 |
| Many tech companies use human contractors to review user conversations with their chatbots. Meta; Getty Images; Alyssa Powell |
That private conversation you had with an AI chatbot about a breakup or that therapy-like session you never told anyone about may not have stayed between you and the machine. In some cases, a real human may have read it, and they might have seen enough personal details to know who you are.
Meta, like many major tech companies, employs contract workers to help improve its AI by reviewing real user interactions with its chatbots. As part of this process known across the industry as reinforcement learning through human feedback contractors rate the AI's responses to user inputs. In doing so, several contractors told Truth Sider, they regularly encounter chats containing names, emails, phone numbers, and other sensitive identifiers.
Four contract workers hired via third-party platforms Outlier (owned by Scale AI) and Alignerr described reviewing chats between users and Meta AI that frequently included full names, contact information, gender, interests, job titles, and even selfies. One estimated that personally identifiable information (PII) appeared in over half of the thousands of conversations they reviewed weekly. Two said they saw users submitting photos of themselves. These conversations originated from across the globe, including the US and India.
Some of this information was attached to conversations by Meta to help personalize chatbot replies, according to internal documents reviewed by Truth Sider. In other instances, users voluntarily disclosed personal data directly to the AI something Meta’s privacy policy advises against.
Two of the contractors, who had worked on AI projects for other tech giants, said the appearance of unredacted PII was more frequent in the Meta assignments.
According to project documentation, contractors were explicitly told the interactions they reviewed were real chats between users and Meta’s chatbot.
Deeply Personal Conversations Under Review
The contractors said the user conversations they reviewed often resembled therapy sessions, confessions to a trusted friend, or flirty exchanges with a romantic partner. Users shared fantasies, asked for personal advice, vented frustrations, and included sensitive details like job information, locations, or their children’s lives.
One Alignerr contractor working on a project called Omni designed to enhance user engagement on Meta's AI Studio said users occasionally sent in explicit content, including sexually explicit photos.
Meta’s AI terms of service state that user interactions "may be reviewed" either automatically or by humans. A Meta spokesperson told Truth Sider that the company maintains “strict policies” governing who may view personal data and how.
“While we work with contractors to help improve training data quality, we intentionally limit what personal information they see and have processes and guardrails in place instructing them how to handle any such information they may encounter,” the spokesperson said.
A representative from Scale AI said contractors are only authorized to process personal data necessary for a project and must follow Outlier's security protocols. They are instructed to flag responses containing PII and skip tasks involving such content.
“At no point does user-generated data leave the customer’s platform,” the spokesperson said, noting that some labeling work is conducted on client-owned systems for added security. Alignerr did not respond to a request for comment.
This situation underscores the broader privacy risks emerging as tech companies increasingly rely on human workers to train and fine-tune rapidly evolving AI tools. Truth Sider previously reported that public Google Docs used by Scale AI exposed confidential client data, including training details from Meta and Elon Musk’s xAI. Other firms have used open spreadsheets to direct contractors working on Anthropic's models.
'Don’t Assume Chatbots Are Private by Default'
According to Miranda Bogen, director of the AI Governance Lab at the Center for Democracy and Technology, the potential exposure of personal data through AI chat logs poses serious risks.
"If personal data shared with chatbots ends up in the wrong hands, it opens the door to manipulation, fraud, and other misuse," Bogen said. She advises users not to assume privacy when engaging with AI, as different companies have different standards.
Unlike many other digital tools, AI chatbots are often used in emotionally vulnerable ways akin to therapy or personal coaching so users may not realize those conversations could be reviewed and used to train the system.
Companies like Meta, OpenAI, and Google disclose in their privacy policies that they may use AI conversations to improve their models. Still, users often underestimate how accessible those chats can be.
“This isn’t new,” Bogen added. “But the emotional intimacy of these conversations raises the stakes. It’s the next evolution of a longstanding issue.”
How Often Is Personal Data Exposed?
While the extent to which contractors encounter sensitive data is unclear, those who spoke to Truth Sider said it was routine.
One worker assigned to the Omni project said they processed up to 5,000 AI training tasks a week and estimated 60–70% of them contained personal identifiers like phone numbers or Instagram handles. Contractors were instructed to reject such chats.
Today Mark shared Meta’s vision for the future of personal superintelligence for everyone.
— AI at Meta (@AIatMeta) July 30, 2025
Read his full letter here: https://t.co/2p68g36KMj pic.twitter.com/Hpzf77jAiG
Another project, PQPE, aimed to make Meta AI’s responses feel more personalized by referencing user facts such as name, gender, location, and hobbies sourced from previous chats and user activity on Meta’s platforms. In these cases, personal data was included on purpose, and contractors were not allowed to reject the conversations.
A Meta spokesperson acknowledged that in such personalization projects, limited personal data may be visible to contractors but only under strict privacy guidelines and policy compliance. For example, location data might be included if a user asked for a coffee shop nearby.
One contractor noted that the amount of user information made it easy to identify someone based on just a few details. In one particularly disturbing case involving explicit content, Truth Sider was able to locate a matching Facebook profile using the user's first name, city, gender, and interests all pulled from a chat log.
The contractor assigned to that conversation said it was so distressing they had to stop working for the day.
“It’s rough. I had to put it down for the night,” they said.
The Challenge of Chatbot Privacy
As Meta pushes forward with plans for highly personalized AI systems, the company is also handling increasingly sensitive user data.
CEO Mark Zuckerberg recently described a vision for “personal superintelligence” AI that "knows us deeply, understands our goals, and helps us achieve them."
Yet this personalization presents challenges. In June, Truth Sider revealed that Meta’s AI app included a public feed where users were unintentionally sharing personal chats, including medical issues and relationship questions. Some included names, emails, and phone numbers. Meta has since introduced clearer warnings, though chats can still be shared publicly and indexed by Google.
Last week, Truth Sider reported that OpenAI disabled a feature that was allowing ChatGPT chats to appear in search engine results.
Sara Marcucci, founder of the AI + Planetary Justice Alliance, said these cases show that data minimization, redaction, and user control remain uneven across the industry.
Bogen added that while automated filters help reduce exposure, they aren’t foolproof and that’s why human reviewers are involved.
“The existence of human flagging systems acknowledges that current safeguards are imperfect,” she said. “Even with processes in place, the data may already be seen. That’s the underlying risk.”
