
NotebookLM is designed to feel like a private “AI research assistant” that only reads the contents of what you upload. That’s mostly true, but “private” isn’t the same as “confidential.” The gap matters if you’re thinking about uploading personal identifiers, customer files, or regulated documents.
This guide breaks down Google’s stated policies in plain language, then turns that into a practical “safe to upload vs don’t upload” framework.
Private vs confidential: the mental model that prevents mistakes
Here’s the safest way to think about NotebookLM:
- Private means your sources (and their contents) aren’t publicly visible by default, and Google says they aren’t used to directly train its foundational models unless you provide feedback. (support.google.com)
- Confidential means you can upload it without worrying about human review, accidental sharing, retention windows, cross-service handling, or policy edge cases.
NotebookLM can be private and still be a bad place for confidential data—especially if you:
- Share a notebook (intentionally or accidentally)
- Submit feedback (thumbs up/down or “report a problem”)
- Use the same notebooks inside Gemini (where different data rules may apply)
Plain-language summary of Google’s stated policies (with links)
Below are the most important “straight from Google” policy statements, translated into everyday language.
- Your NotebookLM content isn’t used to directly train foundational AI models unless you provide feedback.
Google states that “the content in NotebookLM will not be used to directly train our foundational AI models, unless you choose to provide feedback.” (support.google.com)
- If you share feedback, Google may review the full context (including uploads).
Google says that when you share feedback, they may review “the full context of that interaction, including your queries, uploads, and the model’s responses.” (support.google.com) - Source: Learn about NotebookLM
- Human review can happen for feedback, and that feedback content may be retained for up to 3 years (disconnected from your account). (support.google.com)
- Workspace/Education accounts get stronger protections (per Google’s Help Center language).
Google states that for Google Workspace or Workspace for Education users, NotebookLM uploads/queries/responses won’t be reviewed by human reviewers even when feedback is provided, and won’t be used to train AI models. (support.google.com) - If NotebookLM content is used through other Google services (example: Gemini), those services’ notices can apply.
Google notes that data NotebookLM shares with other Google services (e.g., the Gemini app) is used per Google’s Privacy Policy and service-specific notices. (support.google.com) - Sources:
- Google Privacy Policy
- Gemini Apps Privacy Notice (last updated June 29, 2026) (support.google.com)
What happens to your PDFs, notes, and chats inside NotebookLM?
At a practical level, you’re dealing with three “buckets” of data:
| What you add/create | What it’s used for | The privacy implication |
|---|---|---|
| Sources (PDFs, Docs, URLs, pasted text, etc.) | To answer questions grounded in your sources | Main risk is what you upload, and who you share with |
| Your notes / saved outputs | Builds your notebook “knowledge base” | Notes can contain sensitive summaries even if the source doesn’t |
| Chat history | Helps generate responses within the notebook | Be careful: chats can include identifiers you typed, not just what’s in PDFs |
What feedback can include (and why that matters)
Feedback is the #1 place people accidentally leak sensitive info because they’re focused on reporting an issue, not privacy.
Google states that feedback can include your thumbs up/down plus “any included content,” such as:
- Your queries
- Your uploads/sources
- Model responses
- Gemini chats
- Generated outputs like audio overviews and video overviews
- Other related data (support.google.com)
Google also states this feedback may be reviewed by trained teams, and asks you not to include confidential or sensitive information in feedback. (support.google.com)
Plain-English takeaway: If you upload confidential material, then later click thumbs down and describe the issue (or attach a screenshot), you may be sending the exact confidential material you hoped would stay private.
Sharing: who can see what (and what “public” really means)
NotebookLM sharing is where “private vs confidential” becomes very real.
The three sharing states you should recognize
Google’s own UI indicators map to these states:
- Private (restricted)
A lock icon appears when a notebook isn’t shared with anyone. (support.google.com) - Shared to specific people
The icon changes when shared individually with users. (support.google.com) - Public link (consumer accounts)
A globe icon indicates the notebook is publicly shared. (support.google.com)
What viewers can access in a public notebook
Google explicitly warns that Chat View can hide sources and artifacts for a focused experience, but it does not revoke underlying access—viewers may still be able to navigate to hidden materials outside the default chat experience. (support.google.com)
Plain-English takeaway: If you share a notebook publicly, assume the sources are accessible. Don’t rely on “hidden” views as a security boundary.
Viewer vs editor: the practical difference
Google’s documentation describes sharing with viewer or editor permissions (including public sharing for personal NotebookLM). (docs.cloud.google.com)
And in NotebookLM Enterprise sharing docs, Google gives an example that viewers can’t upload sources or add notes. (docs.cloud.google.com)
Even if you only grant Viewer access, that can still be too much if the notebook contains sensitive sources—because the core question is: should they see the sources at all?
Notebooks in Gemini: same files, different privacy expectations
This is the part many people miss: your notebooks may be accessible in both NotebookLM and Gemini, and Gemini has its own data handling rules.
Google’s Gemini Apps Privacy Notice (last updated June 29, 2026) states that:
- Chats with your notebooks in Gemini are saved according to your Keep Activity setting and used as described in the Gemini Apps Privacy Notice, including to improve Gemini with the help of human reviewers (support.google.com)
- Files added as a source in Gemini notebooks are not used directly for training Google’s generative AI models (support.google.com)
Plain-English takeaway: If confidentiality is the priority, be cautious about using the same notebook inside Gemini—because “saved and used to improve…with human reviewers” is a very different bar than “not used to train unless feedback.”

Don’t upload this: a practical “confidential data” blocklist
If you want a simple rule: don’t upload anything that would cause harm if exposed to another person (even briefly), or anything you’re legally obligated to protect.
Here’s a strong baseline “do not upload” list for NotebookLM (especially on personal accounts):
- Government identifiers
- Social Security numbers (SSNs)
- Driver’s license / state ID scans
- Passport numbers
- Financial and payment data
- Bank account and routing numbers
- Full credit card numbers (even if “for testing”)
- Tax returns, W-2s, payroll files
- Medical and insurance documents
- Medical records, lab results, diagnoses
- Insurance claims, member IDs, EOBs
- Client/customer confidential data
- Client contracts with sensitive terms
- Customer lists with emails/phone numbers
- Support exports containing personal details
- Credentials and secrets
- Passwords, API keys, private keys, recovery codes
- “Screenshot of settings” that includes tokens or internal URLs
- Non-public business internals
- Acquisition plans, pricing strategy docs, board notes
- Security reports, pentest findings, incident write-ups
- Protected student/HR info
- Student records
- Employee performance reviews, disciplinary notes
Even if you trust Google’s model-training statement, confidentiality can still be broken through feedback review, sharing settings, downstream exports, or simple human error.
Safer alternatives (when the doc is private but should stay confidential)
When you still want AI help, but the document is too sensitive, pick one of these patterns:
- Upload a sanitized summary instead of the original
- Replace names with roles (“Client A,” “Vendor B”)
- Replace exact numbers with ranges (“$10k–$15k”)
- Remove addresses, account numbers, and signatures
- Split the document
- Put the “sensitive appendix” (identifiers, account details) in a separate file that never goes into NotebookLM
- Upload only the non-sensitive sections you actually need to analyze
- Use an enterprise-managed environment
- If you’re in Google Workspace / Education, Google states stronger protections against human review and training use for NotebookLM interactions. (support.google.com)
- For organizations, Google’s Workspace privacy hub also emphasizes that content isn’t human reviewed or used for model training outside your domain without permission. (knowledge.workspace.google.com)
- Run local AI for truly sensitive work
- For “must be confidential” work, consider offline/local tooling (so files never leave your device). This is often the simplest way to meet a strict confidentiality requirement.
If you’re a small business owner trying to make this decision repeatable, I’d rather see you build a simple rule: personal NotebookLM for learning and public-ish docs; enterprise controls or local AI for client/regulated data.
Redaction tips that actually work (not fake redaction)
Redaction is easy to do wrong. A black box drawn over text is often not real redaction.
Use these safer practices:
- Use true redaction tools (that remove underlying text), not highlight/shape overlays
- Search before you redact
- Look for names, emails, phone numbers, invoice numbers, account IDs
- Remove metadata
- PDFs and office files can contain author info, tracked changes, comments, and hidden text
- Export to “clean” formats
- Copy/paste only the relevant excerpt into a new plain-text file
- Or create a new PDF from the sanitized text (not from the original)
Quick test: after redaction, try selecting/copying text where the sensitive info used to be. If it copies, it wasn’t truly removed.
A 60-second upload safety checklist
Before you drag a PDF into NotebookLM, ask:
- If this notebook link became public, would it hurt anyone?
- Would I be okay if a trained reviewer saw this as part of feedback handling? (support.google.com)
- Am I using NotebookLM only, or also opening this in Gemini (Keep Activity on)? (support.google.com)
- Did I remove SSNs, medical details, credentials, and client identifiers?
- Did I verify sharing is Restricted (lock icon) before uploading? (support.google.com)
You can also find more practical tech safety guides at Greg Doig.