AI assistant privacy — what actually happens to what you type

AI assistant privacy discussions usually focus on the wrong layer. People worry about whether the company 'reads their messages.' That's not the meaningful question. The meaningful question is: does what you type become part of the dataset that trains the next version of the model? These are different things. A provider can have staff review conversations for safety purposes while also excluding those conversations from training. A provider can claim GDPR compliance while still using your conversations to train models. The distinction that matters for professional use is the training data default — not the privacy policy's general posture.

The second thing people get wrong is assuming all paid tiers protect them. ChatGPT Plus at $20/month does not exclude conversations from training by default — that's a ChatGPT Business feature at $20/seat/month. Claude Pro at $20/month does not train on conversations, same as Claude Free. The price tier doesn't determine the privacy posture; the specific plan and provider does.

Most people assume that deleting their chat history deletes their data. Deleting conversation history from the interface typically removes your ability to see the conversation, not the underlying data. Most providers retain conversation data for 30–90 days for abuse monitoring even after deletion. Claude and ChatGPT both retain data for some period after deletion from the conversation list. The specific retention policies are in the privacy policies; the interface behavior doesn't reflect actual deletion timing.

Most people assume GDPR compliance means their data is protected from training use. GDPR compliance means the company has processes for handling EU data subject rights requests. It doesn't mean they don't train on your data. A company can be GDPR compliant and still use your conversations for model training if they have a valid legal basis — and 'legitimate interest' is a legal basis that has been used to justify training data use. GDPR compliance is necessary but not sufficient for training exclusion.

Most people assume the provider's jurisdiction matters only for regulatory compliance. It also determines which governments can access your data with legal process. All four major AI assistants — ChatGPT, Claude, Grok, Perplexity — are US-incorporated and subject to CLOUD Act, FISA Section 702, and National Security Letter authority. US law permits compelled disclosure of data held by US companies for national security purposes. GDPR compliance doesn't override this for data held by US companies. Synthesia is the only major AI tool in this vertical incorporated outside the US — UK law applies.

The training data defaults by provider: Claude does not train on conversations by default across all tiers including Free — no settings change required. ChatGPT Free and Go trains on conversations by default — opt-out available in Settings > Data Controls, or use Temporary Chat mode which disables both saving and training. ChatGPT Business and Enterprise excludes training by default. Grok trains on conversations with no documented consumer opt-out. Perplexity uses query data to improve services with no documented consumer opt-out.

For professional use involving client data, proprietary research, or any information subject to confidentiality obligations: the right tool is Claude (no training by default, any tier), or ChatGPT Business or Enterprise (training excluded by contract). Using ChatGPT Free, ChatGPT Go, or Grok with sensitive professional content and relying on opt-out is a different risk profile than tools where exclusion is the default.

The enterprise path for any of these tools is the correct choice for regulated industries: Claude Enterprise (DPA available, training excluded, audit logs), ChatGPT Enterprise (DPA available, training excluded, SSO), or Jasper Business (SOC 2 Type II, no training on client data). Standard consumer plans — even paid ones — are not enterprise-grade privacy postures regardless of what the marketing materials say.

No AI assistant provides absolute privacy. Staff review for safety and trust purposes is documented by Claude, ChatGPT, and Perplexity even when training exclusion is in effect. Subprocessors — the third-party services providers use for infrastructure — may have access to data. Enterprise contracts specify the scope of these exceptions; consumer plans don't.

US jurisdiction is a hard constraint regardless of privacy posture. All major AI assistants in this category are US-incorporated. US law permits government access to data held by US companies under national security authorities that operate outside normal legal process. For organizations with strict data sovereignty requirements, this is a structural limitation of the category — not a problem that a better privacy policy solves.

Privacy defaults can change. A provider that doesn't train on your data today can update their terms. The no-training posture that makes a tool appropriate for sensitive work today is only guaranteed for as long as the terms stay the same. For organizations with ongoing compliance requirements, contractual commitments at the enterprise tier are more durable than default postures that can change with a terms update.