiality.
The AI chatbot is indeed helpful, as it helps make information more accessible and assists people across countless tasks. But these are not diaries, and they are not secret. Each of these conversations is a transaction – you get assistance, and the company gets information. That data is recorded and may be used in training and could be exposed in the future if breached. Being aware of this is the first step towards responsible use of AI.
Last year, Nepal adopted its AI policy. The other, more difficult step is to create the institutions, enact the laws, and ensure that the companies perform. As Stanford’s lead researcher, Jennifer King said that users should be concerned about privacy when sharing sensitive information with AI systems.
Until the rules catch up, the safest approach is simple: do not tell an AI anything you would not want the world to know.
