AI features in PDF tools are everywhere — summarise, translate, redact, classify. Many of these features quietly use your uploaded documents as training material. If your PDF is confidential, that's a problem you didn't sign up for.
What 'training' actually means
When a vendor uses your file for 'model training' or 'service improvement', they keep the content and feed it into machine-learning systems. The content shapes the model's behaviour permanently.
Unlike storage (which has retention periods), training has no concept of deletion. Once your data is in the model, it's effectively there for the model's lifetime. Some models can also regurgitate training data verbatim under specific prompts.
How to spot it in policies
Look in the privacy policy and terms of service for phrases like:
- 'We may use your content to improve our services.' - 'You grant us a licence to use uploaded content for training models.' - 'Anonymised data may be used to train AI.' - 'Aggregate usage may inform our research.'
None of these are inherently malicious. All of them mean your data may be in a training set. For confidential material, treat as a red flag.
Tools that don't train
Look for explicit statements like:
- 'We do not use customer files for model training.' - 'Your content is not used to improve our models.' - 'AI features are powered by models trained on public data only.'
Reputable enterprise vendors offer opt-out or explicit no-training commitments. Free consumer tools often don't.
Flint processes in your browser; your file content doesn't reach Flint's servers at all, so it can't be in any training set.
Practical filter
Before uploading a sensitive PDF to an AI-powered tool:
1. Search the privacy policy for 'training' or 'AI'. 2. Check for explicit no-training commitments. 3. Check whether opt-out exists and how to enable it. 4. For regulated data (PHI, financial, legal), require a contractual no-training clause. 5. For very sensitive material, prefer browser-side tools where no upload happens.
FAQ
Is using my data for training illegal?
Generally legal under terms-of-service consent. May be a GDPR issue for personal data without proper basis. Practical concern is data leakage, not pure legality.
Can I delete my data from a training set?
Usually no. Training has no concept of unlearning specific data. Avoidance is the only reliable defence.
Does Flint use my PDFs to train AI?
No — Flint processes in your browser. File content doesn't reach Flint's servers, so it can't be used for training. Verify in current trust documentation.
What about AI features that use third-party models?
Check the third-party's terms too — often the bigger leak. Enterprise tools usually offer no-training commitments across the chain.
Don't let your PDFs become training data. Use browser-side tools and read the AI clauses in policies you sign.