The short answer is: not without precautions. Uploading your contract to a public AI tool like ChatGPT creates two distinct risks: it may breach the confidentiality clause in your contract, and it may raise UK GDPR concerns if the document contains personal data. Understanding both is essential before you share any legal document with a public AI tool.

Key Takeaways

• Most employment and service contracts contain confidentiality clauses, and uploading to a public AI tool could breach them

• ChatGPT is not a legally recognised trusted agent, and standard data protections don't automatically apply

• If your contract contains personal data, sharing it with a US-based AI tool may raise questions under UK GDPR and the Data Protection Act 2018

• Anonymising your contract reduces the privacy risk but doesn't make AI contract review accurate

• Purpose-built tools like Ookulli process your document privately, never use it for training, and analyse it against UK law

What happens to your contract when you upload it to ChatGPT?

When you paste your contract into ChatGPT, you're sending it to OpenAI's servers. What happens next depends on which version you're using.

With the free tier (ChatGPT.com without a paid plan), OpenAI's default settings allow your conversations to be used to improve their models. That includes the contents of your contract. You can opt out in your account settings, but the default is opt-in.

With a paid ChatGPT Plus subscription, the setting still defaults to using your data for training unless you disable it manually under Data Controls.

With ChatGPT Enterprise or API access, data is not used for training by default. But this version is typically out of reach for individuals reviewing a single contract.

For most people uploading a contract from their personal account, the practical situation is this: you're sending a sensitive legal document to a US-based company, stored on their servers, potentially used to train future AI models. That's before we address whether you're legally allowed to share it at all.

Does uploading a contract breach confidentiality?

This is the question most people don't think to ask. But most contracts contain a confidentiality clause, and that clause typically restricts what you can share with third parties.

Employment contracts usually include language preventing you from disclosing the terms of your employment to others. Service agreements often contain mutual or one-way confidentiality provisions. NDAs are built entirely around this principle.

When you upload your contract to ChatGPT, you are technically disclosing it to a third party: OpenAI. Whether that constitutes a breach depends on how the clause is worded, but a broadly written confidentiality obligation can easily cover this scenario.

There's also a practical risk beyond your own exposure. If you upload a client contract that contains your client's information (project details, budget, intellectual property), you may be breaching your duty of confidentiality to them. For freelancers who regularly handle client documents, that's a real and immediate concern.

For how to use AI on your contract without this risk, see how to anonymise your contract before uploading.

What does UK GDPR say about uploading contracts to AI tools?

If your contract contains personal data, you have additional considerations under the UK GDPR and the Data Protection Act 2018.

Personal data covers more than names and addresses. It includes salary information, start dates, contact details, and any other information that identifies a living person, directly or indirectly. Most employment contracts contain all of these.

The question under UK GDPR is whether you have a lawful basis for transferring that data to OpenAI. OpenAI is a US-based entity, which raises questions about international data transfers. The UK has adequacy decisions for some countries, but the US is not currently one of them. OpenAI maintains Standard Contractual Clauses for enterprise customers, but individual users on the consumer product don't typically have that arrangement in place.

This isn't a theoretical risk. The Italian data protection authority temporarily blocked ChatGPT in 2023 over exactly these concerns. The UK Information Commissioner's Office has been clear that individuals and organisations must understand where personal data goes before sharing it with AI tools.

For a personal employment contract review, the practical exposure is usually low. But if you're handling client data, or if your contract contains information about others, the position is more complicated.

Can AI actually review a contract accurately?

Even setting aside the privacy question entirely, there's a separate issue: does AI contract review actually work?

For some tasks, yes. Generic AI tools are useful for first-pass extraction, identifying specific clauses, and generating plain-English summaries. That's genuinely helpful as a starting point.

Where they struggle is with the legal accuracy that matters for a signing decision.

Defined terms. Legal contracts often redefine everyday words. "Gross misconduct" might be defined to include anything from genuine misconduct to a minor policy breach. "Confidential information" might cover everything you've ever learned about the business. A generic AI summarises these terms using their everyday meanings, not the legal definitions in the document.

Cross-clause risks. The real risks in a contract often emerge from two clauses read together. A payment clause combined with a termination-for-convenience clause can mean you lose income with very short notice. A liability cap combined with a broad indemnity can leave you exposed in ways neither clause signals individually. Generic AI reads sequentially; it doesn't flag interactions across sections.

Short clauses with big consequences. Non-compete obligations, IP ownership clauses, and automatic renewal terms are often a single paragraph. They're easy to miss in a long document, and AI tools frequently underweight them relative to their actual significance. For a breakdown of the clauses most likely to go undetected, see the risky clauses AI is most likely to miss.

For a more complete breakdown of why AI misses what matters, see why generic AI gets contract review wrong.

What to use instead of ChatGPT for contract review

If you want AI-assisted contract review that's safe to use, you need a tool designed for that specific purpose.

Purpose-built tools differ from generic chatbots in three ways.

Privacy by design. Your document is processed privately and never used for AI training. With ChatGPT's consumer tier, you'd need to actively opt out of data use, and you're still relying on OpenAI's data practices for everything else. A purpose-built tool handles this at the infrastructure level.

UK-specific analysis. Generic AI tools apply generic legal knowledge. UK contract law has specific rules around unfair terms, restrictive covenants, IP ownership, and worker protections. A UK-specific tool flags these correctly; a general tool may miss them or apply the wrong legal framework entirely.

Clause-by-clause review. Rather than a summary (which smooths over risks), a structured review surfaces each clause individually, flags concerns with plain-language explanations, and identifies cross-clause interactions that only become visible when you read the whole document as a legal unit.

Ookulli was built specifically for this use case. Your documents are processed privately, never used for training, and reviewed against UK employment and contract law. Review your contract with Ookulli from £10, clause by clause, UK-specific, no waiting list.

Frequently asked questions

Is it safe to upload a contract to ChatGPT?

Not without precautions, for two reasons. Most contracts contain confidentiality clauses that restrict disclosure to third parties, and uploading to ChatGPT counts as disclosure. If your contract also contains personal data, sharing it with a US-based AI tool may raise UK GDPR compliance questions. The safest approach is either to anonymise the document first, or to use a purpose-built tool that guarantees private processing.

Can I upload a client contract to ChatGPT without breaking confidentiality?

This carries more risk than uploading your own employment contract. A client contract typically contains your client's information, project details, or intellectual property. You almost certainly have a confidentiality obligation to your client, and uploading their contract or project documents to a third-party AI tool without their knowledge is likely to breach that obligation.

Can I upload my offer letter to ChatGPT?

An offer letter is less likely to contain explicit confidentiality obligations than a signed service agreement or NDA. However, it still contains personal data (your salary, start date, and personal details), which means UK GDPR considerations apply. If you want to use AI to review it, anonymise the document first to remove personal identifiers before uploading.

Does anonymising my contract make it safe to upload?

Anonymising significantly reduces the privacy risk. If you remove names, addresses, salary figures, and other identifiable information, the data protection concern largely falls away, and you're also less likely to trigger a confidentiality breach. However, anonymising doesn't fix the accuracy problem: a generic AI tool will still struggle with defined terms, cross-clause risks, and UK-specific legal nuances. For a step-by-step guide, see how to anonymise your contract before uploading.

What are the risks of using ChatGPT for contract review in the UK?

Three main risks. First, confidentiality: most contracts restrict disclosure to third parties, and uploading to ChatGPT is technically a disclosure. Second, data protection: if your contract contains personal data, sharing it with a US-based AI tool requires a lawful basis under UK GDPR. Third, accuracy: generic AI misses defined terms, cross-clause risks, and UK-specific legal nuances that matter for a signing decision. Any one of these can cause real problems.

Is there a safe AI tool for reviewing contracts in the UK?

Yes. Purpose-built tools like Ookulli process your contract privately (with no training use), apply UK-specific legal knowledge, and review clause by clause rather than generating a broad summary. This addresses both the privacy concern and the accuracy concern that make general-purpose tools unsuitable for legal documents.

Review your contract with Ookulli from £10, UK-specific, confidential, and built for legal documents.