Vertical Consulting

The Consultant's Guide to Safe Client Prompts

Consultants live in NDAs. Here's how to keep the productivity gain of an LLM without ending up on the wrong side of a confidentiality clause.

PromptShielder Security Team· Applied cryptography & privacy engineering June 3, 2025 6 min read

The one-sentence test

Would this prompt read the same if I were asking about a hypothetical client in the same industry? If yes, you have redacted correctly. If not, keep going.

What to strip, in order

  1. The client legal name and any known trade names.
  2. The project codename — 'Project Nightingale' is more identifying than 'Google'.
  3. Any named executive; roles are fine, names are not.
  4. Revenue and EBITDA numbers with more than two significant figures.
  5. Geographic detail below country level.
  6. Dates finer than the quarter.

The custom-terms trick

PromptShielder lets you paste a per-engagement list of literal strings — codenames, initiatives, product-line names — that always get redacted regardless of context. Set it up on day one of the engagement. It saves the 'oh, I forgot our internal name for that programme' moment later.

Where LLMs actually help

  • Structuring an argument once the analysis is done.
  • Alternative wordings for a diplomatic paragraph.
  • Drafting slide-deck speaker notes from a bulleted outline.
  • Turning a rough recommendation into a two-page memo.

Frequently asked

Can I use my firm's enterprise ChatGPT for everything?+

Even with a DPA, the confidentiality clause in the client NDA usually requires prior written consent for any third-party processor. Redaction is the pragmatic bypass.

What about diagrams?+

The same rule applies. A screenshotted org chart is far more identifying than the same information in prose.

Sources
Vertical ConsultingPrivacy
Try PromptShielder

Redact prompts before they leave your browser.

Free to try. Nothing is sent to a server. Ever.