What NOT to Tell Your AI PA (And What's Perfectly Fine)

5 min read

"But is it safe to tell it about my clients?" We get this question every week. The honest answer: it depends what you're telling it. There's a clear line between useful delegation and unnecessary risk, and once you know where that line is, you can delegate confidently without losing sleep.

Perfectly Fine to Share

Let's start with the good news. All of the following are fine — and in fact necessary for your PA to do its job well:

Client and contact names. Your PA needs to know who Ahmad is, who Sarah is, and who your boss is. Names are operational context, not sensitive data. "Draft a reply to Ahmad about the project" requires knowing Ahmad exists.

Meeting details and schedules. Times, dates, locations, agendas. This is core PA territory. It can't manage your calendar if it doesn't know what's on it.

Email content and drafts. Forwarding emails for your PA to reply to is literally the use case. The content of routine business emails is operational, not classified.

Project details and deadlines. What you're working on, who's involved, what's due when. This is how your PA tracks your work and sends intelligent follow-ups.

Preferences and instructions. "I like my coffee black," "I always fly AirAsia for domestic," "Draft emails in a casual tone." All good. These make your PA better.

Business documents and drafts. Proposals, contracts, reports, presentations. If you'd hand it to a human PA to format or review, you can share it with your AI PA.

Don't Share These

Here's the line. These items carry disproportionate risk if exposed, and your PA doesn't need them to do its job:

Banking passwords and PINs. Your PA never needs to log into your bank. If you need a payment made, do the banking yourself and have the PA handle the surrounding admin — reminders, confirmations, records.

IC number (NRIC/MyKad). Your national ID number is a gateway to identity theft. There's no legitimate PA task that requires it.

Full credit card numbers. Your PA can help you compare cards, find deals, or draft dispute letters — without knowing the actual card number.

Medical records and health details. Telling your PA "I have a dentist appointment" is fine. Sharing your medical history, prescriptions, or test results is not. Different risk category entirely.

Passwords and 2FA codes. Never. For anything. Your PA doesn't need to log into your accounts. If it needs information from an account, either connect it through an official integration or share the specific info it needs, not the login.

The "Human PA" Rule

Here's a simple mental model: would you give this information to a human PA you've worked with for 3 months?

A good human PA knows your clients, your schedule, your preferences, and your communication style. They have access to your email and calendar. They handle documents and drafts. You trust them with operational information because they need it to do their job.

But you probably wouldn't give them your banking password, your IC number, or your medical records. Not because they're untrustworthy — but because they don't need those things to schedule meetings and draft emails.

Same principle applies to your AI PA. Share what it needs. Keep what it doesn't.

How Your Data Is Protected

Understanding the security helps build confidence. Here's how Ghost Protocol handles your information:

Encryption in transit and at rest. All communications between you and your PA are encrypted. Messages are encrypted when stored. This is the same standard used by banks and healthcare providers.

No training on your data. Your conversations are not used to train AI models. Your business details, client names, and documents stay yours. Period.

Isolated instances. Your PA's memory is separate from every other user's PA. There's no cross-contamination of data between users.

You control the data. Want something deleted? Say "forget everything about [topic]" and it's gone. You can also request a full data export or deletion at any time.

The Practical Cheatsheet

The line is simple: share what your PA needs to work for you. Keep what it doesn't need and can't use anyway. When in doubt, apply the human PA rule — and you'll be fine.