Employees are coaching themselves with ChatGPT, Claude, Gemini, and Copilot. Their prompts are admin-accessible by design. Here's the architectural fix HR can trust.
.png)
Last updated: 2026-05-06
Employees are asking ChatGPT, Claude, Gemini, and Copilot for advice on hard 1:1s, performance issues, career moves, conflicts with their manager. They think those conversations are private. They're not.
Independent enterprise security firms tracking corporate AI usage, including Cyberhaven and Netskope, have published research showing a meaningful share of corporate AI prompts contain sensitive company data, with some studies finding rates as high as 1 in 12 prompts. The data being shared includes names, performance issues, internal compensation chatter, and strategic plans. Adoption is no longer a question. Microsoft's 2025 Work Trend Index puts AI use at 69% of leaders and 45% of employees, a 24-point gap that mirrors the executive-vs-IC coaching gap. The conversations are happening, on infrastructure that was not designed to hold them privately. Across every major enterprise platform, admin and compliance access paths exist by design. ChatGPT Enterprise exposes prompts via the OpenAI Compliance API. Microsoft Copilot retrieves prompts and responses through Purview eDiscovery (per Microsoft's published Copilot data residency and audit documentation). Google Workspace with Gemini routes through Workspace admin and audit logging. Claude Enterprise has its own admin and retention controls.
The specifics differ by vendor. The architectural pattern is the same. What employees treat as a private conversation runs through corporate AI infrastructure that admins control. By design.
For HR and security leaders, this is the AI risk that no policy update can fix.
Most companies respond to AI risk with a usage policy. "Don't put PII in ChatGPT." "Don't share confidential data in Copilot." That worked for email, where the act of sending was deliberate. It doesn't work for AI coaching.
When someone is venting about a hard week, working through a conflict with a teammate, or rehearsing a performance review, the disclosure isn't deliberate. It's mid-thought. The very situations where coaching delivers the most value are the situations where the most sensitive information surfaces. A policy can't catch what the speaker doesn't even notice they're sharing.
The legal posture is harder than most HR leaders realize. If an employee discloses a mental health concern, a disability, or a protected-class issue while "coaching" themselves with a generic AI assistant, those records live in your enterprise tenant, accessible to your IT admin and potentially discoverable in future grievances. Employment counsel are increasingly evaluating how that exposure interacts with the ADA (the US Americans with Disabilities Act) and equivalent disability-disclosure frameworks in other jurisdictions. The cleanest answer is to keep that conversation out of the corporate AI tenant in the first place.
You wrote the policy. You followed the SOC 2 process. You vetted four AI vendors. And you still cannot honestly tell your people their coaching conversations are private.
Privacy is not a policy. It is the architecture.
There are two ways to make a conversation private. You can write a policy that says no one will look at it. Or you can build a system where no one can.
Policy privacy depends on every admin and every IT contractor who comes after them honoring the rule. It depends on no breach, no subpoena, no overzealous compliance request slipping through. It is a promise you make and hope to keep.
Architectural privacy means the path to the content does not exist. The compliance API and eDiscovery hooks that generic AI tools rely on are not part of the design, and there is no admin override to invoke. Audio of voice conversations is not stored at all. When the architecture forecloses the access, the policy does not have to do the work.
This is where purpose-built coaching tools diverge from general-purpose AI assistants. ChatGPT, Claude, Gemini, and Copilot were designed for general productivity inside corporate infrastructure. Logs, audit, admin access, and compliance retrieval are features, not bugs. For email, code, and documents, that is the right design. For coaching, it is the wrong one.
For an HR leader, the difference is the difference between hoping no one looks and being able to honestly say to your team: "No one can."
Huckleberry is a voice-first professional AI coach built around architectural privacy. Three structural commitments make the difference:
The result is the same psychological safety a paid human coach offers, designed to scale to every manager and IC instead of the few executives a typical L&D budget can fund. Read the full Data Protection Addendum and our privacy policy for the technical and contractual specifics.
If your team has been holding back on rolling out an AI coaching tool because legal flagged the data path, this is the answer to the objection legal raised. If you have already deployed ChatGPT Enterprise, Copilot, Gemini, or Claude for general productivity, Huckleberry sits alongside them as the safe channel for the conversations those tools were never designed to hold. And if you are watching engagement scores erode while your L&D budget reaches a small fraction of the org, architectural privacy is what makes scaled coaching deployable in the first place.
You can finally make a privacy promise you do not have to hope no one tests.
This is also the question every analyst asked us. Across briefings with RedThread Research, Lighthouse Research & Advisory, and Sapient Insights in Q2 2026, all three independently raised the same buyer concern: "What stops a company from just using Claude or ChatGPT for this?" The answer is in the architecture, not the policy. Coaching infrastructure built without an admin path is a different product from productivity infrastructure with admin paths bolted on top.
Q: Can our admins see what employees discuss in Huckleberry sessions?
A: No. Individual sessions are not accessible to admins, HR, IT, or managers. The system is built without a compliance API or admin override path. HR sees aggregate insights such as session counts and engagement metrics, with no team-level topic detail. This contrasts with general-purpose AI assistants, including ChatGPT Enterprise, Microsoft Copilot, Google Workspace with Gemini, and Claude Enterprise, where admin and audit access paths are part of the standard enterprise architecture by design.
Q: How is Huckleberry different from using ChatGPT, Claude, Gemini, or Copilot for coaching?
A: Generic AI assistants are general-purpose productivity tools. They are powerful, and they were not designed for the privacy posture coaching requires. They route conversations through corporate infrastructure with admin and compliance access paths. They have no coaching methodology built in. They reset every conversation. Huckleberry is purpose-built for coaching: voice-first, architecturally private, grounded in established coaching frameworks (GROW, SBI, Radical Candor, Situational Leadership), and builds persistent memory of each user's goals and context across sessions.
Q: Does Huckleberry train its AI on our data?
A: No. Customer conversation data is not used for model training. Voice audio is processed in real-time and not stored. Session text is encrypted at rest and accessible only to the individual user.
Q: Will this pass our compliance and privacy review?
A: Huckleberry publishes a Data Protection Addendum covering personal data handling, processing roles, and security commitments. The architectural privacy posture is designed to address the objections that often block other AI tools at the legal review stage, though specific compliance requirements vary by organization and jurisdiction.
Q: What about the ADA and protected-disclosure risk?
A: The ADA (the US Americans with Disabilities Act) and equivalent disability-disclosure frameworks in other jurisdictions govern how employers handle sensitive employee disclosures. Because Huckleberry has no admin path to individual session content, disclosures of mental health, disability, or other protected-class issues cannot become a discoverable corporate record in the way they can with generic AI assistants. Employment counsel can confirm specifics for your situation, and the architectural design removes the underlying exposure rather than relying on policy to manage it.
Q: How does Huckleberry handle situations that should escalate to HR?
A: Huckleberry is built with guardrails. When a conversation surfaces a legal, compliance, or HR matter that needs human attention, the coach redirects the employee to escalate through proper channels. It is not a substitute for HR, legal counsel, or therapy.
The companies setting the bar on responsible AI are the ones who chose architecture over policy. The privacy your team thought they had with their AI assistant was never built in. With Huckleberry, it is.
Book a demo See how Huckleberry brings private, professional coaching to every person in your org. Or explore the HR leader use case.
Coaching framework references: GROW (Sir John Whitmore, 1992); Situation-Behavior-Impact / SBI (Center for Creative Leadership); Radical Candor (Kim Scott, 2017); Situational Leadership (Hersey and Blanchard, 1969).
.png)
.png)
