AI and Your Obsidian Vault — Practical Advice to Protect Your Privacy

Obsidian Observer
Published in
6 min readApr 12, 2023
AI-Generated image of a researcher, reading and taking notes

I am enjoying playing with AI in my Obsidian Vault. I am using several plugins that enable various levels of use of GPT-3 (Text Generator) and chatGPT (Smart Connections).

What I find of tremendous value is having AI as a brainstorming partner in my research, thinking, and writing.

AI is my brainstorming partner, not the researcher or author — that is my role

Also, chatGPT does amazingly well for language translation. I often unintentionally write in two languages and I am always amazed at how the AI understands it.

I am just beginning with AI in Obsidian, so I want to be cautious about offering you my dear reader any advice on this subject, but a few things became obvious very early in my testing that I think will be useful to you, so I decided to write about it.

Don’t Fear AI in Your Vault

I have to admit that one of my concerns was giving AI access to my vault which contains confidential information on projects, customers, and friends.

However, with some experimentation, I saw that this fear was unwarranted if you take simple but necessary precautions.

The developers behind most Obsidian plugins tend to be very honest, hardworking, and generous individuals who have the same concerns about privacy and confidentiality. In other words, I have a high level of trust in the developers in the Obsidian community.

Smart Connections AI plugin being used in research in Obsidian

But as I said, precautions are warranted. My initial advice for safely using AI in your vault is:

  • define boundaries
  • read the fine print (the documentation)

Let us get into each of these points.

Confidentiality and Exclusions

TIP 1: Define clear boundaries for confidential data, that is to say, understand selection context and file/folder exclusions

It is important to remember that these plugins are sending “some” information from Obsidian to various artificial intelligence services like OpenAI.

However, this does not mean that all your data is sent. Most of these plugins give you granular control over what is sent to the AI.

For example, you can send all the text from the active note or just the current selection of text in the active note. Or in some cases, you can even have your entire vault indexed by the AI if you so choose.

So tip #1 is to make sure you understand what data you are sending to AI. Scope the data AI is given!

Most of these tools make it clear what is being sent to AI:

  • It could be only the currently selected text
  • It could be just the contents of the active note
  • It could be just a folder from your vault
  • It could be all your notes, with defined exclusions

This last bullet is the most important, understanding what is not sent.


Most of these plugins allow you to define folders to be excluded from being processed by the AI service. In other words, with these exclusions defined, the contents of those folders are ignored. This is useful when you have very private content in your folders.

For example, the Smart Connections plugin takes the concept of exclusions a few steps further by offering even more fine-grained control over excluding content (1) from folders, (2) specific files, (3) path matching definitions, and (4) headers.

Smart Connections exclusions options

Let me share with you a few personal strategies I have implemented in setting boundaries.

First, I isolate information that I consider confidential to specific folders in my vault and then exclude those folders from being processed by AI plugins.

Additionally, as an added mental “trigger”, whenever I do use one of the AI features, I intentionally pause and think about what am I doing and ask myself:

  • Is this a file or information I don’t mind being transmitted beyond my vault?
  • If this information were accidentally leaked one day, could it create a problem for my customers or friends?

If I have any hesitation, I stop what I am doing and reevaluate my next steps.

Sidebar: help feed the hungry writers. If you enjoy my writing, please give some thought to supporting my work. Follow me here on Medium, or better yet, sign up for a Medium membership and help support all your favorite writers using my referral link: or if you literally want to feed me, buy me a coffee at: Your support is appreciated!

Read and Understand

TIP 2: Read the plugin documentation thoroughly to understand what it is doing.

I know this is obvious, but it can’t be overstated. You need to understand what these tools are doing which means reading the documentation for the plugin. Sadly, in these times, people just hate reading documentation. However, if using AI you can’t skip reading the documentation.

Also, I have to admit the documentation for these plugins can be a bit confusing, as they assume a depth of AI knowledge, when in fact most of us don’t have. Most of us are new to AI, its terminology, and its methods: so we are far from being experts, we are mostly hobbyists.

Also, let us be honest, plugin developers are not always the best at documenting things, including myself 🤓.

Regardless, the responsibility is on us as users to understand these tools which means thoroughly reading the documentation. Ten to twenty minutes of your time is a small price to pay for an adequate understanding of what these tools are doing in your vault and to put the necessary safeguards in place.

The more confidential your data is, the more rigorous you need to be in understanding what these tools are doing.

Text Generator plugin documentation

What are some questions I ask myself while reading the documentation?

  • What AI services does the plugin use?
  • What are the privacy policies of the AI service being used?
  • What are the contexts in which the plugin works? In other words, what content is sent and what content is not sent from my vault?
  • How do I define (limit the scope) of what is sent to AI?
  • Does the developer convey in their approach that they respect the user’s right to understand and define how their data is used? (if not, I say bye-bye)
  • Does the developer interact with their users? (Twitter, Discord, Forums, etc.)

One of the delights in reading the documentation is you get insight into the mind of the plugin’s developer and you often see their passion for the future of AI and love for Obsidian. The net result is we can learn a lot from these gifted developers who share a similar passion for Tools for Thought.

Give it a Try!

Perhaps you have been hesitating in giving AI a try in Obsidian, but I have to tell you if you are not using AI I think you are missing out. Do your “future self” a favor and get started now, even if it's baby steps into AI.

It took me a few weeks of daily use, but having an AI brainstorming partner at your side makes note-taking more pleasant and productive.

Let me know in the comments about your experience with AI in Obsidian, and also let me know if you would me to write more about this subject.

A Final Note to AI Plugin Authors

I think one thing that would help us in the future is if plugin developers would seek help from 3rd party reviewers to audit their code for privacy concerns. In other words, getting others in the community with an established track record to review the plugin’s code to verify it is doing what it says it does. This might help reduce the fears of some users in using AI in their vault.

If any AI plugin authors would like help with this, I make myself available for plugin code reviews. I would review the security aspects of the plugin. If interested, DM me on Twitter.

Thank you for reading this article. Please check out more of my work at



Obsidian Observer

Exploring Tools for Thought with a focus on Obsidian & popular TfT Tools. Find out more about my work at