Our framework
Whether something is safe to put into an AI tool turns on two things: what kind of information it is, and which plan of the tool you are on. The same material can be fine on one and a problem on the other. Every tool profile sets those two against each other in a grid; this page explains both, and what the colours mean.
Behind the grid we are building a library of validated primary sources — the providers’ own terms, the legislation, and the court and regulator guidance — each one captured, dated and kept current, so every position can be checked rather than taken on trust. We report what those sources say. We do not give legal advice, and nothing here is advice on your own situation: whether a particular use is right for your matter is your judgment, on your facts.
What we mean by “safe”
Whether you can put this information into this tool — on this plan — without breaching a legal duty or a rule. The questions that decide it:
- Would it breach a duty of confidence you owe — to a customer or client, or to another party to whom the information belongs or who gave it to you in confidence?
- Would it disclose legally privileged material?
- Is use restricted under the Privacy Act — for example because it is someone’s personal information, or because using the tool sends that information overseas?
- Is it caught by a court order or undertaking — a suppression or confidentiality order, or an undertaking to the other side?
Working out which kind you have is a precautionary judgment, not a final ruling: the question is whether your information could be confidential, privileged, personal or otherwise protected. And if it could be described in those terms, the safe course is to treat it as if it is. We do not adjudicate your privilege or your duties; we help you find the cautious starting point.
“Safe” means you are unlikely to be breaching any legal duty if you share data with an AI platform. It is not a promise that what the tool gives back is accurate or wise. These tools can be both fluent and confidently wrong, and checking the output is always your job.
Not sure which kind you have?
Answer a few plain questions and we will point you to one of the eight kinds of information below, then on to what is safe to do with it.
Question 1 of 7
Could it be covered by a court order or an undertaking — a suppression or confidentiality order, sealed material, or a promise about how it may be used?
Not certain? If it could be, answer Yes — you are not ruling it in, only staying on the safe side.
The eight kinds of information
From freely public material to information you are bound or ordered to protect. The further down this list, the more the answer turns on getting the details right. Categories can overlap: a child’s medical record is personal, sensitive and children’s information at once, and a privileged document is also confidential. Where they overlap, work to the most protective category that applies; and a court order or undertaking (category 8) binds on top of everything, subject of course to the specific terms of the order.
1. Public information
Material already published to the world and under no restriction: reported case law, statutes and regulations, regulator and government guidance, public company filings, and published writing. One caveat decides the edge cases — information being publicly available does not take it outside the Privacy Act. A public register full of named individuals is still personal information; treat bulk or re-identifiable personal data as category 5, not as category 1.
2. Internal non-confidential
Material that is neither public nor commercially confidential, and not about any identifiable person: blank templates and precedents, general know-how, and truly hypothetical scenarios.
3. Internal confidential (non-privileged)
Confidential information that is not legally privileged — whether it is your customer’s, client’s or a third party’s. It covers client identity and retainer terms, deal and business information, and anything imparted in confidence (by contract, by undertaking, or by the circumstances). If the material is also privileged, use category 4; if you are unsure whether it is confidential, treat it as if it is.
4. Legally privileged
Material attracting legal advice privilege or litigation privilege — a subset of confidential information, and the most protected. Privilege belongs to the client, not the lawyer. Whether putting it into a third-party tool affects privilege turns on confidentiality and waiver, addressed in each tool profile and in our guidance; it is not a foregone conclusion. Whether a given document is privileged at all is a question for a qualified lawyer — the safe course is precautionary: if it could be privileged, proceed as if it is.
5. Personal information (Privacy Act 2020)
Personal information means any data about an identifiable living individual. Explicit names are not required. Contextual details alone can identify a client, witness, or opposing party. Inputting this data into AI tools can trigger strict compliance rules. Under Section 11 of the Privacy Act 2020, sending personal data to an overseas cloud service provider solely for processing or safe custody on your behalf is not usually treated as a “disclosure”. You remain responsible for it. The moment an AI provider’s terms allow them to use your inputs for their own purposes (such as training their models), it becomes an official disclosure to an overseas agency, and can trigger information privacy principle 12.
6. Sensitive personal information
Personal information whose misuse carries a heightened risk of harm. New Zealand’s Privacy Act does not define a separate “sensitive” class as the GDPR does in Europe, but in practice this material warrants extra care, senior approval and a privacy impact assessment: health and mental-health information, biometric data (a Biometric Processing Privacy Code applies from 3 August 2026), financial details, criminal history, and information about ethnicity, religious belief, sexual orientation or immigration status. Health information in particular requires a significantly higher standard of protection than ordinary personal information.
7. Children’s information
Information about a child or young person. It is also personal information (category 5), and often sensitive (category 6), and it carries additional care because of children’s vulnerability and the weight given to their best interests. Treat it as needing the strongest justification, even where a rule does not strictly compel it.
8. Court-protected material
Material under an independent legal restriction that binds regardless of the tool or plan: name suppression and non-publication orders, confidentiality and sealing orders, statutory automatic suppression (for example in some Family, care-of-children and youth proceedings), and undertakings you have given to the other side. The restriction is the bar, not the technology — if any order or undertaking might apply, proceed with extreme caution.
The five plans
The same brand-name product can treat your information very differently depending on the plan you are on. Vendors rarely advertise the distinction; we make it explicit.
Consumer (free / paid)
Personal account, default settings. Inputs may train future models unless expressly opted out. Lowest data-handling posture.
Team
Small-business commercial plan under the Commercial Terms — no training on inputs, shared workspace and admin tools, but limited data-control options (no custom retention or audit). Note: a vendor’s consumer “Pro” plan is a consumer plan, not this one.
Enterprise / Workspace
Tenant-bound, DPA in place, training off by contract, audit logs, often regional processing. The strongest option for most commercial use.
API direct
Inputs governed by API terms, generally no training on inputs, no UI safeguards. For engineered workflows; not a substitute for product-level controls.
Self-hosted / local
Running an open-source or open-weight AI model entirely on your own local computer or within your organisation’s dedicated, private cloud infrastructure. Because your data never leaves this locked-down environment, it eliminates third-party data privacy and overseas disclosure risks.
How to read the matrix
On each tool profile, the eight kinds of information run down the side and the plans run across the top. Each square carries one of these indicators. The colour is our summary of what the provider’s terms and the applicable rules say, not our view of what is wise. Every square links to its sources, so you can check it yourself.
- GreenBased on current provider terms and standard New Zealand frameworks, using this information on this plan is unlikely to breach primary regulatory or privacy restrictions. However, users must still consider any case-specific confidentiality obligations. Sources linked.
- AmberUse is acceptable only if specific safeguards are active. This workflow demands explicit settings adjustments, precise redactions, or specific contractual coverage to remain within legal limits. Sources are linked below.
- RedUsing this information on this plan will breach primary New Zealand regulatory or privacy limits. Proceeding requires a fundamental structural change — such as upgrading to a secure enterprise tier, switching vendors, or utilising a local, self-hosted deployment. Sources linked.
- BlackAn independent restriction — court order, suppression order, statutory prohibition, undertaking — applies regardless of tool or plan.
- Not yet assessedWe have not yet established a sourced position for this cell. It carries no colour rather than a guess (Policy §5.3).
The matrix never says “yes” or “no” to your real situation. It tells you what the sources say; you decide whether that is good enough for the matter in front of you.