Secret Chat Logo

Private AI for Journalists:
Protecting Sources and Notes

Launch Chat 

Published June 21, 2026

For a reporter, AI is tempting in exactly the moments when it is most dangerous. You have forty pages of interview transcript, a leaked report to make sense of before deadline, and a half-formed idea you want a sounding board for. An AI assistant could help with all of it in minutes. The problem is that the same material — a source's name, a location, an offhand detail that could identify someone — is precisely what you are professionally and ethically bound to protect.

So the honest starting point is this: pasting source material into any cloud AI tool carries risk, and no product on the market — this one included — can promise it away. What a privacy-conscious setup can do is shift the odds in your favor. It can make the work safer than dropping sensitive notes into a default consumer chatbot. The judgment about what is safe enough to share, and the duty to shield your sources, remain yours. This piece walks through where the danger actually lives, what "safer" buys you, and the working habits that protect people who trusted you with information.

This is general guidance, not security or legal advice. Follow your outlet's editorial and security policies, and lean on a digital-security trainer or your newsroom's security desk for high-risk reporting.

Why a Reporter's Notes Are a Special Kind of Risk

Most people who worry about AI privacy are protecting their own information. Journalists are usually protecting someone else's — often someone with far more to lose than the reporter does. A whistleblower can face dismissal, prosecution, or worse if their identity surfaces. That changes the calculation entirely.

When text goes into a typical consumer chatbot, a few things tend to follow, and each one matters more when a source is involved:

  • It is stored. Conversations are frequently retained and tied to an account, which means a record of what you asked can outlive the story.
  • It may be read or reused. Many free tools can use conversations to train future models unless you opt out, and some permit human reviewers to see samples.
  • It is linked to you. An ordinary account ties sensitive prompts to a verified identity — and, through metadata, to a time, a device, and a network.

There is a second, quieter trap that hits journalists specifically: files carry hidden data. A photo from a source can embed the exact GPS coordinates and timestamp of where it was taken. A PDF can carry author names and revision history. Uploading the raw file can betray a source even when the visible content looks harmless.

"Safer" Is the Honest Word — Here Is the Line

It is worth being precise about what a privacy-focused tool changes and what it cannot. Putting the limits first is the responsible order.

What it changes: less of your material sitting in a cloud account, weaker links between your prompts and your real identity, and clearer handling of what happens to a conversation after you close it. Compared with a stock chatbot, that is a genuine reduction in exposure.

What it does not change: to produce an answer, the AI model has to read what you send. With a multi-model cloud service like this one, your text is passed to the model provider you select — the company behind GPT, Claude, Gemini, Grok, or Perplexity — so it can generate the reply. The content is processed off your machine by an outside company. This is cloud AI, not on-device AI, and it is not encrypted in a way the model provider cannot read. Privacy features lower specific risks; they do not turn a cloud assistant into a sealed vault, and they do not transfer your duty to protect a source onto the software.

What improves vs. a default chatbotWhat stays your responsibility
Chat history and files kept on your own deviceDeciding what is safe enough to share at all
Sign-up that asks for little about youRemoving names, locations, and identifying detail
Your IP hidden from the model providerStripping hidden data from photos and files
Deletion requested where the provider supports itVerifying every fact the AI gives back

When the Story Demands Maximum Protection

For the most dangerous reporting — where a single leaked detail could expose a source to real harm — the strongest answer is to keep the material off third-party servers altogether. That can mean a newsroom running AI on infrastructure it controls, or a reporter running an open-source model locally on a laptop with no network connection. Nothing leaves the building, and there is no outside provider to subpoena, breach, or persuade.

The honest trade-off is capability. The open-weight models you can self-host today are, as a rule, noticeably weaker than the flagship models that the major labs offer only through their paid APIs. You give up some quality of reasoning, summarizing, and drafting in exchange for the highest level of control. Many newsrooms land on a split: a local model for the truly sensitive material, and a privacy-focused gateway to the strongest commercial models for lower-risk work — with careful redaction applied no matter which path a task takes.

What Secret Chat Does to Lower the Risk

Secret Chat is a multi-model gateway designed with privacy-first defaults. It will not make cloud AI confidential, but it strips away several of the habits that make mainstream chatbots a bad place for source material.

  • Your conversations live on your device. Chat history is kept in your browser's local storage rather than in a cloud account on Secret Chat's servers, and uploaded files are stored locally too. The lasting record of your reporting sits with you.
  • Sign-up reveals little. An email address is all that is required — no name, no phone number — so there is less tying your questions back to you.
  • Your network is shielded from the provider. Requests pass through Secret Chat's infrastructure, so the model provider does not see your IP address directly.
  • Deletion is requested, and reported honestly. Where a provider allows it, Secret Chat asks for the processed content to be deleted or not stored, and each message can generate a Session Privacy Report (PDF) that shows what happened — including when a deletion step failed, rather than pretending it always works.
  • One place, several models. You can choose the right assistant for a task and compare outputs without spreading your work across multiple provider accounts.

On documents: uploads currently support images and PDFs. If your material is in a word-processor file, you would export the relevant pages to PDF first — a good moment to drop anything that should not travel. Support for office document formats is planned for a future release.

Source-Protection Habits That Beat Any Tool

The most reliable safeguard is not a setting; it is discipline about what you put in. Every identifying detail you keep out is one that cannot leak, no matter what happens downstream.

  • Anonymize before you paste. Replace real names, places, employers, and dates with neutral stand-ins — "the source," "City A," "the agency" — and keep the key that maps them back somewhere offline.
  • Separate the sensitive from the useful. Often the analytical question can be asked without any identifying facts at all. Send the question, not the dossier.
  • Scrub files before upload. Remove location data and camera details from photos, and clear author names, comments, and revision history from documents before they leave your device.
  • Share the fragment, not the file. Upload the single page or paste the single passage you actually need help with, not the whole leak.
  • Treat output as a lead, not a fact. Confirm every name, date, quote, and claim against primary sources; AI can invent details that sound authoritative.
  • Match the tool to the risk. For the highest-stakes material, fall back to offline or in-house options rather than any cloud service.

A safe way to put a tool to work without handing over your source:

Act as an editor. I have removed all names, locations, and identifying details from these notes and replaced the source with "the source." Organize them into a clear chronological outline and flag any gaps or contradictions I should follow up on. Here are the notes:

Where AI Earns Its Place in the Newsroom

With those habits in place, AI is genuinely useful for the parts of reporting that do not require exposing anyone:

  • Making sense of a long, redacted document — a quick summary of a PDF before you read it line by line.
  • Shaping raw, anonymized notes into an outline, a timeline, or a list of open questions.
  • Pressure-testing an angle by asking different models to argue for and against your framing.
  • Drafting and tightening headlines, standfirsts, and explanatory passages you then edit.
  • Translating dense or technical language into plain English for your own understanding or for readers.

The division of labor is constant: AI speeds up the mechanical parts; you supply the verification, the ethics, and the protection of the people behind the story.

The Bottom Line

Journalists should be able to use modern tools without gambling with a source's safety. The truthful framing is the careful one: a privacy-focused tool like Secret Chat makes AI use with sensitive notes safer — through on-device chat and file storage, low-information sign-up, IP shielding, and transparent deletion handling — but never risk-free. The model provider still reads your prompt, and protecting sources and personal data stays in your hands.

Keep the sensitive details out, verify what comes back, and reserve the most dangerous material for offline or in-house tools. Want a more private place to do the lower-risk work? Try Secret Chat — and bring your own redaction discipline with you.

Frequently Asked Questions

  1. Is it safe to put source material or sensitive notes into AI?

    No cloud AI tool is fully "safe" for source material, because the model provider has to read your prompt to answer it. A privacy-focused tool can be safer by reducing how much is stored and how easily it links back to you, but the duty to protect sources stays with you. Keep identifying details out and share only what a task truly needs.

  2. Can AI protect my confidential sources?

    No software can guarantee that. Protection comes mainly from what you choose not to share — anonymizing names and places, scrubbing files, and reserving the most dangerous material for offline tools. A privacy-focused gateway lowers some risks around storage and identity, but it is a support for good practice, not a replacement for it.

  3. What file types can I upload, and what about photos from a source?

    Uploads currently support images and PDFs; support for office document formats is planned for a future release. Be especially careful with photos: they can carry GPS coordinates and timestamps. Remove that hidden data yourself before uploading, since you should never assume a tool will do it for you.

  4. Does the tool automatically remove names or identifying details from my text?

    No. Assume nothing is stripped for you. If you do not want a name, location, or other identifier processed, take it out before sending. Handling personal and sensitive data remains your responsibility.

  5. What should I use for the highest-risk reporting?

    For material where no outside party can ever be allowed to see it, keep it off third-party servers — a newsroom-controlled deployment or an open-source model running locally and offline. The trade-off is that self-hosted open-weight models are generally less capable than the top-tier models available only through the providers' APIs, so many teams reserve local tools for the most sensitive work and use a privacy-focused gateway for the rest.