1. Guides
  2. Artificial intelligence
  3. A quick look at the privacy policies for the most popular AI tools

A quick look at the privacy policies for the most popular AI tools

It’s important to understand how AI systems capture and utilise your data.
Lock on top of a keyboard

Whether it’s for our organisation, our clients or our own personal use, it’s important to be aware of how different tools capture and share our data. Each AI platform has their own privacy policies, and as organisations working for social justice, we have an obligation to protect the privacy our data.

In this article we’ll take a brief look at the privacy policies and statements made by some of the more commonly used AI tools, including:

  • ChatGPT
  • Google Gemini
  • Microsoft Copilot
  • Claude (Anthropic)
  • Perplexity
  • DeepSeek
  • Meta AI (Facebook, Instagram)
  • xAI Grok

This information is provided as an overview and is relevant at the time of writing. Readers should do their due diligence by checking with their provider of choice for the most up-to-date information.

None of this information is to be regarded as legal advice or recommendations for one service over another, and each individual or organisation should consider their own needs and risk when deciding whether to use any of the tools listed here.

If you are looking to begin your organisation’s AI journey, be sure to join our Asia-Pacific AI Nonprofit Learning Community and check out our AI Readiness Assessment. A simple quiz will help you see where your organisation stands as to your readiness for AI.

All too overwhelming? If you’d like to dive deeper with some tailored advice, please set up a consult with our AI experts.

Information captured 30 January 2026.

Terminology explained

We’re going to mention a few things in this article that you might not have encountered before. Here’s a few definitions that might help your understanding. Additionally, if you’re looking to understand other common terms in AI, be sure to check out our AI Glossary.

Model Training

Model training is the process of teaching an AI system to recognise patterns and make predictions (for example, generating new words and sentences in large language models). This training is done by exposing it to large amounts of data (e.g. large amounts of text from the internet in the case of large language models). During training, the model adjusts its internal settings to improve its accuracy over time, much like a person learning from experience.

Understanding model training matters for not-for-profits, because the quality, diversity and representativeness of the data used during this stage directly shapes how the AI behaves. A model trained on incomplete or biased data will produce incomplete or biased results. If your organisation is evaluating an AI tool, asking how and on what data it was trained is a good starting point for assessing its suitability.

Training Data

Training data is the information used to teach an AI model how to perform a task. This can include text, images, numbers, audio or any other type of data. This has typically been done by importing large collections of data from the Internet.

For NFPs and nonprofits, it's worth asking where an AI system’s training data came from, whether it includes diverse perspectives and whether consent was obtained for its use. Training data that is narrow, outdated or unrepresentative can lead to outputs that don't reflect the communities you serve.

Deciding to share your data with AI tools

When deciding what information to share with AI tools, it is important to consider the privacy and sensitivity of any data being shared. There are specific regulatory requirements about managing and sharing any sensitive or personal data (Personally Identifiable Information or PII) depending on your jurisdiction.

There may be ways to achieve the outcome you need without sharing the personal data, for example data can be anonymised, removing the personally identifiable information before it’s shared with the tool.

To understand your organisations procurement journey better, read our Not-for-profit guide to AI procurement and take the quick procurement quiz to discover your organisation’s pathway.

Now that we’re equipped with that knowledge, let’s have a quick look at the different privacy policies from some of the more common names in the world of artificial intelligence!

ChatGPT

Explore OpenAI's Privacy Portal

The OpenAI Privacy Portal is a central hub for users to manage their personal data, specifically for consumer services like ChatGPT Plus and Sora. It provides ways for users to request data downloads, account deletions or to "opt-out" of having their conversations used to train future models.

It also includes a specialised request form to remove personal information if it appears in ChatGPT's responses.

Training on Data

  • Free and Plus: Yes, by default. OpenAI uses your chats to train future models.
  • Team and Enterprise: No. Contractually guaranteed not to train on business data.

One Point of Interest

You can request the prevention of your personal information from being used to train ChatGPT’s AI models, even if you do not have an OpenAI account.

Google Gemini

Explore Google's Gemini Apps Privacy Hub

Google’s privacy framework for Gemini emphasises integration with the broader Google ecosystem while providing granular controls through the Gemini Apps Privacy Hub. Google stores Gemini activity for 18 months by default, but users can toggle this to 3 or 36 months (or users can turn off activity saving entirely). Notably, even when activity saving is off, Google retains conversations for up to 72 hours to provide required functionality to its service.

Training on Data

  • Consumer (Free/Advanced): Yes. Human reviewers may also read anonymized chats to improve the model.
  • Workspace (Business): No. Data entered into Gemini for Google Workspace is contractually protected.

One Point of Interest

"Human reviewers" may read and annotate some of your conversations to improve the model; Google explicitly warns users not to enter confidential information they wouldn't want a human to see.

Microsoft Copilot

Explore Data, Privacy, and Security for Microsoft 365 Copilot

The Microsoft 365 Copilot privacy page focuses on enterprise-grade security. It guarantees that prompts and responses for business users are not used to train the underlying Large Language Models (LLMs). The system is built to honour the same data residency and compliance standards (like GDPR and HIPAA) that apply to the rest of the Microsoft 365 suite, ensuring that data stays within the organisation's tenancy.

Training on Data

  • Personal: Yes, can be used for training and personalisation.
  • Commercial (Work/School): No. This is Copilot’s "Commercial Data Protection" promise.

One Point of Interest

Microsoft provides a "Copyright Commitment," stating they will legally defend commercial customers and pay for any adverse judgments if the AI-generated output leads to a copyright infringement suit.

Claude (Anthropic)

Explore Anthropic's Privacy Center

Anthropic’s Privacy Center highlights their "Constitutional AI" approach, which prioritises safety and data minimisation. Their policy clarifies that for individual users, data is retained in order to provision its service and to improve its models, unless a user opts out. For Enterprise users, data is not used for model training by default. Anthropic privacy policy also details their "retention windows," where data is generally deleted within 30 days, unless required for legal or safety reasons.

Training on Data

  • Free & Pro: Yes. Policy updated in late 2025; now operates on an Opt-Out basis. If you do not change your settings, data is used for training.
  • Team & Enterprise: No. Commercial data is strictly excluded from training.

One Point of Interest

Anthropic is unique in providing "Personal Data Rights" globally, even in regions where such rights aren't legally required, allowing any user to request access to, or deletion of their own personal data.

Perplexity

Explore Perplexity's Legal Hub

Perplexity’s Privacy Policy outlines how the platform collects "Service Interaction Information," which includes the prompts you submit and the pages, or collections, you generate. While they use this data to facilitate their service and improve their AI models, they offer a clear "opt-out" toggle in the settings menu to prevent your search interactions from being used for model training. The policy also notes that if you sync your Google or Microsoft email/calendar accounts, that specific data is used only for service delivery and is explicitly excluded from being used to train or fine-tune their AI models.

Training on Data

  • Free & Pro: Yes, by default.
  • Enterprise: No.

One Point of Interest

Perplexity allows you to create "Collections" or "Pages" that can be made public; however, the policy warns that any content shared this way can be indexed by search engines and reproduced without your further permission.

DeepSeek

Explore DeepSeek's privacy policy

DeepSeek’s policy outlines how it collects account details, user inputs, and technical logs, primarily storing and processing data on servers located in the People's Republic of China. It emphasises that while they use data to improve their models, they do not engage in "profiling" or automated decision-making that has legal consequences for the user. They also provide a method to opt-out of using your data for model training.

Training on Data

  • Yes. Privacy policy grants broad rights to use input for "training and improving technology."

One Point of Interest

DeepSeek allows users to share "Dialogues" via a unique URL but warns that these public links can be indexed by web crawlers, making the conversation searchable by the public.

Meta AI (Facebook, Instagram)

Explore Meta's Privacy Policy

Meta’s Privacy Policy covers AI across its entire suite (Facebook, Instagram, WhatsApp). It explains that Meta uses the information people share on its products (such as posts, photos and captions) to train its generative AI models. While they offer a "Right to Object" form for users in certain regions (like the EU), the policy generally allows for broad use of public content for AI development. Meta data is primarily stored in the US. You can see some behind the scenes of what these data centres look like here.

Also worth mentioning that Meta has faced some legal challenges regarding privacy-related violations: FTC’s $5 billion Facebook settlement.

Training on Data

  • Consumer (Free): Yes, aggressively. Meta uses your public Facebook posts, Instagram photos, captions, and comments to train its Llama models.
    • Private Chats: Meta states they do not use private messages (WhatsApp/Messenger) for training unless you tag @Meta AI or send a message directly to the chatbot.
    • Opt-out: Difficult.
  • EU/UK: Yes (Right to Object form).
  • US/AU/Global: Generally, No. You cannot easily opt out of your public posts being used for training.
  • Enterprise (Meta AI for Business): N/A (Not a secure workspace).
    • Critical Note: There is no "Meta AI Enterprise" edition analogous to "ChatGPT Team." Business users should use Llama models via third-party cloud providers.

One Point of Interest

Meta AI can process information from your messages if you explicitly interact with the AI in a chat, but they claim not to use the content of private messages with friends and family to train their models.

xAI (Grok, X, formerly Twitter)

Explore xAI's Privacy Policy

The xAI Privacy Policy for Grok details a close relationship with the X platform. It states that Grok uses public posts from X to provide real-time information and for model training. Users can choose a "Private Chat" mode where conversations are not saved to their history and are typically deleted from xAI systems within 30 days.

xAI’s data centres are all located in the US. (Source)

Training on Data

  • Free and Premium (Consumer): Yes, by default. Grok trains on your real-time public posts and interactions on X (Twitter).
    • Opt-out: Yes. Accessible via Settings > Privacy and safety > Grok on the web version of X.
  • Enterprise (Grok Enterprise / API): No. Data sent to the specific "Enterprise" tier or xAI API is not used for training.

One Point of Interest

If you use Grok via the X platform, your data is governed by the X Privacy Policy, which allows for your public posts to be used to train the AI unless you manually opt-out.

It’s also worth noting that X has come under fire for handing user data to advertisers in the past: Twitter fined $150m for handing users’ contact details to advertisers.

Taking control of our privacy

Each system has their own approach to privacy and data use, and it’s somewhat within our control how we choose to use our data.

What are your thoughts about the state of data privacy in a world of AI? Join the discussions in our AI Community forums!

Rate this guide

No votes yet

Status message

Thanks for rating this guide.

CAPTCHA

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Related posts

Illustration of young woman of colour in a hoodie posing with the Gemini logo
Guide
Basic
Getting started with Gemini
Gemini, Google’s AI, is quickly becoming one of the most comprehensive AI tools on the market. Discover why and how this tool can assist not-for-profits.
Digital Transformation in AI
Guide
Basic
What does ‘digital transformation’ mean for not-for-profits in a world with AI?
Ensuring your environment and your people are ready for change.
AI Notetaking tools in action
Guide
Basic
What to know about AI note taking tools
Using AI to streamline our note taking can be enticing, but do we know what’s happening to our data?
Integrating Google Gemini for your NFP
Guide
Basic
How to integrate Google Gemini as a not-for-profit in Australia and the wider Asia-Pacific
Gemini could be the key to increasing productivity, and better outcomes for your not-for-profit.