Content
ArticlesE-BooksPublicationsResearch & Data
LLM PrivacyTools & Resources
AI ToolsClarity ToolLLM Privacy Research
Data usage policies across different LLM providers and tiers
This research examines how different LLM developers handle user data across their various tier offerings. Understanding these policies is crucial for making informed decisions about which AI services to use based on your privacy requirements.
🏆 Top 5 Most Privacy-Friendly LLMs
Click on any card above to jump to the detailed analysis below
Trustfulness Legend
ChatGPT
Free
Data Collection
User interactions (inputs, outputs)
Data Usage for Training
Used to improve models
Data Retention Policy
Conversations may be logged and analyzed. 'Temporary Chat' available, 'Memory' feature can be toggled.
Opt-out Options
'Temporary Chat' available; 'Memory' feature can be toggled on/off. Opt-out via privacy portal applies to new conversations.
Security & Compliance
N/A for free tier, but general company commitment to security.
ChatGPT
Paid (Plus/Pro)
Data Collection
User interactions (inputs, outputs)
Data Usage for Training
Explicit options to opt out of data being used for model training.
Data Retention Policy
More control over data retention and deletion.
Opt-out Options
Explicit opt-out available.
Security & Compliance
N/A for Plus/Pro specifically, but benefits from general OpenAI security.
ChatGPT
Team/Enterprise/Edu/API
Data Collection
User interactions (inputs, outputs)
Data Usage for Training
By default, NOT used for training or improving models. API users can explicitly opt-in to share data for improvement.
Data Retention Policy
Organizations own data. Granular control over retention periods; deleted conversations removed within 30 days. API inputs/outputs retained for up to 30 days for abuse detection; Zero Data Retention (ZDR) option available.
Opt-out Options
Default non-training; ZDR option for API.
Security & Compliance
Encryption at rest (AES-256) and in transit (TLS 1.2+). SAML SSO, fine-grained access controls. SOC 2 Type 2, CSA STAR Level 1 certified. Supports GDPR, CCPA, HIPAA (BAA available). Data residency options.
Gemini
Free Tier
Data Collection
User data (inputs and outputs).
Data Usage for Training
Explicitly used to improve Google products.
Data Retention Policy
Not explicitly detailed for retention, but used for improvement.
Opt-out Options
No explicit opt-out for training in free tier.
Security & Compliance
N/A for free tier.
Gemini
Paid (Pro) / API
Data Collection
User data (inputs and outputs).
Data Usage for Training
Explicitly not used to improve Google products.
Data Retention Policy
Not explicitly detailed for retention, but not used for improvement.
Opt-out Options
Default non-training.
Security & Compliance
Aligns with enterprise expectations.
Claude
Consumer (Free/Pro)
Data Collection
User inputs/outputs, feedback (e.g., thumbs up/down).
Data Usage for Training
By default, not used to train generative models, unless explicitly reported (feedback) or opted-in (trusted tester program). Flagged conversations for policy violations may be used for safety system training.
Data Retention Policy
Feedback data stored for up to 10 years, de-linked from user ID before use for training.
Opt-out Options
Default non-training; explicit opt-in for training via feedback mechanisms.
Security & Compliance
Strict access limits for authorized staff.
Claude
Commercial (Claude for Work/API)
Data Collection
User inputs/outputs.
Data Usage for Training
Separate, likely more stringent policies; expected to prioritize data non-training by default.
Data Retention Policy
Not explicitly detailed in snippets, but implied to be enterprise-grade.
Opt-out Options
Expected default non-training.
Security & Compliance
API offers various models with token-based pricing.
Copilot
Consumer
Data Collection
'De-identified data' from Bing searches, MSN activity, Copilot conversations, ad interactions. Conversations about uploaded files may be used.
Data Usage for Training
Used for training, but de-identified. Does not train on Microsoft account profile data, email contents, or contents of files uploaded to Copilot.
Data Retention Policy
Changes may take up to 30 days to implement opt-out.
Opt-out Options
Opt-out available via privacy settings in Copilot app or Edge. Certain users (commercial, not logged in, under 18, specific countries) automatically excluded.
Security & Compliance
De-identification (removing PII, blurring faces).
M365/Commercial Copilot
Commercial
Data Collection
User data from commercial customers.
Data Usage for Training
Explicitly not used to train AI models.
Data Retention Policy
Not explicitly detailed, but governed by DPA.
Opt-out Options
Default non-training.
Security & Compliance
Strong privacy guarantee for business users.
Grok
X Premium+ / API
Data Collection
User content (prompts, inputs: text, photos, images, file uploads), outputs. Real-time data from X.
Data Usage for Training
Collected and used to develop and improve services, including model training. Leverages publicly available data and human-curated datasets.
Data Retention Policy
Retained for service provision, development, improvement, terms enforcement; manual review possible.
Opt-out Options
Logged-in users have an option to select whether their user content is used for product development or model training. Unauthenticated access grants 'full rights' for data use.
Security & Compliance
Commercially reasonable technical, administrative, and organizational measures.
Consumer / Pro
Consumer / Pro
Data Collection
User data (query data, account info, device info, site interactions, personal info if account created)
Data Usage for Training
May be used for AI training and product improvement.
Data Retention Policy
Retained as long as account is active; deleted within 30 days of account deletion.
Opt-out Options
Opt-out option available in account settings.
Security & Compliance
Will not sell/share data for advertising/marketing. Strict internal controls.
API Platform / Enterprise
API Platform / Enterprise
Data Collection
Query data, API Usage Data (billable metadata), User Account Information (name, email)
Data Usage for Training
Zero-day retention; never used for AI training.
Data Retention Policy
Zero-day retention of user prompt data.
Opt-out Options
Default non-training for API; Zero Data Retention (ZDR) option.
Security & Compliance
Zero-day retention; never used for AI training. Compliant with Privacy Laws (GDPR, CCPA, etc.); relies on AWS security.
SaaS Platform
All Tiers
Data Collection
Prompts, generations, fine-tune data. Non-identifying usage data.
Data Usage for Training
Opt-out mechanism available. Content from third-party apps (e.g., Google Drive) not used for training. PII filtered/stripped before training (if opted in).
Data Retention Policy
Logged prompts/generations deleted after 30 days (unless legal/violation). Deleted chat history/finetune datasets purged after 7 days from backend. ZDR available for approved cases.
Opt-out Options
Explicit opt-out via dashboard settings.
Security & Compliance
Robust logging/monitoring for misuse detection; safety/security teams review flagged content (customer identifiers removed for aggregation). HITRUST-certified security.
API
All Tiers
Data Collection
Datasets uploaded for fine-tuning. Customer inputs/outputs (in third-party cloud deployments, Cohere does not receive them).
Data Usage for Training
Datasets uploaded for fine-tuning are for that purpose; Cohere does not receive customer inputs/outputs in private deployments.
Data Retention Policy
Datasets deleted 30 days after creation. 10GB storage limit.
Opt-out Options
ZDR available for approved cases.
Security & Compliance
HITRUST-certified. Supports GDPR, HIPAA, CMS-0057-F APIs. Clinical AI models fine-tuned by medical specialty using 'minimum necessary approach' for unstructured data.
Amazon Nova
Consumer
Data Collection
'Amazon Nova Interactions' (inputs, uploaded files, outputs, feedback).
Data Usage for Training
Used to provide, develop, and improve Amazon's services, including AI models. Manual review possible.
Data Retention Policy
Records, processes, and retains interactions in the cloud. Stored on servers outside user's country.
Opt-out Options
Advised not to submit sensitive info. Opt-out for cross-context behavioral ads available.
Security & Compliance
N/A for consumer Nova specifically.
Amazon Bedrock
Enterprise
Data Collection
Customer content (inputs, outputs).
Data Usage for Training
Explicitly not used to improve base models and not shared with model providers (including Amazon Nova).
Data Retention Policy
Not explicitly detailed for retention, but not used for training.
Opt-out Options
Default non-training.
Security & Compliance
Encrypted in transit and at rest; customer-managed keys optional. SOC, ISO, HIPAA eligible, GDPR compliant. Uncapped IP indemnity for outputs. Monitoring/logging via CloudWatch/CloudTrail. Secure access controls (IAM, PrivateLink).
Pi
Consumer / API
Data Collection
Name, phone number, IP address, online activity data, user conversations, metadata. Users may choose to provide sensitive info.
Data Usage for Training
Explicitly used to improve services, train models, and develop new services. API: right to aggregate, collect, analyze data for product improvement.
Data Retention Policy
Not explicitly detailed.
Opt-out Options
Providing sensitive info implies consent. No explicit opt-out for general training.
Security & Compliance
Will not sell/share data for advertising/marketing. Strict internal controls. Users under 18 not permitted.
Qwen Chat
Consumer
Data Collection
Account info, user content (prompts, uploaded text, files, images, audio), log data, usage data.
Data Usage for Training
User content may be processed to improve services and develop new products (including for other customers).
Data Retention Policy
May be stored outside user's jurisdiction.
Opt-out Options
Not explicitly detailed for training opt-out.
Security & Compliance
Encrypted in transit and at rest.
Qwen
Enterprise API
Data Collection
User inputs/outputs via API.
Data Usage for Training
Minimizes reliance on user data for training.
Data Retention Policy
Not explicitly detailed.
Opt-out Options
Not explicitly detailed, but 'minimizes reliance' implies a privacy-focused approach.
Security & Compliance
Aligns with GDPR and other global privacy standards. Enhanced data security and privacy for businesses. Open-source models available.
Note: This information is based on publicly available privacy policies and may change over time. Always review the latest privacy policies before using any AI service, especially for sensitive data.