Rules for Sensitive Data in DeepSeek Prompts
Generative tools amplify productivity and leakage risk. A simple tier system keeps teams aligned without blocking useful work.
Tier A — never paste
Passwords, full payment data, unreleased financials, personal health records, and secrets under NDA.
Tier B — redact first
Customer names, account numbers, internal project codenames. Replace with placeholders like [CLIENT_A].
Tier C — OK with care
Generic process descriptions, public marketing copy, anonymized examples. Still human-review before external send.
Log incidents
If someone pastes Tier A by mistake, document it per your security policy — don’t treat it as “just a prompt.”