If you are tired and rushed, just remember the two lists below. The rest of this site is the long version. This page is the short one. Bookmark it. Come back to it when something tempts you to paste a thing into AI that you will later wish you had not, or when something tempts you to act on AI advice that you will later wish you had checked.

Never paste these into any AI tool

The chatbot company has the full text of whatever you type, in clear readable form, the moment you press Send. Treat the input box like a chat with a stranger. The list below is the floor.

Passwords. The whole point of a password is that nobody else has it. The moment you paste one into a chatbot, somebody else has it.

Two-factor codes. The six-digit numbers from your authenticator app or a text message. They are short-lived but they are also keys to your accounts. No legitimate AI use needs them.

API keys and security PINs. Same logic as passwords. An API key is a password that lets one piece of software talk to another. If it leaks, the connected service is compromised.

Bank account numbers, BSB and SWIFT codes. Account identifiers are everything a scammer needs to start probing. Tell the AI "my main transaction account" instead of pasting the digits.

Credit card numbers and CVVs. The CVV especially. Card number plus CVV plus a name is most of a working transaction.

Tax File Numbers. The single most identifying number you have in Australia. The ATO is explicit that you should treat your TFN like a password. So treat it like one in AI tools too.

Medicare numbers (the Australian Medicare card number). Used widely by Australian health and government services to identify you. Increasingly used by scammers to impersonate you to those services.

Passport numbers and driver's licence numbers. Identity-document numbers are the foundation of identity fraud. If you must analyse a document that contains them, redact the numbers first or describe the situation in general terms.

Full bank statements. A bank statement is a map of your life. Where you shop, where you live, who you pay rent to, what subscriptions you have, what your salary is. If you want to budget with AI, type the category totals in. Do not paste the raw statement. The Home Admin page shows how.

Raw payslips. Same logic. A payslip has your full name, employer, salary, super fund, sometimes your TFN, and sometimes your bank details, all on one document. Type the numbers you want analysed instead.

NDIS plan numbers. The plan number is tied to a sensitive medical and disability profile. The text of a plan can sometimes be analysed in anonymised form. The plan number itself should not.

Mental health diagnoses tied to your name. AI conversations are not therapist-confidential and they are not lawyer-client privileged. They are emails. Anything you would not want a future employer or insurer to read should not go in by name. Anonymise first ("a 50-year-old man with mild depression") and you keep the usefulness without the exposure.

One general rule covers most of the list: if it has "do not share" written on it anywhere, or if it would let somebody pretend to be you, it does not belong in an AI tool. The longer story, with per-tool detail, is on the Privacy and Security page.

Never rely on AI alone for these decisions

AI is fast and it is wrong often enough that the cost of being wrong is what should drive your decision. Where the cost is high, AI is for preparation, not for the answer. Where the cost is high, you talk to a qualified person. The point of AI in those cases is to walk in better-prepared, with better questions and a clearer head, not to skip the conversation.

Medical decisions of any consequence. Symptoms, dosing, drug interactions, whether to start or stop a medication, what a scan result means, whether something is urgent. Talk to your GP or pharmacist. AI is fine for understanding the words on a discharge summary or preparing the questions you take into the appointment. AI is not fine for deciding what to do.

Legal decisions on actual matters. Tenancy disputes, family law, employment grievances, contracts you are about to sign, anything that names a real other party. Talk to a solicitor, or to your state's Legal Aid commission, or to the Australian Fair Work Ombudsman for workplace issues. AI is fine for translating a clause into plain English so you understand what you are walking into. It is not fine for deciding how to act.

Significant financial commitments. Home loans, refinancing, super switches, life insurance, income protection, large investment moves. Talk to an Australian licensed financial adviser or a mortgage broker, and check the numbers on the Australian government's Moneysmart.gov.au. AI is fine for laying out the trade-offs in plain English. It is not licensed to give you financial advice, and it does not know your full picture.

Tax filings. Anything beyond the simplest PAYG return where you might be claiming deductions, dealing with capital gains, sole-trader income, rental properties, or trusts. Talk to an Australian registered tax agent, or use the Australian Taxation Office's myTax with the ATO's own help text. AI is fine for understanding what a tax concept means. It is not fine for deciding what goes in the box.

Anything where a wrong answer could hurt you or someone else. A medication for a child, a structural decision on your house, a workplace incident report that will end up in front of a regulator, a piece of advice you are about to give a vulnerable family member. The pattern is the same: prepare with AI, decide with a qualified person.

The general rule: AI is fine for preparing the questions you take into the conversation. It is not fine for replacing the conversation. The qualified person is qualified for a reason. They carry professional indemnity insurance. The chatbot does not.

Where to go next

The longer privacy story, including how the major chatbots actually handle your data, is on the Privacy and Security page. The everyday verification habits that go with these hard rules are on the Important Reminders page. And if you want a recipe for actually checking what AI tells you, that lives on How to Check What AI Tells You.

This page is short on purpose. Re-read it after a month of using AI. The rules will still be the same.