Learn / AI privacy policies

AI privacy policies: what you're actually agreeing to

You use AI for your most private work: drafting a legal argument, researching a medical symptom, mapping out a business strategy, handling a sensitive HR situation. It's worth understanding exactly what happens to that text after you hit send.

This is not a reason to panic. The practices described below are standard for cloud software, and most people are perfectly comfortable with the trade-offs. But "standard" doesn't mean you should agree to them without knowing what they are.

The three things every cloud AI privacy policy has in common

Despite differences in tone and detail, the major AI assistants share a common baseline. Understanding these three points covers most of what matters:

1. Your conversations are stored on their servers. The text you type — and the AI's replies — travels over the internet and is retained, at minimum for a period of days. This is necessary for the service to function: chat history, abuse monitoring, and safety review all depend on it.
2. Your inputs may be used to improve the model. By default, most consumer AI services reserve the right to use your conversations as training data. This is typically opt-out, not opt-in. Business and enterprise tiers often have stricter defaults.
3. Human reviewers may read your conversations. AI companies employ safety teams and quality reviewers. Conversations that are flagged, reported, or selected for quality sampling may be read by a person. This is disclosed in each policy, but it surprises many users who assume everything is processed only by machines.

ChatGPT — what's stored and how to opt out

As of 2026, OpenAI's privacy policy states that conversations with ChatGPT may be used to train and improve their models. This applies to free and Plus accounts by default.

To opt out: go to Settings → Data Controls → "Improve the model for everyone" and toggle it off. When you do, OpenAI states your conversations will not be used for training. However, they are still stored for approximately 30 days for abuse monitoring and safety purposes — opting out of training is not the same as opting out of storage.

ChatGPT Team, Business, and Enterprise plans have the training opt-out applied by default. If you use ChatGPT for work through a managed account, your organization may have already made this choice on your behalf.

Claude — what's stored and how to opt out

Anthropic's privacy policy, as stated in 2026, indicates that conversations sent to Claude.ai are stored on Anthropic's servers and may be used to improve their models unless users opt out.

To opt out on Claude.ai: go to Settings → Privacy → "Feedback & improvement" and disable the relevant option. As with other services, opting out of model training does not cause your conversation history to be immediately deleted — Anthropic retains data for operational and safety purposes.

Claude for Work (Teams and Enterprise) accounts are subject to a stricter data handling agreement. Anthropic's usage policies for these tiers explicitly restrict how conversation data can be used, and training on customer data is not the default.

Gemini — what's stored and how to opt out

Google's Gemini apps are governed by Google's broader privacy framework. As of 2026, Google states in its policy that conversations with Gemini may be reviewed by human reviewers and used to improve Google products and services.

To limit data retention: go to your Google Account settings and turn off Gemini Apps Activity. When this activity setting is off, your conversations are not saved to your Google Account. When it is on, conversations may be stored and, according to Google's policy, reviewed by human annotators as part of their quality and safety processes.

Google Workspace accounts — the kind used by businesses and schools — have different defaults, and administrators control data handling settings at the organizational level.

Side-by-side: what each service does with your data

What "opted out" doesn't mean

This is the part most people miss. Opting out of model training is a meaningful choice — your conversations won't be fed into future training runs. But it is not the same as having your data deleted, and it does not mean your conversations were never stored.

After you opt out of training on ChatGPT, for example, your conversations are still retained for approximately 30 days for abuse monitoring. This is a reasonable operational requirement: if someone later reports a harmful interaction, the company needs to be able to investigate. But it means your data exists on their infrastructure for a period of time regardless of your training preference.

Opting out also doesn't protect against a legal demand. If a court or regulator compels disclosure, stored data can be subject to that process regardless of your privacy settings. This is true of most cloud services, not just AI tools.

If these distinctions matter for your use case, the only complete solution is to ensure the data never reaches an external server in the first place.

The local AI alternative

Outlier takes a structurally different approach. The AI model runs entirely on your Mac — there is no server, no account, and no internet connection required or used during inference. When you type a prompt, it is processed locally by a model stored on your device. The response is generated locally. Nothing is transmitted.

There is no privacy policy for Outlier's AI conversations because there is nothing to disclose. A privacy policy exists to explain how a service handles your data. When there is no data leaving the device, there is no policy needed for that data.

This is sometimes called "architectural privacy" — the guarantee comes from how the system is built, not from a promise made in a document. Documents can change; architecture is harder to change without you noticing.

When cloud AI privacy policies matter most

For most everyday tasks — writing emails, explaining a concept, drafting a social post — the data handling practices of cloud AI services are unlikely to cause any practical harm. The trade-off of convenience against some degree of data sharing is one most users make comfortably every day with dozens of apps.

The calculus changes in a few specific situations:

• Client confidentiality. Lawyers, accountants, therapists, and consultants often have professional or legal obligations not to share client information with third parties. Whether a cloud AI service constitutes a "third party" under a given professional standard is a question worth raising with a compliance officer, not assuming away.
• Unreleased business strategy. Drafting a competitive analysis, a product roadmap, or M&A documents in a cloud AI tool means that content is stored on another company's infrastructure. Most companies have policies about this; many employees don't check them before using personal AI accounts for work.
• Health and financial information. These categories attract heightened regulatory scrutiny in many jurisdictions. Depending on context, using a general-purpose cloud AI to process this information may have compliance implications.
• Contractor and NDA-covered work. If you've signed an NDA that prohibits sharing certain information with third parties, your AI tool's privacy policy may be relevant to whether using it for that work is permissible.

In each of these cases, local AI — where nothing leaves the device — removes the question entirely rather than requiring you to navigate each service's opt-out settings and retention schedules.