AI Privacy Guide: Which Tools Keep Your Data Safe (And Which Don't)
You're typing sensitive information into AI tools every day. Here's which ones keep it private and which ones use it for training.
The question nobody asks before pasting sensitive data into a chatbot
Last week I watched a colleague paste an entire client contract into ChatGPT and ask it to "find any issues." The contract included the client's name, financial details, proprietary terms, and confidential pricing. When I pointed out that this data might be used to train OpenAI's models, she looked at me like I'd told her the printer was sentient.
This happens constantly. People treat AI chatbots like private conversations, when they're closer to shouting in a room where someone might be taking notes. The privacy implications of AI tools are genuinely important, poorly understood, and surprisingly varied between providers.
Let's clear this up, tool by tool.
The big question: Is my data used for training?
When you type something into an AI tool, the company behind that tool has a choice: use your input to improve their models (training), or discard it after generating your response. This matters because training means your data, or something derived from it, becomes permanently embedded in the model's knowledge. It can't be extracted verbatim (usually), but patterns, styles, and occasionally specific details can surface in outputs for other users.
Here's where each major tool stands.
OpenAI / ChatGPT
chatgpt
Free tier and Plus ($20/month): By default, OpenAI uses your conversations to train their models. This has been their policy since launch, and while they've improved their disclosure, many users don't realise it.
How to opt out: Go to Settings, then Data Controls, then toggle off "Improve the model for everyone." This prevents your conversations from being used for training. The trade-off: you also lose conversation history (your chats won't be saved). OpenAI introduced a middle ground called "Temporary Chat" that doesn't save or train, but you have to remember to use it.
ChatGPT Team and Enterprise plans: Your data is NOT used for training. This is the key difference between consumer and business tiers. If you're using ChatGPT for work and handling any sensitive information, the Team plan ($25/user/month) is worth it purely for the data protection.
API access: Data submitted through the API is NOT used for training by default. This is important for developers building on OpenAI's models. Your API data is retained for 30 days for abuse monitoring, then deleted.
The honest assessment: OpenAI has the most complex privacy situation of the major providers. The default training opt-in on consumer tiers is a real concern. The enterprise offerings are solid, but you have to pay for privacy, which feels uncomfortable.
Anthropic / Claude
claude
Free and Pro tiers: Anthropic's policy is clearer than OpenAI's. By default, your conversations may be used to improve their models, but you can opt out in Settings without losing any features. This is a meaningful difference from ChatGPT, where opting out disables chat history.
Claude for Business and Enterprise: Your data is NOT used for training. Period. Anthropic has been explicit about this since launching their business tiers. Data is encrypted at rest and in transit, and Anthropic's retention policies are clearly documented.
API access: Like OpenAI, API data is not used for training by default. Anthropic retains API inputs for safety evaluation purposes (30 days), but this is separate from model training.
The honest assessment: Anthropic positions itself as the "safety-focused" AI company, and their privacy practices reflect that. The opt-out on consumer tiers is straightforward. Business tiers have strong guarantees. Anthropic is generally considered the most privacy-conscious of the big three, though "most privacy-conscious AI company" is a low bar.
Google / Gemini
gemini
Free tier (through Google account): This is where things get murky, because Google's data practices are already complex before you add AI to the mix. Gemini conversations from the free tier can be used to improve Google's AI products. Given Google's history with data usage, this should give you pause.
How to opt out: Go to your Google Account activity controls and turn off "Gemini Apps Activity." This prevents conversations from being saved and used for training. The process is buried in Google's account settings rather than being prominently displayed in Gemini itself, which is a design choice that tells you something about Google's priorities.
Google Workspace with Gemini: For paid Workspace plans (Business Standard and above), Google states that Gemini features don't use your data to train their models. This covers Gemini in Gmail, Docs, Sheets, and other Workspace apps. The data stays within your organisation's Workspace environment.
The honest assessment: Google has the most data about you already (email, search history, location, documents, calendar). Adding Gemini conversations to that picture is a genuinely significant privacy consideration. Their Workspace protections are good, but on the free tier, you should assume Google is using your data in some capacity, because that's been their business model for two decades.
Perplexity
perplexity
Perplexity's privacy policy states that they collect usage data and search queries to improve their service. They're less explicit than the big three about whether this constitutes "model training" in the traditional sense. Perplexity operates more like a search engine with AI synthesis, so the data dynamics are slightly different.
The practical concern: When you search on Perplexity, your queries reveal what you're interested in and what you're researching. For most personal and professional use, this is low-risk. For sensitive research topics, use a VPN and don't log in.
Grammarly
grammarly
Grammarly processes everything you type when the extension is active. For a writing assistant, this is unavoidable, but the implications are significant. Grammarly has explicitly stated that they do NOT use customer writing to train AI models. Your text is processed to provide suggestions and then discarded.
The enterprise tier adds additional security controls, SOC 2 compliance, and guarantees that data stays within your organisation's boundary.
The practical concern: Even if Grammarly doesn't train on your data, the extension sees everything you type in your browser. Emails, messages, documents, passwords if you type them in a text field. Make sure you're comfortable with that access. You can configure which sites the extension is active on, and I'd recommend disabling it on banking sites and password managers.
The simple rule everyone should follow
Assume everything you type into a free tier AI tool could potentially be used for training. Even if the current policy says otherwise, policies change. Companies get acquired. Terms of service get updated quietly. The safest assumption is that free-tier data is fair game.
This doesn't mean you shouldn't use free tiers. It means you should be intentional about what you put into them.
What to never put into any AI tool (free or paid)
Regardless of the privacy policy, there are things you should never type into any AI tool:
Passwords and credentials. Sounds obvious, but people paste config files containing API keys into ChatGPT all the time. Developers are particularly bad about this.
Personal health information. "I've been experiencing [symptoms]" followed by your medical history is data you don't want in anyone's training set.
Financial details. Bank account numbers, tax returns, detailed salary information. Use AI to understand financial concepts, not to process your actual financial data.
Client or customer data. Names, email addresses, purchase histories, personal details. If you need to analyse customer data with AI, use an enterprise tier with proper data processing agreements, or anonymise the data first.
Confidential business information. Strategy documents, unreleased product details, M&A discussions. If your company hasn't explicitly approved AI tool usage for this type of information, assume it's off-limits.
Legal documents (in full). Contracts, NDAs, legal correspondence. If you want AI help with legal documents, summarise the issue without including identifying details, or use an enterprise tier with appropriate data processing agreements.
The practical privacy setup (10 minutes)
Here's what I recommend for anyone who uses AI tools regularly: Pick one paid AI tool for sensitive work. Claude Pro or ChatGPT Team. Use this for anything work-related or containing personal information. The paid tier's training exclusion is worth the subscription cost. Use free tiers for non-sensitive tasks. Brainstorming, learning, personal curiosity, creative writing. Anything you'd be comfortable saying aloud in a coffee shop. Opt out of training everywhere. Go through each tool's settings and disable training data collection where possible. Even if you're not putting sensitive data in, there's no reason to opt in. Disable Grammarly on sensitive sites. Banking, healthcare portals, password managers, work intranets that contain confidential information. Never paste credentials or API keys. Use placeholder values when asking AI for help with code that involves authentication. Replace real keys with "YOUR_API_KEY_HERE" before pasting. Anonymise before you ask. If you need AI help with a situation involving real people or companies, change the names and identifying details before asking. "My client Acme Corp wants to restructure their £2M contract" becomes "A client wants to restructure a mid-sized contract." The AI doesn't need real details to give useful advice.
These steps take ten minutes to set up and give you a reasonable privacy posture without giving up the genuine utility of AI tools. Perfect privacy means not using AI tools at all. Practical privacy means using them thoughtfully.