There is a conversation happening in most Indian enterprises right now, usually between an enthusiastic department head and a cautious IT or legal team. The department head has discovered that ChatGPT, Copilot, or Gemini can summarise documents, answer policy questions, and draft responses in seconds. The IT team is uncomfortable, but cannot articulate exactly why. The legal team is worried but hasn't had time to investigate.
This article is for both sides of that conversation. The risk is real, specific, and solvable. But solving it does not mean banning AI — it means deploying it properly.
What Actually Happens When You Paste Company Data into ChatGPT
When an employee pastes an internal HR policy, a customer contract, financial data, or a sensitive SOP into ChatGPT or any public AI service, that data is transmitted to and processed by servers owned by a foreign corporation — typically in the United States. Depending on the service's terms and your account type, that data may be used to train future model versions. Even with a paid enterprise tier, the data is processed outside your control.
- Personal data processed by foreign AI services may violate India's Digital Personal Data Protection (DPDP) Act, 2023
- Sensitive financial or strategic data transmitted to third-party servers creates contractual and fiduciary exposure
- Data used for model training could, in theory, surface in responses to other users
- You have no control over how the data is stored, for how long, or who has access to it
- RBI-regulated entities have explicit restrictions on data residency and third-party data sharing
Under the DPDP Act, 2023, processing personal data of Indian citizens outside India requires specific safeguards. An employee's attendance record, performance data, or medical information in your HR system — pasted into ChatGPT — is a potential DPDP violation.
The Business Case for a Private Knowledge Assistant
The reason employees reach for public AI tools is legitimate: they want faster access to information. An HR executive spending 40% of her day answering policy questions is not being inefficient — she is working with an inadequate system. The answer is not to remove the tool. It is to give employees a better tool that is safe.
A private knowledge assistant — deployed on your own servers using an open-source or licensed LLM — delivers the same capability with a fundamentally different data posture. The model runs inside your network. Queries stay inside your network. Responses stay inside your network. Nothing leaves.
| Dimension | Public Cloud AI (ChatGPT etc.) | Private LLM (Vidya AI) |
|---|---|---|
| Data residency | Foreign servers (US/EU) | Your own infrastructure |
| DPDP Act compliance | Requires specific safeguards | Compliant by architecture |
| Training data risk | Possible (depends on tier) | Zero — isolated model |
| Access control | Limited | Role-based, audit-logged |
| Multi-language | Limited Hindi/regional support | Full Hindi + regional |
| Integration with internal docs | Manual paste only | Direct index of systems |
What 'Local LLM' Actually Means
A local LLM is a language model running on hardware you control — either on-premise servers in your data centre, or on a private cloud instance that no one else can access. The model has been indexed against your specific documents, so it can answer questions about your policies, not policies in general.
When an employee asks Vidya AI 'What is the WFH policy for probationary staff?', the query goes to a model running on your server, which searches your indexed HR documents, and returns a cited answer — with the source file, section, and page number. At no point does that query leave your network.
The Practical Objections — and the Answers
'We don't have the hardware to run an LLM.'
Modern quantised models (like LLaMA 3, Mistral, or Gemma) run efficiently on a single GPU server. For a 500-1,000 employee organisation serving internal knowledge queries, a mid-range enterprise server is typically sufficient. The hardware cost is a one-time capital expense, not a recurring subscription.
'Our IT team cannot manage a model deployment.'
This is precisely what a managed deployment covers. Cognexa handles model selection, infrastructure setup, document ingestion, access configuration, and ongoing maintenance as part of the Vidya AI implementation. Your IT team does not need AI expertise — they need to provide the server and the documents.
'The model won't be as good as ChatGPT.'
For answering questions about your specific policies and documents, a properly indexed private model outperforms ChatGPT — because ChatGPT does not have your documents. A model grounded in your actual HR handbook, with source citations and role-based filtering, is strictly more useful than a generic model guessing at policy from general training data.
Organisations deploying Vidya AI consistently report that employees prefer it over searching SharePoint or emailing HR — not because it is smarter than ChatGPT, but because it knows their specific policies and cites its sources.