The AI Privacy Breakdown: How the Top 5 Platforms Handle Your Client Data in 2026

After writing the last post about trusting AI with sensitive client information, I kept thinking about the natural next question:

"Okay, but which tools actually pass the test?"

Let's get specific.

I spent time going deep on five platforms — Claude, ChatGPT, Gemini, Grok, and Perplexity — across five criteria: data training policies, retention timelines, data processing agreements, third-party certifications, and Business Associate Agreements for anyone handling health-related information.

Here's what I found. Not as a compliance attorney. Not as a security expert. As a business owner who did the research so you don't have to start from scratch.

The Five Things That Actually Matter

Before the breakdown, here's the framework. When it comes to using AI tools with client data, there are five things worth understanding:

Training policies — Is the platform using your prompts and outputs to train their models?

Data retention — How long does your data live on their servers, and can you control it?

DPA availability — Does the platform offer a Data Processing Addendum (a legal agreement defining their role as a processor of your data)?

Certifications — What independent security audits have they passed? SOC 2 Type II and ISO 27001 are the ones to know.

BAA availability — If you work with clients in healthcare-adjacent fields, does the platform offer a Business Associate Agreement that allows you to handle protected health information?

Keep these five in mind as we go through each platform.

Claude (Anthropic)

Anthropic's Claude is the platform I know best — and I'll be upfront about that.

Training: Claude for Work, API usage, and enterprise deployments are explicitly carved out from Anthropic's consumer training program. If you're using Claude Free, Pro, or Max on a personal account, those enterprise protections do not apply by default — but you can opt out of data training in your privacy settings (Settings → Privacy → "Help improve Claude"). That opt-out is worth doing. Just know it's not the same as having a Data Processing Agreement in place.

Retention: On enterprise and API tiers, Zero Data Retention (ZDR) is available — meaning no prompts, no outputs, no metadata stored. It requires a signed security addendum and is not available on Team plans or the standard web UI.

DPA: Available for commercial accounts (Claude for Work and API). Not available on consumer tiers.

Certifications: SOC 2 Type II, ISO 27001:2022, and ISO/IEC 42001:2023 — which is actually the world's first AI management system certification standard. Strong stack.

BAA: The most restrictive to access of the five platforms. Not available on Claude.ai consumer tiers (including Max). Not available on Team plans. Available only at the Enterprise or API level with a ZDR agreement in place, and requires direct Anthropic approval.

Bottom line: Anthropic has strong data practices — but you need to be on the right tier and have the right agreements in place before you ever input client data.

ChatGPT (OpenAI)

Training: For ChatGPT Enterprise, Business, Edu, and API — inputs and outputs are not used to train models by default. Consumer ChatGPT (Free or Plus) operates under different terms, but you can opt out: Settings → Data Controls → turn "Improve the model for everyone" OFF. Worth doing. Same caveat as Claude — opting out is not the same as having a Data Processing Agreement.

Retention: Enterprise customers can configure custom retention windows and shorter timelines. Zero-data-retention options exist for certain API use cases.

DPA: Available for business customers. Covers GDPR, CCPA, and global privacy frameworks.

Certifications: The strongest certification stack of all five platforms. SOC 2 Type II, ISO 27001, 27017, 27018, 27701, and 42001. Also, PCI-DSS for payment components.

BAA: Available for ChatGPT for Healthcare and API healthcare customers. Must be signed before processing any protected health information.

Bottom line: OpenAI has the most comprehensive certification stack of the group. At the right enterprise tier, it's a strong option for professional services firms.

Gemini (Google)

Training: Under 2026 business and enterprise terms, Google contractually guarantees that prompts, inputs, and generated outputs are never used to train or fine-tune their global foundation models. No human review of business data. Consumer Gemini (free tier) operates differently — but you can opt out: go to Gemini Apps Activity and turn it off. When you do, future chats won't be used to train models. Heads up: turning this off also disables chat history, and Google still holds chats for 72 hours for safety checks. The same principle applies — opting out is not a Data Processing Agreement.

Retention: Admin-controlled. Auto-delete options at three, 18, or 36 months. Ephemeral mode available — if conversation history is off, data is held for 72 hours, then permanently purged.

DPA: Yes — the Cloud Data Processing Addendum (CDPA). Defines Google as the processor, the business as the controller.

Certifications: Tied with OpenAI for the strongest stack, and adds something unique: FedRAMP High authorization. That's the benchmark for U.S. federal government cloud services — and the most relevant certification if you work with public sector clients or want the highest available security bar.

BAA: Available for covered services (Gmail, Docs, Sheets, Gemini for Workspace). Important note: does not cover employees using personal Google accounts or shadow AI tools.

Bottom line: If your clients include government entities or public sector organizations, Gemini's FedRAMP High certification is a legitimate differentiator. For everyone else, it's simply a very strong enterprise option.

Perplexity AI

Training: Enterprise and Enterprise Pro customers are contractually protected from having their data used to train models. Consumer users can opt out: Settings → Preferences → find the "AI Data Retention" toggle and turn it off. That stops future data from being used for model improvement. Same principle — opting out is not a Data Processing Agreement.

Retention: Under their Data Processing Addendum, personal data from customer inputs is stored only as long as needed to provide services, and for up to 30 days after service termination. Enterprise customers can set stricter policies and manage deletion directly.

DPA: Yes — incorporated into Enterprise Terms of Service and API Terms. Includes EU Standard Contractual Clauses and UK addendum language.

Certifications: SOC 2 Type II certified. GDPR-aligned.

BAA: Available for enterprise customers handling PHI. Must be executed before processing any protected health information.

Bottom line: Solid enterprise data practices, particularly for the research and synthesis use cases Perplexity is built for. SOC 2 Type II is the key certification; ISO standards are not explicitly listed in their documentation.

Grok (xAI)

Training: For Grok Business and Enterprise users, xAI does not train AI models on user data. Consumer users can opt out: in the Grok app, go to Settings → Data Controls → turn off "Improve the Model." If you access Grok through X, the setting lives at Settings and Privacy → Privacy and Safety → Data Sharing and Personalization. Same principle — opting out is not a Data Processing Agreement.

Retention: 30-day default retention for inputs and outputs. Enterprise Vault users have customer-managed encryption keys, but the same 30-day default applies.

DPA: Available for Business and Enterprise users. Aligns with GDPR, UK GDPR, and Swiss FADP.

Certifications: SOC 2 compliance confirmed. ISO 27001 certification has not been documented in official xAI sources as of this writing. This is the weakest certification stack of the five platforms.

BAA: Available upon request for Enterprise users — but requires completion of a BAA questionnaire for review before xAI follows up. It is not a standard offering. The most restrictive BAA process alongside Claude's.

Bottom line: Grok is the newest and youngest of the five companies. That's not automatically disqualifying, but it is context. For internal brainstorming, strategy work, or content development? Fine. For workloads involving regulated client data? It carries the highest risk profile of the group.

What This All Actually Means

Here's the thing none of the platform comparison posts tell you: the platform matters less than the tier you're using.

Every one of these five tools has a consumer version that is not safe for client work, and a business or enterprise version with real protections. The mistake most professional services business owners are making isn't choosing the wrong platform. It's using the wrong tier of the right one.

The legal line is the Data Processing Addendum. None of the five platforms offers a DPA to consumer users. All five offer one at the business or enterprise level. If you're doing client work on a free or personal subscription, you have no legal agreement in place — regardless of which tool it is.

And the training policies? Consistent across all five at the enterprise level. Every platform commits to not training on business user data by default. The risk lives in consumer accounts.

One more thing worth noting: if you work in or adjacent to healthcare, insurance, financial services, or any regulated industry, the Business Associate Agreement question is not optional. It requires the right tier, a separate request, and, in some cases, a review process. It is never automatic. Build that into your vendor evaluation before you need it.

If this blog sparked more questions than answers — that's exactly where the work begins. The Wilson Protocol Intensive is built to help you implement an AI partnership in your business with intention, not guesswork. Learn more here. Or if you're just getting started, the free AI Partnership Audit is a good place to start.

3 Key Takeaways

1. The tier gap is universal — and it's where the risk lives. Every platform has a consumer version that is not appropriate for client data and an enterprise version with real protections. If you're doing client work on a personal subscription, you're exposed — regardless of which tool you chose.

2. Data Processing Agreements are the legal baseline. A DPA is the legal contract that defines the platform's role as a data processor. All five platforms offer one at the business or enterprise level. None offers one for consumer users. That line is where your legal protection begins.

3. Grok is the outlier for regulated work, and Anthropic's BAA is the hardest to access. If you work with regulated client data, Grok carries the highest risk profile (fewest certifications, youngest company). If you need a BAA specifically, Claude requires the Enterprise or API tier, a ZDR agreement, and direct Anthropic approval. Google and OpenAI have the most accessible BAA processes of the five.

Disclaimer: The experiences shared are personal results. Individual outcomes may vary. This content is for informational purposes only and does not constitute legal, financial, medical, psychological, or professional advice.