Learn/Local AI & Privacy/Privacy, Data & What Happens to Your Prompts
Local AI & Privacy

Privacy, Data & What Happens to Your Prompts

When you type into a cloud AI service, your message travels to someone else's server. Understanding what happens to it varies significantly by service, tier, and whether you've read the privacy policy

Privacy, Data & What Happens to Your Prompts

When you type into a cloud AI service, your message travels to someone else's server. Understanding what happens to it varies significantly by service, tier, and whether you've read the privacy policy.

What Actually Happens

At a minimum, your prompts are: - Transmitted to the provider's servers (encrypted in transit via TLS) - Processed to generate a response - Stored temporarily or persistently depending on the service's policy

Beyond that, policies diverge on two critical questions: how long data is retained, and whether it's used to train future models.

Anthropic's Policy (Claude)

For consumer usage (Claude.ai free and Pro), conversations may be used to improve Anthropic's models unless you opt out. Opt-out is available in account settings under "Data Controls."

For API and enterprise customers, the default is that data is not used for training. Enterprise agreements can include zero data retention options — prompts and responses not stored after the request completes.

OpenAI's Equivalent

Similar structure. ChatGPT consumer conversations may be used for training; disable in Settings → Data Controls. The API does not use data for training by default. ChatGPT Team and Enterprise tiers do not use conversations for training.

What "Private" Means in Practice

  • Encryption in transit — standard across all major providers
  • Encryption at rest — most providers encrypt stored data, but hold the keys themselves
  • Employee access — most providers reserve the right for staff to review conversations for safety compliance
  • Legal requests — providers comply with valid legal orders regardless of privacy policies

Red Flags in Privacy Policies

  • Vague language about "partners" or "affiliates" who may receive data
  • No clear distinction between consumer and enterprise data handling
  • Training opt-out buried in settings rather than offered during onboarding
  • Retention periods measured in years rather than days

The Enterprise vs. Consumer Divide

The practical privacy gap is significant. Enterprise agreements typically include: - Contractual guarantees data won't be used for training - Zero data retention options - Data processing agreements (DPAs) required by GDPR - Audit logs and access controls

The Simple Rule

Don't send anything to a cloud AI service you wouldn't be comfortable posting publicly. This accounts for policy changes, security incidents, and the reality that you ultimately don't control what happens to data once it leaves your device.

Have a follow-up question about this topic?

Ask AI

← Previous

On-Device AI: Apple, Google & Microsoft

Next →

Local vs Cloud: A Practical Decision Guide