HomeBlog › Ethics

Can lawyers use ChatGPT for client documents? What the rules actually say

Ethics · 7 min read · Updated June 2026

It's one of the most common questions in legal practice right now: a deadline is looming, you have a pile of documents, and ChatGPT is one tab away. Can you just paste them in?

The short answer: you can use ChatGPT freely for general, non-confidential work. But entering an actual client's documents into a consumer AI tool can implicate your duty of confidentiality — unless you've changed the data settings, confirmed the terms, and, where required, obtained the client's informed consent. For confidential files, the cleanest answer is a tool that never sends them anywhere.

Why client documents are a different question

Using ChatGPT to explain a doctrine, rephrase a sentence, or outline an argument with no client information in it is no different from using any other research aid. The ethical question only arises when the input itself is confidential — a complaint naming your client, a settlement letter, a medical record, a contract. At that point the relevant duty is confidentiality (ABA Model Rule 1.6 and its state equivalents), which covers all information relating to the representation, not just privileged material.

The core concern is simple: when you paste a confidential document into a web tool, it leaves your control and travels to a third party's servers. Whether that's permissible depends entirely on what happens to it there.

What the consumer version of ChatGPT does with your input

According to OpenAI's own terms, the standard consumer version of ChatGPT may retain your conversations and, depending on your account settings, may use them to improve its models. There are controls — you can turn off model training in your data settings, and "temporary chats" aren't used for training — but these are opt-outs you have to set, not defaults you can assume. Business-grade tiers are different: OpenAI states that ChatGPT Enterprise, Team, and the API do not use business data to train models by default. The takeaway isn't "ChatGPT is unsafe" — it's that which ChatGPT you use, and how it's configured, changes the answer completely.

Two cautions. First, terms of service change; what's true today should be re-verified, not memorized. Second, even a no-training setting doesn't necessarily mean zero retention or zero human access — those are separate questions you have to check independently.

Three things to check before you paste anything confidential

  1. Is the data used to train the model? You want a clear "no." On consumer ChatGPT, confirm your training setting is off; on business tiers, confirm it in the terms.
  2. How long is it retained, and who can access it? Look for short or zero retention and a limited-access policy. Vague answers are a red flag for confidential material.
  3. Do I need client consent? A growing number of ethics authorities expect lawyers to consider client consent before putting confidential information into a third-party AI tool — especially the general-purpose, consumer kind. When in doubt, ask the client or keep the document out.

If you can't answer all three with confidence, the document shouldn't go in. That's not a knock on AI — it's the same diligence you'd apply to any vendor that touches client files.

A safer pattern for confidential work

Many solo and small-firm attorneys are landing on a practical split: use cloud AI like ChatGPT for the open-ended, non-confidential tasks where it shines — research framing, brainstorming, plain-language drafting — and use a tool that runs on your own computer for anything involving actual client documents. When the document is processed locally and uploaded nowhere, questions one and two above answer themselves, and consent stops being a moving target.

That's the design philosophy behind ClerkSafe. The confidential, document-heavy first pass on a matter — organizing files, summarizing each document, building a chronology, and pulling out deadlines — happens entirely on your machine. Nothing is uploaded, so there's no vendor server to vet and no terms of service to monitor.

ClerkSafe keeps it all on your computer.

Organize, summarize, and docket a new matter in minutes — with nothing uploaded. First 3 matters free, then a one-time $289.

Get early access →

Frequently asked questions

Can lawyers use ChatGPT at all?

Yes. Lawyers can use ChatGPT for general, non-confidential tasks such as brainstorming, plain-language explanations, and drafting that contains no client information. The caution applies specifically to entering confidential client data, which can implicate the duty of confidentiality unless the tool is configured appropriately and, where required, the client has given informed consent.

Is ChatGPT confidential enough for client files?

The consumer version generally is not designed for confidential client files. By default, conversations may be retained and, depending on your settings, used to improve the models. Business tiers such as ChatGPT Enterprise, Team, and the API state that inputs are not used for training by default — but verify the current terms and your account settings before relying on them.

Does ChatGPT Enterprise or Team fix the confidentiality problem?

It helps. OpenAI states that business data on Enterprise, Team, and the API is not used to train its models by default. That addresses the training concern, but you should still confirm retention periods, access controls, and whether your jurisdiction expects client consent before using any third-party AI on confidential documents.

What is the safest way to use AI on confidential documents?

The simplest safe option is a tool that processes documents on your own computer and uploads nothing, so the data never reaches a third-party server. On-device tools remove the confidentiality analysis for document work because there is no vendor holding the file.

Related reading