How AI Companies Use Your Data — The Privacy Report 2026
In May 2026, OpenAI was ordered by a US federal court to produce a de-identified sample of 20 million ChatGPT conversation logs as part of ongoing copyright litigation. In June 2026, Anthropic updated its privacy policy to extend data retention from 30 days to five years for users who opt into model improvement — and added language about collecting government ID, selfie, and facial geometry data for age verification. In July 2026, Meta's updated AI policy began integrating AI into private chats on Facebook, Instagram, and WhatsApp, using those interactions for personalized advertising.
The AI industry's data practices are shifting under our feet — and most users have no idea what they've already agreed to. This report analyzes the privacy policies of 12 major AI companies, cross-references them against 18 documented AI privacy violations totaling over $1.5 billion in fines, and provides a practical framework for protecting your data across every platform you use.
The Privacy Scorecard
// every major AI company, rankedWe analyzed the privacy policies of 12 AI companies against six criteria: training data transparency, opt-out availability and ease, data retention periods, human review disclosure, third-party sharing, and enterprise/consumer data separation. Scores reflect the consumer-tier experience — enterprise and API customers typically have stronger protections under separate agreements.
| Company | Trains on Your Data? | Opt-Out Available? | Data Retention | Human Review? | Score |
|---|---|---|---|---|---|
| OpenAI (ChatGPT) | Yes — consumer default | Yes, buried in Settings | 30 days (temp chats); indefinite for training | Yes — abuse monitoring | 48/100 C |
| Anthropic (Claude) | Opt-in only (July 2026) | Yes — clear toggle | 30 days default; 5 years if opted in | Yes — safety review | 62/100 B- |
| Google (Gemini) | Yes — consumer default | Yes, via Activity Controls | Up to 3 years (reviewed chats) | Yes — human reviewers | 42/100 D |
| Meta AI | Yes — all platform data | Limited — EU only (GDPR) | Indefinite | Yes — extensive | 28/100 F |
| Microsoft (Copilot) | Consumer: yes; Enterprise: no | Partial — enterprise only | Varies by product | Yes — abuse monitoring | 45/100 D+ |
| xAI (Grok) | Yes — X platform data | No meaningful opt-out | Unclear | Unclear | 22/100 F |
| Perplexity AI | Yes — Pro users can opt out | Pro only | Not clearly disclosed | Not clearly disclosed | 40/100 D |
| Apple (Intelligence) | No — on-device processing | N/A — doesn't collect | Not retained | No — Private Cloud Compute | 78/100 B+ |
💡 The Enterprise Loophole
Almost every company on this list operates a two-tier privacy system: consumer accounts (Free, Plus, Pro, Max) where your data may be used for training by default, and enterprise/API accounts (Team, Enterprise, Developer Platform) where training is off by default and a Data Processing Addendum (DPA) is available. If you're handling client data, regulated information, or proprietary code, consumer-tier AI accounts are a liability. The enterprise tier isn't a luxury — it's the minimum viable privacy posture.
Deep Dive: What Each Policy Actually Says
OpenAI (ChatGPT)
48/100OpenAI's consumer privacy posture is the industry's most scrutinized — and for good reason. On Free and Plus accounts, your conversations are used for model training by default. The opt-out exists but requires navigating to Settings → Data Controls → "Improve the model for everyone" → Off. Even with training disabled, OpenAI retains chats for up to 30 days for abuse review, and a subset may be reviewed by human contractors.
The critical detail most users miss: deletion does not mean untrained. Once text has influenced model weights, that influence cannot be extracted the way a database record is removed. The January 2026 federal court order requiring OpenAI to produce 20 million de-identified chat logs underscores a separate concern: your conversations exist in logs accessible through legal process, regardless of your privacy settings.
⚠️ What OpenAI Collects
Conversation content, uploaded files, images, voice audio, device information, IP address, usage patterns, feedback ratings, and — for voice mode — audio recordings. The policy permits using all of this to train and improve models unless you explicitly opt out.
Anthropic (Claude)
62/100Anthropic's July 2026 privacy update represents the most significant policy shift of the year. Data retention for users who opt into model improvement extends from 30 days to five years, the policy now explicitly covers connected apps and multi-step agent tasks, and Anthropic added language about collecting government ID, selfie data, and facial geometry templates for age verification.
The positive: model improvement is opt-in, not opt-out. The negative: the five-year retention window for opted-in users is the longest in the industry, and the new connected-apps language means Claude's privacy boundary now extends to every third-party service you connect it to.
The Connected Apps Problem
When Claude works with third-party apps, connectors, plugins, webhooks, or external APIs, it may send instructions, inputs, and outputs to those services and retrieve data from them. A Claude instance connected to five services has six privacy policies governing its data flows — and the user is responsible for understanding all of them.
Google (Gemini)
42/100Google's Gemini privacy posture is the most complex in the industry, spanning consumer Gemini Apps, Google Workspace Gemini, and the Gemini API — each with different rules. On consumer Gemini Apps, conversations are saved by default and used to improve Gemini. A subset goes to human reviewers, and reviewed chats can be retained for up to three years even after you delete your activity.
The Workspace tier has stronger protections — Google states it doesn't train on that data or review it with humans. But the boundary is porous: using the same Google account for both may let consumer activity influence your Workspace experience and vice versa.
Meta AI
28/100Meta's 2026 AI policy is the most aggressive in the industry. The company integrates AI into private chats on Facebook, Instagram, and WhatsApp, using those interactions for personalized advertising and content recommendations. Meta trains its Muse AI model on public Instagram photos. The opt-out mechanism exists only for users in the EU (GDPR) and is functionally unavailable elsewhere.
The scope is staggering: every post, like, comment, photo, video, message, and interaction across the family of apps can be used for AI training. Critics have described the policy as "surveillance capitalism meets AI."
The 18 AI Privacy Violations
// that shaped the regulatory landscapeUnderstanding privacy policies requires understanding what happens when they fail. Here are the most significant AI privacy violations on record — the cases regulators cite when drafting new rules.
| Case | Violation Type | Penalty | Year |
|---|---|---|---|
| Clearview AI | Facial recognition — scraped billions of images without consent | $75M+ (multi-jurisdiction) | 2021-2026 |
| Google/DeepMind — NHS | 1.6M patient records used for AI training without consent | Regulatory action (UK ICO) | 2017 |
| OpenAI — Data Leak | Bug exposed user chat titles and payment info to other users | GDPR investigation (Italy) | 2023 |
| Italy — ChatGPT Ban | No legal basis for data collection; no age verification | Temporary ban + compliance order | 2023 |
| Amazon — AI Hiring Tool | AI recruiting tool discriminated against women | Tool scrapped; reputational damage | 2018 |
| TikTok — Biometric Data | Collected facial data and voiceprints without consent (BIPA) | $92M class action settlement | 2022 |
| Meta — AI Training on User Data | Trained AI on Instagram/Facebook data without meaningful opt-out | EU regulatory pressure; policy changes | 2024-2026 |
| Microsoft — Emotion Recognition | Retired emotion recognition AI over privacy and bias concerns | Product retirement | 2023 |
The pattern across these cases is consistent: AI companies collect first and ask questions later. The regulatory response is reactive, not preventive. By the time a violation makes headlines, your data has already been collected, processed, and potentially absorbed into model weights that cannot be extracted.
The Regulatory Landscape
// what's changing in 2026EU AI Act — Fully Operational August 2026
Risk-based framework: prohibited practices banned since 2024. High-risk obligations phasing in through 2026. General-purpose AI rules with systemic risk thresholds. Fines up to 7% of global annual turnover.
Enforcement ActiveUS — State-Level Patchwork
No federal AI privacy law. Colorado SB 205 (2025) is the first comprehensive state AI law. CCPA covers automated decision-making. BIPA (Illinois) drives biometric class actions. FTC uses Section 5 authority.
FragmentedCanada — PIPEDA AI Investigation
Joint investigation of OpenAI under PIPEDA examining training data sources, consent mechanisms, and transparency. Canada's proposed AIDA would create a dedicated AI regulator.
Under InvestigationGlobal — GDPR as De Facto Standard
GDPR Article 22 and Articles 13-14 are the most-cited provisions in AI privacy cases. The EDPB's Opinion 28/2024 established that scraping public data requires a lawful basis.
Global InfluenceHow to Protect Your Data
// a practical frameworkPrivacy policies are designed to be read by lawyers, not users. Here is a practical, actionable framework organized by user type.
Everyday User Checklist
Anthropic: Privacy settings → Model improvement → Off
Google: myactivity.google.com → Gemini Apps Activity → Off
Meta: Settings → Privacy → AI Data Usage → Object (EU only)
Never paste: passwords, API keys, SSNs, medical records
Use Temporary Chats where available
Professional/Business User
Enterprise/Team/API tier is the minimum for business use
Request a DPA before sending any third-party data
Map all integrations — each is a separate privacy boundary
Treat AI agents as privileged users, scope permissions
Enable and review audit logs for data leakage
Maximum Privacy Stack
Local LLMs: Ollama, LM Studio, llama.cpp
VPN + burner accounts for cloud AI use
API-only access doesn't train on your data by default
Self-hosted: Open WebUI + local models
GDPR/CCPA data requests every 6 months
If Your Data Is Already Exposed
File deletion requests at each platform's privacy portal
GDPR/CCPA access requests within statutory periods
Know the limit: model-weight data cannot be extracted
Escalate: regulator complaint → demand letter → litigation
Credit freeze if financial identifiers were exposed
⚠️ The Hard Truth About AI Data Deletion
When an AI company says they "delete" your data, they mean they remove it from active databases. If your conversations were used for model training before deletion, that influence on model weights cannot be removed. This is not a policy choice — it's a mathematical property of how neural networks learn. There is no "untrain" button.
FAQ
Can AI companies really use my conversations to train their models?
If I delete my conversations, are they really gone?
Which AI company has the best privacy practices?
Do "Temporary Chats" or "Incognito Mode" actually protect my privacy?
What's the single most important thing I should do today?
The Bottom Line
The AI industry's data practices are not a scandal waiting to break — they are the business model, disclosed in privacy policies that almost nobody reads. Your conversations are training data. Your uploaded files are training data. The companies are largely transparent about this if you read the fine print. The question is whether transparency without meaningful consent is enough. Regulators are increasingly saying it isn't. Until the law catches up, the responsibility for protecting your data rests with you.
Related Posts
You close the tab and put the knowledge to work.
