Agent memory for small teams: what your AI tools remember across clients, and the 30-minute hygiene routine

The memory features in ChatGPT, Claude, Notion AI, Cursor, and your customer-service bot can carry context from one client into work for another. Most small teams have never sat down and checked what their tools retain across engagements. This piece is the 30-minute Monday routine to do that check.

The enterprise version of the same question is at AM-170, which covers the data-retention, residency, and audit-evidence pipeline that most 2026 enterprise programmes have not built. The small-team version is faster and uses the tools you already pay for. The risk is not regulatory enforcement; the risk is the client conversation when Client B sees a fragment of Client A’s work in a draft your AI tool helped you produce.

Two layers of memory, one operator confusion

The tools have two layers, and the configuration discipline differs for each.

The explicit memory layer is the feature labelled “memory” in the settings. ChatGPT memory is the longest-running example, documented in the OpenAI Memory FAQ; the ChatGPT Team-tier FAQ describes the workspace controls. Anthropic shipped a Claude memory tool to API customers in late 2025 via the Claude API memory tool documentation and extended a Memory feature to free-tier Claude.ai in early 2026. This layer is visible. You can see it in the UI, you can clear it, you can toggle it.

The implicit context layer is harder to see. Notion AI honours existing Notion permissions, which means when you ask a Notion agent a question, the agent’s answer can draw from any page you have access to across the workspace. If you are a workspace admin (typical for solo founders and small-team owners), that is every page. Cursor reads .cursor/rules files in the open repo and prior chat in the same session. Customer-service bots like Intercom Fin or Zendesk AI are per-workspace by design; the memory boundary is the workspace, not the brand or the client.

The operator confusion is treating the two layers as one. Turning off ChatGPT memory does not change what Notion AI surfaces. Clearing Claude memories does not change what Cursor’s .cursor/rules file remembers. The 30-minute routine handles both layers, per tool.

What each tool actually remembers, with current defaults

Each line below is checked on 26 May 2026; the defaults shift, so re-check on the next renewal.

ChatGPT memory (OpenAI Memory FAQ) is a persistent user-level store. It writes facts you tell it to remember and facts it infers from your conversations. It also references your prior chat history (a separate feature). Both can carry context across client conversations unless you use Temporary Chat, which writes neither memory nor chat-history-reference data.

Claude memory and Projects (Anthropic news index for the rollout, Claude memory tool docs) work differently. Claude Projects are workspace-scoping containers; uploaded project knowledge and custom instructions are available to every new conversation within the project, but individual conversations are not automatically shared with each other. The Claude memory feature on consumer Claude.ai is a separate cross-conversation store. Both are explicit and toggleable; the configuration question is which to use for which client.

Notion AI (Notion’s AI security practices, Notion AI FAQs) inherits Notion permissions. The implication for a workspace running multiple clients in one workspace is that the AI’s answer is bounded by the asker’s access, which for the owner is usually the whole workspace. The per-source connection controls and per-page permissions are the configuration tools; teamspaces are the segmentation tool. Notion’s stated position is that customer data is not used to train third-party models.

Cursor (Cursor docs root) persists context through .cursor/rules files at the repo level and through chat history within a session. The cross-project memory story is closer to “no shared memory” than to ChatGPT-style cross-conversation persistence; the per-project configuration is what matters.

Customer-service bots (Intercom Fin, Zendesk AI, helpdesk-integrated agents) are per-workspace. The leakage path is multi-brand or multi-client setups inside one workspace where the agent’s memory is bounded by the workspace rather than the brand.

Microsoft 365 Copilot consumer (Microsoft Copilot support) and the enterprise tier are different products with different memory models; this piece is about the consumer tools small teams typically reach for before they get to a managed M365 tenant.

The 30-minute Monday routine

Full how-to schema is in the FAQ. The body version is shorter.

Block one, 10 minutes: open the settings for each AI tool you use on paid client work and find the memory toggle. ChatGPT: Settings → Personalization → Memory; either turn memory off entirely or review Manage memories and delete saved memories that name clients or client work. Use Temporary Chat for any client work where you are not sure yet. Claude.ai: Settings → Memory; review and clear individual memories. Confirm each Claude Project is scoped to one client. Notion AI: confirm whether AI is enabled at the workspace level and which connected sources the agent can read. Cursor: confirm Privacy Mode setting and check .cursor/rules in each project for references to other clients.

Block two, 10 minutes: write the no-client-identifiers rule. Most AI tools have a “custom instructions” or system-prompt field that persists across conversations. Open each one, remove every specific client name, client project, client domain, and client product name. Replace with role-and-context-only language. The rule is one line: no client identifiers in any persistent AI-tool field. Re-check on every new client.

Block three, 10 minutes: write the per-client reset checklist. Five lines, one per tool. ChatGPT: new Temporary Chat or new Project per client. Claude: new Project per client. Notion: new teamspace per client where workspace structure mixes them. Cursor: separate folder per client with its own rules. Helpdesk bot: separate workspace per brand or per-conversation tagging. Print it. Tape it.

What this does not fix

The routine handles the memory and implicit-context layers. It does not handle the contract and data-residency layers. The publication’s solo EU developer residency piece covers the residency cut for EU client work. The non-human identity starter kit covers the credential side of the same broader question. The shadow-AI operator piece covers what to do when an approved tool ships new agent capabilities you have not yet configured.

The enterprise reading at AM-170 is the version of this same question for in-house programmes with a data-retention register and an audit obligation. The small-team version is operationally cheaper. It is also, in practice, the one a client procurement questionnaire is most likely to ask about first, because the boundary between consumer-tier AI tooling and client confidentiality is the visible one.

What “good” looks like at 1-15 people

A team that has run the routine can describe their AI memory posture in three sentences to a client or an insurer.

Each AI tool we use on client work has explicit memory either disabled or actively managed, with no client identifiers retained in any persistent field. We use per-client containers (new chats or new projects) on each tool so context does not bleed across client engagements. We re-check settings at every new client onboarding and at every tool update.

Three sentences. Same shape as the enterprise version; different scale. The work is the discipline of doing it, not the cost of doing it.

Calendar this Monday morning

Thirty minutes, one person doing it, the team’s existing tools. The settings pass is the slowest block (ten minutes); the rule-writing and checklist are five to ten each. The follow-up is the per-client onboarding step (two minutes, every time) and the quarterly settings re-check (ten minutes per quarter).

The cost is bounded. The absence of the cost shows up the first time a client asks how their data is handled across your AI tools, or the first time a Notion AI answer for one project surfaces a paragraph from another. Both will happen if the routine is not in place; neither will happen if it is.