Softplorer Logo

Affiliate links present. Disclosure

Which AI tools train on your data — and which ones don't?

When you send a message to an AI assistant, it goes to the provider's servers. What happens to it after that depends on the specific plan, the provider's privacy policy, and whether training data exclusion is the default or an opt-in. These are not equivalent across providers, and the differences are not minor. A tool that uses your conversations to train its next model is doing something categorically different from a tool that processes your message and discards it. The category matters more than the policy statement.

The practical question is not 'does this company care about privacy' but 'what is the default, and do I have to change anything to be protected?' A privacy protection that requires finding a setting in your account preferences is a different product than one that protects you without any action. For professional work involving client information, proprietary research, or confidential data, the default is what matters.

Quick answer

You need no training on your conversations by default — no settings changes requiredClaude — conversations not used to train models by default across all tiers including Free; the only assistant where the default protects you
You need enterprise-grade data exclusion with contractual guaranteesClaude Team/Enterprise, ChatGPT Business/Enterprise, or Synthesia Enterprise — all offer contractual training exclusion and data processing agreements
You need training exclusion on a low-cost plan and are willing to change settingsChatGPT — opt-out available in Settings > Data Controls for Free and Go tiers; Business plan excludes training by default
Real-time web data matters more than training exclusion for your use casePerplexity Enterprise Pro — training excluded on Enterprise; consumer tiers don't document training opt-out

When it matters

The following reflects each provider's publicly documented policy as of May 2026. Policies change; verify directly before relying on this for compliance decisions.

Claude (Anthropic)

  • Free, Pro, Max tiers: conversations not used to train models by default — no settings change required
  • Team: data excluded from training by default; admin controls
  • Enterprise: excluded from training and human review by default; data processing agreement available
  • Anthropic staff may review conversations for safety and trust purposes across all tiers
  • Data retained up to 90 days for abuse monitoring even when history is disabled

ChatGPT (OpenAI)

  • Free and Go tiers: conversations used for model training by default; opt-out in Settings > Data Controls
  • Free and Go tiers: contextual ads served in the US as of February 2026
  • Business tier (per-seat pricing, min 2 users): training excluded by default
  • Enterprise: training excluded; SSO; extended data retention controls
  • Temporary Chat mode: conversations not saved and not used for training across all tiers

Grok (xAI)

  • Consumer tiers: conversation data used for training per xAI Privacy Policy
  • Training opt-out not documented for consumer tiers
  • X account data may inform Grok responses
  • No enterprise data controls documented as of May 2026
  • GDPR compliance documented for EU users

Perplexity

  • Consumer tiers: query data collected and used to improve services; training opt-out not documented
  • Enterprise Pro (per-seat pricing): query data excluded from training
  • Web scraping controversy from 2024 (Wired, Forbes reporting) raised questions about content sourcing practices; disputed by Perplexity

When it fails

Privacy policy statements describe intent. The operational reality involves additional considerations that matter for professional use.

  • Jurisdiction determines legal exposure — all four major AI assistants are US-incorporated and subject to CLOUD Act, FISA Section 702, and National Security Letter authority. US law permits compelled disclosure of data held by US companies for national security purposes regardless of privacy policy statements. Synthesia is UK-incorporated, subject to UK law rather than US CLOUD Act as primary jurisdiction.
  • Human review for safety — Claude, ChatGPT, and Perplexity all reserve the right to review conversations for safety and trust purposes even when training exclusion is in effect. Enterprise contracts typically specify the scope and conditions of human review.
  • 30–90 day retention — most providers retain conversation data for 30–90 days for abuse monitoring even when conversation history is disabled. 'Deleting' a conversation from your history doesn't mean immediate deletion from provider systems.
  • Shared data with third-party vendors — privacy policies typically permit data sharing with service providers and subprocessors. The specific subprocessors and their data handling are not always enumerated.
  • SOC 2 certification scope — SOC 2 Type II certification covers security, availability, and confidentiality in a defined scope. It doesn't cover all data practices; review what the audit specifically covers.

How providers fit

Claude is the starting point if privacy defaults matter for your work. The no-training-by-default posture applies across all tiers — Free, Pro, Max, Team — without requiring any account configuration. For individual professionals handling client or proprietary information on a free or low-cost plan, Claude's default is structurally different from the alternatives. Pro provides the full capability set with the same privacy default.

ChatGPT Business is the right choice if you need training exclusion with Microsoft 365 integration, broader multimodal capability, or a minimum-seat count lower than Claude Team's 5-seat minimum. Business requires a minimum of 2 users. The same training exclusion applies; ChatGPT's platform surface is larger than Claude's.

Grok is the tool with the weakest documented privacy posture in the assistant category. Conversation data used for training with no documented consumer opt-out, and X account data may inform responses. For any professional use involving sensitive information, Grok's current privacy posture is a hard constraint against adoption.

For regulated industries

Healthcare, finance, legal, and government use cases require more than a privacy policy statement — they require contractual data processing agreements (DPAs), specific compliance certifications (SOC 2 Type II, ISO 27001, HIPAA BAA), and legal review of the specific use case. Claude Enterprise, ChatGPT Enterprise, and Synthesia Enterprise all offer DPAs. Verify the specific certifications relevant to your regulatory context directly with the provider before deployment.

Related

AI training data policies — detailed breakdown by providerAI for regulated industries — compliance and certification requirementsEnterprise AI — SSO, governance, and data controlsSOC 2 certified AI tools — what certification covers

Where to go next

Claude
Claude
The reasoning-first AI assistant — deep analysis, long documents, and careful thinking before answering
Review
Go to Claude
ChatGPT
ChatGPT
The default starting point for AI — broad capability, the largest ecosystem, and the most integrations
Review
Go to ChatGPT
Grok
Grok
The AI assistant built into X — real-time data, fewer content restrictions, and reasoning always on
Review
Go to Grok
Browse all providers

© 2026 Softplorer

About·Contact·Privacy Policy·Affiliate Disclosure