When APRO released our new AI resources, I expected members to have questions. Artificial intelligence is evolving quickly, and every week seems to bring another tool, another vendor, or another headline about what AI can do.
One of the first questions we received was also one of the most important.
A member wrote to ask about the risks of entering customer information into public AI tools such as ChatGPT and other large language models (LLMs). Their concern was straightforward: even if an employee has good intentions, what happens if customer information is accidentally included in an AI prompt? What if a paid AI service says it doesn’t retain information, but something goes wrong? What are the legal implications? Could a dealer face liability?
These are exactly the kinds of questions businesses should be asking.
The honest answer is that this area is still developing. The technology is advancing faster than the legal and regulatory framework surrounding it. Regulators are paying close attention, vendors are updating their products regularly, and courts are only beginning to address many of these issues. That uncertainty makes one principle especially important:
When customer information is involved, slow down.
That doesn’t mean businesses should avoid AI altogether. Quite the opposite. AI has tremendous potential to improve efficiency, support employees, enhance customer service, and streamline everyday operations. But there is an important difference between asking AI to help draft a marketing email and copying information from a customer account into a public AI platform.
One of the biggest misconceptions about AI is that privacy problems happen because someone intentionally shares confidential information. In reality, many privacy issues are likely to arise through simple convenience.
Imagine an employee wants help writing a payment reminder. They copy an existing customer email into ChatGPT to “make it sound better.” Or they paste account notes into an AI tool and ask for help drafting a collections message. In both situations, they may have unintentionally disclosed personally identifiable information simply because they were trying to work more efficiently.
Those are the kinds of situations businesses should actively work to prevent.
As a practical rule, APRO recommends that employees avoid entering customer-identifiable information into publicly available AI tools unless the company has specifically approved the platform and understands how that information will be stored, used, and protected.
Whenever possible, use fictional examples, remove identifying information, or rewrite prompts so that customer details are not included.
Instead of asking:
“Please rewrite this email to John Smith at 123 Main Street regarding his past-due account.”
Consider asking:
“Please rewrite this customer payment reminder to make it more professional and empathetic.”
The AI can still provide useful assistance without exposing customer information.
What About the Free Versions of AI?
One of the most common follow-up questions we receive is whether it is safe to use the free versions of AI tools such as ChatGPT, Gemini, Claude, Copilot, or similar platforms.
The answer depends less on whether the tool is free or paid and more on how the information you submit is handled.
Many publicly available AI services may retain prompts or use them to improve future versions of their models, although the details vary by provider and can change over time. Some paid business or enterprise versions offer additional privacy protections, greater administrative controls, and options that limit or eliminate the use of customer data for model training.
However, businesses should avoid assuming that a paid subscription automatically removes all privacy or compliance concerns.
Regardless of which platform is being used, every company should understand:
- whether prompts are stored
- whether submitted information is used to improve AI models
- who has access to submitted information
- how long information is retained
- what privacy settings are available
- whether administrators can manage employee use
Most importantly, businesses remain responsible for protecting customer information regardless of which AI platform they choose.
A good rule of thumb is simple:
If you would not email customer information to an unknown third party, you probably should not paste it into a public AI system either.
Paid Versions Deserve Careful Review Too
Upgrading to a paid AI subscription is often a good business decision, but it should not be viewed as a substitute for sound policies and employee training.
Many paid AI platforms offer stronger administrative controls, enhanced security features, and options that limit the use of submitted information for model training. Enterprise versions may also provide contractual commitments regarding data handling, retention, confidentiality, and security.
Even so, businesses should not assume that every paid subscription provides the same level of protection. Features and default settings vary significantly between providers, and some privacy controls must be configured by the customer before they become effective.
Before allowing employees to use a paid AI platform with business information, companies should understand:
- what data is collected and retained
- whether prompts are used to improve AI models
- which privacy settings are available and enabled
- who has access to submitted information
- whether contractual commitments address confidentiality and data protection
- what happens to company information if the subscription ends
For many APRO members, the safest approach is to evaluate paid AI platforms the same way they would evaluate any other technology vendor that may have access to customer information.
Paying for an AI platform may reduce certain risks, but it does not eliminate the responsibility to understand how the platform works or to protect customer information.
Employee Awareness Is Your First Line of Defense
Many AI-related privacy issues are unlikely to result from malicious intent. They are far more likely to occur when well-meaning employees use AI tools without understanding where the boundaries should be.
That is why employee awareness is every bit as important as technology.
Simple guidance can prevent most avoidable problems. Employees should understand:
- which AI tools are approved for business use
- what information should never be entered into AI systems
- when customer information must be removed or anonymized
- when human review is required
- who to contact if they are unsure
Clear expectations today can prevent difficult conversations tomorrow.
Learn More in the AI Resource Hub
These topics are explored in greater detail in APRO’s AI Resource Hub. The hub is your go-to spot for up-to-date information on AI and APRO’s recommendations.
- AI Best Practices: Responsible AI Use in Rent-to-Own
- APRO White Paper: AI in RTO – An Industry Framework for Responsible Innovation
As AI continues to evolve, APRO will continue monitoring developments, gathering member questions, and publishing additional AI Guidance Updates to help members navigate new technologiesresponsibly.
We Want to Hear From You
Artificial intelligence is evolving quickly, and many of the most valuable discussions begin with practical questions from dealers. If there is an AI topic you would like APRO to explore in a future AI Guidance Update, or if you have questions about how AI may affect your rent-to-own business, we encourage you to reach out.
Please send your questions, experiences, or suggestions to info@rtohq.org. We may feature common questions in future guidance articles, webinars, FAQs, or member resources so the entire industry can benefit from the discussion.
One of APRO’s goals is to build these resources alongside our members. If you’re asking the question, chances are others are asking it too.
Frequently Asked Questions
Can employees use ChatGPT or other AI tools for work?
Yes, provided the company has established clear expectations and employees understand what information may and may not be entered into AI systems.
Can customer names or account information be entered into AI?
As a general rule, no. Unless your company has specifically approved the platform and understands how customer information will be stored, protected, and used, customer-identifiable information should not be entered into public AI systems.
Are paid AI versions automatically safe?
No. Paid platforms often offer stronger privacy protections, but businesses should still review the provider’s terms, privacy settings, data retention practices, and contractual commitments before using them with business information.
What if an employee accidentally pastes customer information into an AI tool?
The incident should be reported to management immediately so the company can evaluate what information was disclosed, which platform was involved, and whether additional steps are appropriate. Having a documented internal process for responding to these situations is a good practice.
Do we need to block AI completely?
Probably not. For most businesses, a better approach is to establish clear guardrails, train employees, approve appropriate tools, and monitor how AI is being used.
Is APRO saying businesses should avoid AI?
No. APRO believes AI offers significant opportunities for the rent-to-own industry. The goal is responsible adoption – not avoiding innovation. Businesses should approach AI thoughtfully, protect customer information, maintain human oversight, and continue placing customer trust at the center of their operations.
