Stop Clients from Uploading Your Reports to ChatGPT (2026 Guide)
Co-founder at Peony. Former M&A at Nomura, early-stage VC at Backed VC, and growth-equity / secondaries investor at Target Global. I write about investors, fundraising, and deal advisors from the deal-side perspective I spent years in.
How to stop clients from uploading your reports to ChatGPT
Last updated: July 2026 · Last verified: July 2026
I'm Sean Yu, co-founder of Peony, a data room company. One of the people who moved onto Peony recently is an environmental professional — the kind who authors Phase 1 Environmental Site Assessments under ASTM E1527-21, the couple-hundred-page reports (narrative plus an EDR database appendix that routinely pushes the file toward 400 pages) that lenders and buyers rely on before a property changes hands. He didn't come to us worried about hackers. He came to us because his own clients were the leak.
Here is the pattern he described, and it is the reason this post exists. He would email a finished Phase 1 as a PDF. Somewhere on the client's side — usually a junior at the lender or the buyer's counsel — someone would drag that PDF into ChatGPT and ask it to "review this report for anything missing." The model, statistically eager to find something, would produce a tidy list of plausible-sounding "gaps." And back it would come to him: a busy-work email demanding he address a dozen issues, most of which were hallucinated, several of which the report already covered on pages the client had never opened. He would then spend unbilled hours rebutting a machine's guesses about his own work. What he wanted was simple and, until recently, oddly hard to buy: read-on-this-link-only delivery. No download. No screenshots. The client reads the whole report; the client never holds the file.
Quick answer: You cannot stop a client from uploading your report to ChatGPT with a policy — a policy depends on whoever opens the file on the client's side reading and honoring it — often the same person who reflexively pastes a PDF into an AI tool. You stop it by not handing over a file at all. Deliver the report as a view-only link with downloads off, so the recipient reads it in the browser and there is no source PDF to upload. Add a per-viewer watermark so any capture is attributable, page-level analytics so you see what was actually read, and revocation so access ends when the engagement does. The claim is not "AI-proof" — it is that you remove the easy path and make the hard paths traceable. In Peony, that is a few settings on one link; screenshot protection is on the Business plan at $30 per admin per month and dynamic watermarking is on the Data Room plan at $52 per admin per month, with every recipient free.
This is a document-security post written for a specific kind of professional: the environmental consultant above, and right alongside them the commercial appraiser, the structural engineer, and the specialist consultant whose deliverable is a long, reasoned, copyrighted report that a client pays for and then, increasingly, feeds to a model. The thesis is blunt. The moment your report leaves as a file, you have licensed the whole internet to review it. An AI-use policy cannot fix that. Not handing over the file can.
Clients keep running my reports through ChatGPT and sending me AI busy-work — what actually stops it?
What stops it is removing the file, not writing a rule. The busy-work cycle has a mechanical cause: the client possesses a downloadable PDF, and a downloadable PDF is one drag-and-drop away from an AI tool that will manufacture a critique on request. Break that one link in the chain — make the report readable but not downloadable — and the most common source of these letters disappears, because the person who would have pasted the file has nothing to paste.
It helps to be precise about why the AI critique is so often noise. A large language model asked to "find what's missing" in a technical report is not auditing it against ASTM E1527-21; it is predicting text that looks like a plausible list of gaps. It will confidently flag a "missing" historical-use review that is sitting in the appendix, or invent a standard that does not exist. This is not a hypothetical failure mode — courts are already policing it. In Kohls v. Ellison (District of Minnesota, January 2025) a federal judge excluded the declaration of a Stanford misinformation expert because it contained AI-hallucinated citations to sources that did not exist. Two years earlier, Mata v. Avianca sanctioned attorneys who filed a brief citing six ChatGPT-fabricated cases. The trend is large enough to track: Damien Charlotin's AI Hallucination Cases database now catalogs well over 1,000 US cases and rising. Courts treat unverified AI output as noise. You are entitled to do the same with an AI-generated critique of your report — more on the exact rebuttal protocol below.
But the cleaner fix is upstream of the argument entirely: if the report is delivered so it cannot be downloaded or copied, the automated-critique path is mostly closed before it starts. That is a distribution-control problem, and distribution control is the whole of this post.
Does ChatGPT keep a copy of the PDF you upload?
Sometimes, for longer than your client assumes — which is exactly why you should not rely on their settings. The details matter, so here they are carefully.
On consumer ChatGPT (Free, Plus, Pro), the content of a file uploaded during a chat can be used to train models by default; a user has to turn off "Improve the model for everyone" in Data Controls to opt out, and the same applies specifically to file uploads. The business tiers are different: ChatGPT Team, Enterprise, and the API are not used to train models by default. Anthropic's Claude splits the same way — its consumer terms announced August 28, 2025 train on chats unless the user opts out (opting in extends retention to five years versus 30 days), while Claude for Work and the API do not train by default.
On retention, be accurate, because the story changed. In the New York Times v. OpenAI litigation, a broad order to preserve all output logs — including deleted chats — was terminated by an order dated October 9, 2025. So the "your upload is kept forever" framing is now outdated. But two things remain true: logs already saved during that preservation window still exist, and on January 5, 2026 a judge affirmed OpenAI must produce a 20-million-log sample to plaintiffs. So "a report your client uploaded to a consumer account may persist longer than they think, and may surface in litigation" is fair; "it is kept forever" is not.
Now the point that matters for your workflow: you control none of this. You cannot see, let alone set, which tier anyone on the client's side is using or whether they toggled Data Controls. The only variable you actually govern is whether a file capable of being uploaded ever leaves your hands. Control the distribution and the retention question becomes moot.
Why view-only delivery with downloads off means there is no file to upload
Because the leak begins with possession, and a view-only link removes possession. This is the mechanism the whole post turns on, so it is worth walking the paths a report can take into an AI tool and seeing which ones a read-only link actually closes.

The four routes a report travels into a model — uploading the source file, copy-paste, screenshot-and-OCR, and retyping or photographing the screen — and which delivery controls close or narrow each one.
A report reaches ChatGPT by one of four routes. Uploading the source file is by far the most common and the highest-fidelity — the entire PDF, appendix and all, in one drag. Copy-paste lifts the text without the file. Screenshot-then-OCR captures the rendered pages as images and reads text back out. And retyping or photographing the screen reconstructs the content by hand or with a phone camera.
A view-only browser link with downloads off does something specific to that list. It eliminates the first path entirely — there is no source file to upload, because the report only ever renders in the browser and is never delivered as a PDF. It blocks copy-paste, because the viewer disables text selection and copy. With screenshot protection on, it blocks the OS screenshot shortcuts, screen-recording tools, and capture extensions that power the OCR path in modern desktop browsers. That is not a marketing flourish — a secure viewer's control ends at the browser, and we are candid about exactly where it ends in the next section. What survives is the fourth path, the slow manual one — and that is where watermarks and analytics come in. The logic is simple: the easy, high-fidelity path (upload) is gone, and the remaining paths are laborious and traceable. For the deeper mechanics of the no-download posture across use cases, see our secure client file sharing guide.
What a view-only link cannot stop — and what it does instead
A view-only link is not magic, and any vendor who tells you otherwise is selling you a liability. Here is the honest boundary. No software can block a phone camera pointed at a screen — the operating system, let alone the browser, has no reach over a second device photographing the display. A view-only link also cannot stop a person retyping what they read, reading the report aloud into an AI voice tool, or summarizing from memory into a chatbot. And a newer wrinkle: agentic AI browsers that read whatever is on the screen sit in the same category as a determined human — they can process what is rendered in front of them.
So the claim is deliberately narrow. A view-only link removes the easy, high-fidelity path — the one-drag upload of your full PDF that produces most AI busy-work — and it makes the hard paths traceable and deterred. It does not make your report "AI-proof," and I will not pretend it does. What it does instead:
- Per-viewer dynamic watermarks stamp every page with the specific viewer's email and a timestamp, so a photo or a retyped excerpt that surfaces points back to the exact account it came from. This is the strongest practical deterrent precisely because it changes the calculus — "let me just photograph this" becomes "do I want my name burned into that image." See our dynamic watermarking guide for how per-viewer marks differ from a static "CONFIDENTIAL" stamp, and the watermarks feature page for the mechanics.
- Page-level analytics show exactly which pages a viewer read and for how long, so an unexpected second viewer or an odd access pattern is visible to you — the page analytics feature turns a delivery into something you can watch.
- Revocation ends access the instant you need it to, for everyone holding the link — revoke access is a click, not a recall attempt.
For the specific case of phone photography — the one path no software touches — we wrote a dedicated piece on how to deter phone photos of documents with watermarks and access design, and our broader screenshot protection guide is candid about the same physics: you defeat casual capture and you make deliberate capture personally risky, not impossible.
Your clients' own advisors already live under a no-upload duty — you're just matching the standard of care
If you feel precious asking a client not to feed your report to an AI, don't. The professionals sitting around that client — their lawyers, their appraisers, their accountants — are already bound by rules that forbid exactly this, and their insurers are starting to enforce it. You are not being difficult; you are matching an emerging standard of care.
The lawyers got there first. ABA Formal Opinion 512 (July 29, 2024) tells attorneys they must consider the risk of a self-learning generative-AI tool before inputting client information, and that client informed consent may be required — a genuine explanation of the risk, not boilerplate. The appraisers followed: the Appraisal Foundation's Appraisal Standards Board adopted Advisory Opinion 41 ("Use of Technology") on April 23, 2026, with the operative logic that if an appraiser "cannot take reasonable steps to safeguard confidential information ... such information must not be entered into the tool." Accountants are covered too: AICPA Code §1.700.001 bars disclosing confidential client information without consent, and 2025–26 guidance explicitly warns against pasting client data into public AI.
And the insurers are pricing it in. Errors-and-omissions carriers are adding AI exclusions to design-professional policies — Berkley's absolute AI exclusion names ChatGPT by name, and Verisk's forms CG 40 47 and CG 40 48 take effect January 1, 2026 — while holding professionals liable for AI outputs they incorporate. Read those together and the environment is clear: the people your report is delivered to already operate under duties not to upload confidential material, and their coverage increasingly assumes they won't. Delivering your work product view-only isn't a quirk. It's you meeting the same bar your clients' advisors are held to.
How to answer an AI-generated critique letter without losing an afternoon
When the AI busy-work email still arrives — and occasionally it will, via the paths a link can't close — answer it like a professional handling unverified evidence, not like a defendant. The goal is to spend your billed time on real issues and none of it on hallucinations. Here is a three-step protocol I have not seen written down anywhere else, which is exactly why it is worth adopting.
- Demand the citation. For every claimed "gap," ask the client to identify the specific standard, regulation, or section of your report the claim relies on. An AI-generated critique almost never survives this, because the model produced a plausible sentence, not a sourced finding. "Which section of ASTM E1527-21 requires what you say is missing?" ends most of the list on its own.
- Answer only what survives. Address the claims that come back with a real citation — some will, and those deserve a proper reply. Ignore, politely and in writing, the ones that evaporated in step one; you note that they could not be tied to any standard or to the report, and you move on.
- Offer a billed addendum for anything genuinely new. If the exercise surfaced a real question outside the original scope — a new records request, an additional interview — that is not a defect in your report; it is additional work, and you quote it as a reliance-letter add-on or a scoped addendum. The critique becomes revenue instead of unbilled rework.
This protocol pairs with the delivery control rather than replacing it. Page-level analytics make step one even sharper: when you can see the client never opened the pages that supposedly contain the "gap," the conversation is over before it starts. And because most of these letters were generated from a downloaded PDF, cutting off the download cuts off most of the letters — the protocol is for the residue, not the main event.
View-only link vs password-protected PDF vs email attachment
The honest comparison is about one question above all: does the file leave your control, and can the recipient upload it to an AI tool? Here is how the common delivery methods actually behave.
| Delivery method | File leaves your control? | Recipient can upload it to AI? | Screenshot blocking | Per-viewer watermark | See pages read | Revoke after send |
|---|---|---|---|---|---|---|
| Email attachment | Yes — instantly and permanently | Yes — the full PDF, one drag | No | No | No | No |
| Password-protected PDF | Yes, once opened | Yes — once the password is typed it's a normal file | No | No | No | No |
| Google Drive view-only | Downloads can be off, but no real containment | Weak — "view-only" text stays copyable via workarounds | No | No | No | Partial (remove access) |
| DocSend | View-only, downloads can be off | Reduced — tracking + download-off help | No | No | Yes (tracking) | Yes |
| Peony view-only link | No — renders in browser, no PDF handed over | No easy path — no source file to upload | Yes (Business) | Yes (Data Room) | Yes (page-level) | Yes (instant) |
A few honest notes on the rows. A password-protected PDF gates opening, nothing more — once the recipient types the password, they hold an ordinary file they can save and upload, and in practice the password is usually shared right alongside the file, so it protects almost nothing against the client you sent it to. Google Drive view-only can disable downloads, but it has no watermarks, no page-level analytics, and no screenshot blocking, and "view-only" Docs text remains copyable through known workarounds — treat its containment as weak. DocSend does the tracking-plus-download-off job well and is a genuine step up on an attachment, but it offers no screenshot protection and no dynamic per-viewer watermarks, so a captured page is neither blocked nor attributable. Installed-DRM tools in the Locklizard mold do give real post-download control, but they force your recipient to install viewer software — the wrong tradeoff for a client deliverable, where the whole point is that the lender's counsel clicks a link and reads. The row that closes the upload path is the one where no file is handed over at all.
How to deliver a report view-only in Peony (step by step)
Here is the exact walkthrough the environmental professional above now runs for every Phase 1. It takes minutes — Peony's median setup time is 4 minutes 19 seconds — and it is entirely browser-based, so nobody on the client side installs anything.
- Upload the report to a Peony room named for the engagement — "123 Main St — Phase 1 ESA," "Client X — Appraisal." The room is the container; the report lives inside it, not in an inbox.
- Create a link per recipient or per visitor group. Give the lender, the buyer's counsel, and the client their own links or groups, so you can see each separately and grant each only what they should see.
- Require email verification against an allow-list. Access is granted to named addresses or trusted domains only — no anonymous "anyone with the link," so an unexpected viewer is immediately visible as one.
- Switch downloads off. This is the load-bearing setting: the report becomes readable in the browser and non-downloadable, which is what removes the source file from the upload path.
- Turn screenshot protection on. On the Business plan, the viewer blocks OS screenshot shortcuts, screen-recording tools, and capture extensions in modern desktop browsers (Chrome, Edge, Safari, Firefox) — closing the screenshot-to-OCR route. It does not stop a phone camera; nothing does.
- Turn the dynamic watermark on. On the Data Room plan, every page carries the viewer's email and a timestamp, so any capture that does get out — a photo, a retyped excerpt — traces back to one account.
- Set an expiry. Access closes automatically at the end of the reliance period or the engagement, so a report doesn't quietly stay open for months.
- Send one link. Not the file — the link. If you revise the report, you replace the file behind the same link and nobody re-downloads anything.
- Watch page-level analytics. See who opened it, which pages they read, and for how long — your early-warning system for both forwarding and incoming AI critiques.
- Revoke when the engagement ends. One click ends access for everyone. Revocation is what makes delivery something with a defined end rather than a permanent release.
This is the workflow 5,900+ teams on Peony use to control exactly what they share and see how it lands — and for the specialist consultant with one or two people who actually send reports, the per-admin model means only those seats are paid; every client who receives a link is free. If your work is Phase 1 ESAs specifically, the environmental consultants solution page covers the vertical, and the buyer's side of that same document — how acquirers run environmental due diligence — is worth understanding, since those are the readers uploading your report.
Pair it with a no-AI-upload clause in your engagement letter
Belt and braces: add one sentence to the engagement letter so the expectation is contractual, not just technical. A workable clause reads roughly — "This report is provided for [Client]'s internal use in connection with the subject transaction. It may not be uploaded to, or processed by, any third-party artificial-intelligence or machine-learning tool, and may not be redistributed or relied upon by any other party without the author's written consent." That mirrors the informed-consent logic behind ABA Opinion 512: you are not burying a prohibition in boilerplate, you are stating the risk plainly. The clause and the view-only link do different jobs — the clause tells them not to, the link makes it so they can't — and used together, each covers the other's gap.
How much does view-only report delivery cost for a small firm?
Less than one AI-rebuttal cycle, which is the only comparison that matters. Peony has a Free tier, so you can deliver view-only links with downloads off at no cost and start closing the upload path today. Two paid plans add the controls this post describes:
- Business — $30 per admin per month. Screenshot protection, download prevention, a Simple NDA, advanced analytics, AI document Q&A, and unlimited e-signatures.
- Data Room — $52 per admin per month. Everything in Business plus dynamic per-viewer watermarking, an Advanced NDA (signed PDF plus audit trail), Screenshield, granular permissions, unlimited storage and file size, and a full audit trail.
Every recipient is free on every plan — the lender, the counsel, the client, all of them — so your bill is bounded by the one or two people at your firm who send reports, not by how many people read them. Now the ROI, in the terms that actually apply to a professional-services firm. A single AI-generated critique that pulls you into a 3-to-6-hour rebuttal cycle at your billing rate costs more than a full year of the Business plan. Deliver 30 reports a year and get dragged into even a couple of those cycles, and view-only delivery has paid for itself several times over — before you count the distribution control on copyrighted work product and the analytics that tell you who read what. That math is why 5,900+ teams run controlled sharing here, and why the platform's 99.96% uptime since August 2025 matters: the link your client relies on has to be up when they open it.
Frequently asked questions
How do I stop clients from uploading my report to ChatGPT?
You stop it at the source: don't hand over a file at all. Deliver the report as a view-only link with downloads turned off, so the recipient reads it in the browser and never holds a PDF to drag into ChatGPT. An AI-use clause in your engagement letter asks people not to upload; a view-only link means there is nothing to upload in the first place — the two together are belt and braces, but the link is the one that actually controls distribution. In Peony you upload the report, create a link scoped to the client's email, switch downloads off, turn on screenshot protection and a dynamic per-viewer watermark, set an expiry, and send that one link. The client reads the whole report; they just never possess the source file. Screenshot protection is on the Business plan at $30 per admin per month and dynamic watermarking is on the Data Room plan at $52 per admin per month, and every recipient is free.
Does ChatGPT keep a copy of a PDF my client uploads — and can it end up in training data?
On consumer ChatGPT (Free, Plus, Pro) the content of an uploaded file can be used to train models by default; a user has to turn off "Improve the model for everyone" in Data Controls to opt out. ChatGPT Team, Enterprise, and the API are not used for training by default, and the same split holds for Anthropic's Claude — consumer chats train unless the user opts out (a change announced August 28, 2025), while Claude for Work and the API do not. On retention: the broad court order in the New York Times v. OpenAI case that required preserving all output logs was terminated on October 9, 2025, so the "kept forever" framing is outdated — but logs saved during that window still exist, and on January 5, 2026 a judge affirmed OpenAI must produce a 20-million-log sample to plaintiffs, so a report uploaded to a consumer account may persist longer than your client assumes. The honest takeaway: you cannot control the retention settings of a tool your client uses, so the reliable fix is to make sure the file never reaches it. A view-only Peony link with downloads off does exactly that.
Clients keep running my reports through ChatGPT and sending me AI-generated critiques — how do other consultants handle it?
The consultants who have stopped the busy-work did two things: they changed how the report is delivered, and they changed how they answer the critique. Delivery first — when the client's junior can't download the file, they can't paste it into ChatGPT to auto-generate a list of "gaps," which removes the easy path that produces most of these letters. Then, for any critique that still arrives (read aloud, retyped, or reasoned from memory), they use a three-step protocol: ask which specific standard or report section each claimed gap cites, answer only the claims that survive that test, and offer a billed addendum for anything genuinely new. Courts already treat unverified AI output as noise — in Kohls v. Ellison (January 2025) a federal judge excluded an expert declaration because it contained AI-hallucinated citations to sources that did not exist. You are allowed to hold an AI-generated critique to the same standard. In Peony you deliver the read-only link, and page-level analytics show you exactly which pages the client actually read before the critique landed — which is often the fastest way to see the "gap" was never opened.
I deliver 300-page Phase 1 ESAs — what's the best way to send a report so the client can read it but not download or copy it?
Send it as a view-only browser link with downloads, printing, and copy turned off, gated to the client's verified email — not as an emailed PDF. A several-hundred-page Phase 1 ESA with its EDR appendix is precisely the document you do not want circulating as a loose file, both for AI-upload reasons and because uncontrolled reliance erodes your reliance-letter revenue. A view-only link means the lender, the buyer's counsel, and the client all read the same report in the browser, and none of them ends up with a PDF to forward or upload. In Peony the setup is: upload the report, create a link per recipient or per visitor group, require email verification against an allow-list, switch downloads off, turn screenshot protection on, add a dynamic per-viewer watermark, set an expiry, and watch page-level analytics. Median setup time on Peony is 4 minutes 19 seconds, so this is an afternoon change, not a project. We cover the full ESA delivery workflow in our Phase 1 ESA report delivery guide.
How can I track whether a client shared my report — or which pages they actually read?
Page-level analytics give you both. Instead of a delivered-and-gone email attachment, a view-only link records who opened the report, when, from where, how long they spent, and which pages they actually viewed — so you can see whether the client read the conclusions or just the cover, and whether a second, unexpected viewer appeared. If the report is opened by someone outside your allow-list, that is your signal it was forwarded, and you can revoke the link on the spot. A dynamic watermark adds attribution on top: every page carries the viewer's email and a timestamp, so any screenshot or photo that surfaces points back to the exact account it came from. In Peony, analytics are on every plan including the free tier; dynamic per-viewer watermarking is on the Data Room plan at $52 per admin per month. Together they turn a report from a file you lose sight of into a delivery you can see and, if you need to, shut off.
Is it legal for a client to feed my copyrighted report into an AI tool?
Your report is copyrighted work product — an instrument of service — and uploading it to a public AI tool can be framed as unauthorized reproduction; copyright infringement does not even require intent, and law-firm commentary has flagged that pasting confidential or third-party documents into a public model can breach both policy and IP rights. But "can I sue over it" is the wrong question to build a workflow around, because by the time you would litigate, the report is already in the tool and the busy-work is already on your desk. The durable protection is not a legal threat after the fact; it is not handing over a file that can be uploaded in the first place. A view-only link with downloads off keeps the copyrighted document inside your control, so the copyright question mostly never arises. In Peony that is one setting on the link, and the report reads normally for the client — they simply never hold a copy they could reproduce.
Is a password-protected PDF enough to stop clients from uploading my report to AI?
No. A password only gates opening the file; the moment the recipient types the password, they have a normal PDF that can be saved anywhere and dragged straight into ChatGPT. Worse, in practice the password is usually shared in the same email as the file — or in the very next message — so it protects almost nothing against the person you sent it to. Password protection defends against the wrong threat: a stranger intercepting the file in transit, not your own client's junior uploading it after they legitimately open it. A view-only link is a different mechanism entirely — there is no file that leaves your control, so there is nothing to upload regardless of who has the password. In Peony you can still add an access password or email verification on top, but the load-bearing control is downloads-off plus screenshot protection, which a password-protected PDF cannot offer once it is open.
Do AI companies train on the documents people upload to them?
On consumer tiers, yes by default. OpenAI states that content in a file uploaded during a chat can be used to train models on Free and Plus unless the user opts out in Data Controls, and Anthropic's consumer terms (announced August 28, 2025) train on chats unless the user opts out — with opting in extending retention to five years versus 30 days. The business tiers are the exception: ChatGPT Team, Enterprise, and the API, and Claude for Work and the API, are not used for training by default. The problem for you is that you have no idea, and no control over, which tier your client's junior is using — and the safe assumption is the free consumer one. That is the whole case for controlling distribution rather than trusting settings: if the report never becomes a file the client can upload, its training status is moot. A view-only Peony link with downloads off is how you make that true without asking your client to audit their own AI configuration.
Can I revoke access to a report after I've already sent it?
Yes — that is one of the biggest differences between a link and a file. An emailed PDF is gone the instant you hit send; you cannot recall it, expire it, or stop it being forwarded. A view-only link stays under your control: when the engagement ends, the reliance period lapses, or you spot an unexpected viewer, you revoke the link and the report goes dark for everyone holding it. You can also set an expiry up front so access closes automatically on a date you choose. In Peony, revocation is instant and link expiry is built in, so "the deal is done, please stop reading my report" is a click rather than a hope. Combined with page-level analytics — which tell you when access has genuinely served its purpose — revocation lets you treat delivery as something with a defined end, not a permanent, uncontrolled release of your work product.
Is view-only delivery worth it for a small firm that only sends 30 reports a year?
Almost certainly, because the math is driven by rebuttal hours, not report volume. A firm sending 30 Phase 1 ESAs a year that gets pulled into even a handful of AI-generated "you missed this" critique cycles is losing unbilled time at its professional billing rate — and a single 3-to-6-hour rebuttal cycle costs more than a full year of the Business plan at $30 per admin per month. You are not buying a data room for 30 reports; you are buying back the afternoons you currently spend rebutting hallucinated gaps, plus distribution control on copyrighted work product, plus analytics that tell you who actually read the file. Peony also has a free tier, so you can deliver view-only links with downloads off at no cost and add screenshot protection or watermarking only when a report warrants it. For a lean firm, the per-admin model fits: you pay for the one or two people who send reports, and every client who receives them — all 5,900+ teams on Peony work this way — is free.
Should I add a no-AI clause to my engagement letter as well?
Yes — pair it with the delivery control; they do different jobs. A clause sets the expectation and gives you a contractual footing if a client uploads your report anyway; the view-only link removes the practical ability to do so. A clause alone is the weaker half, because it depends on a client's junior reading and honoring it, which is exactly the person who reflexively pastes a PDF into ChatGPT. A workable clause states that the report is provided for the named client's internal use, may not be uploaded to or processed by any third-party AI or machine-learning tool, and may not be redistributed without written consent — which mirrors the informed-consent logic behind ABA Formal Opinion 512, where a professional must genuinely explain the risk of feeding confidential material into a self-learning tool rather than rely on boilerplate. Then deliver the report as a view-only Peony link so the clause and the control reinforce each other: you have told them not to, and you have made it so they can't.
Related Resources
- Phase 1 ESA Report Delivery — the full view-only delivery workflow for environmental professionals
- Peony for Environmental Consultants — the vertical solution for ESA and site-assessment firms
- How to Deter Phone Photos of Documents — the one capture path no software can block, and how to make it traceable
- How to Protect PDFs from Screenshots — the honest physics of screenshot protection
- Dynamic Watermarking Complete Guide — per-viewer marks versus a static "CONFIDENTIAL" stamp
- Secure Client File Sharing — the no-download posture across client deliverables
- Watermark Comparison — how watermarking approaches stack up
- Peony Pricing — Free, Business ($30/admin/month), and Data Room ($52/admin/month), recipients always free
You might also like
Jun 5, 2026
How to Protect Course Materials From Theft, Leaks, and Counterfeiting (2026)
Jun 8, 2026
Can You Stop Phone Photos of Confidential Documents? (And What Actually Works)
Apr 30, 2026
How to Block Pitch Deck Screenshots on Mac and iPhone (2026)

