privacy

AI Privacy Audit: Who's Taking Your Data in March 2026

A comprehensive look at how major AI services handle your data, what they collect, and exactly how to opt out of training

Every major AI company wants your conversations. The question isn’t whether they’re collecting data - it’s how much, for how long, and whether you can stop them.

This month brings significant shifts: Anthropic’s opt-out training became the default for Claude consumer users, Microsoft patched a Copilot bug that was leaking confidential emails, and a massive breach exposed 300 million AI chat messages. Here’s the current state of AI privacy and exactly what you can do about it.

The Big Picture: Who’s Doing What

Let’s cut through the marketing and look at what each major AI service actually does with your data.

ChatGPT (OpenAI)

Consumer accounts (Free, Plus): Your prompts train models by default. OpenAI staff and contractors can review conversations for quality and safety. Data retained for 30 days for abuse monitoring.

Business accounts (Team, Enterprise, API): Training disabled by default. OpenAI states it won’t use business data unless you explicitly opt in. Zero Data Retention available through Enterprise Agreements.

The catch: Submitting feedback on any response - even a thumbs up - allows OpenAI to use that specific exchange for training, regardless of your general settings.

Claude (Anthropic)

The big change: Since September 2025, Anthropic flipped the default for Free, Pro, and Max users. Training is now enabled unless you actively disable it.

What opting in means: Anthropic retains your data for up to five years, compared to 30 days if you opt out. Deleted conversations won’t be used regardless.

Business exemptions: Claude for Work, Claude Gov, Claude for Education, and API usage through Amazon Bedrock or Google Vertex AI keep existing privacy protections - no training on your data.

Anthropic emphasizes they won’t sell data to third parties and filter sensitive information, but the shift to opt-out rather than opt-in marks a clear change in philosophy.

Google Gemini

Data collection scope: Gemini collects 22 different data types, making it one of the most data-intensive AI chatbots available. This includes conversations, location, feedback, and detailed usage patterns.

Human review: Google staff may review your conversations. Reviewed conversations are retained for up to three years - even if you delete your Gemini activity.

Retention: Default 18 months in your Google Account. You can limit this to 3 or 36 months. But even with activity turned off, conversations are stored for up to 72 hours to “facilitate service delivery.”

Enterprise: Google Workspace with Gemini offers controls that prevent input data from training models.

Microsoft Copilot

Enterprise protection: For Microsoft 365 Copilot, prompts and responses stay within the Microsoft 365 service boundary. Foundation models don’t train on this data.

The Anthropic connection: As of January 2026, Anthropic became a subprocessor for Microsoft 365 Copilot, though Microsoft’s Data Protection Addendum still applies.

Recent security incident: In late January 2026, Microsoft confirmed a bug that allowed Copilot to access confidential emails by bypassing Data Loss Prevention policies. The fix has shipped, but it illustrates how AI assistants with broad access can expose data in unexpected ways.

Midjourney

Everything is public: Every prompt and image you generate is visible by default. Stealth mode (paid feature) doesn’t delete existing images or prevent Discord from retaining data.

Training: There’s no way to opt out of prompt training. Privacy reviews rate Midjourney a 38 out of 100 (D+).

What they train on: A mixture of licensed data, copyrighted material (claimed under fair use), public domain content, and web-crawled images. Your prompts become part of this dataset.

DeepSeek

Hard pass. DeepSeek collects keystroke patterns as unique biometric identifiers. All data goes to servers in China, where the 2017 National Intelligence Law allows authorities to demand user data without notification.

The app has experienced documented security failures: a database breach exposing over one million records, iOS app transmitting data without encryption, and a 100% jailbreak success rate in security testing.

DeepSeek is banned by more governments and agencies than any AI platform in history. If you’ve used it, consider that data compromised.

Apple Intelligence

The privacy leader: Apple processes most requests on-device and doesn’t use personal data to train foundation models. Training data comes from licensed sources and public web content collected by AppleBot, filtered for personally identifiable information.

The tradeoff: Features are more limited than cloud-based competitors. If privacy is your priority, this is the right direction.

The Breaches Keep Coming

A February 2026 breach of the Chat & Ask AI app exposed 300 million messages from 25 million users due to a Firebase misconfiguration. Security researchers found that 103 of 200 iOS apps they scanned had the same vulnerability.

The messages included illegal activity discussions and mental health crises. This isn’t unique - 13% of organizations have reported AI model breaches, and 97% of those lacked proper access controls.

Meanwhile, 77% of employees have pasted company information into AI tools, with 82% using personal accounts rather than enterprise-managed services.

How to Opt Out: Service by Service

ChatGPT

  1. Click your profile icon → Settings
  2. Select Data Controls
  3. Toggle off “Improve model for everyone”

Note: This doesn’t affect data already collected. Use temporary chat mode for sensitive conversations.

Claude

  1. Go to claude.ai/settings
  2. Click Privacy or Data Privacy Controls
  3. Toggle off “Help improve Claude”

If you haven’t done this since September 2025, training is enabled by default.

Gemini

  1. Go to your Google Account → Data & privacy
  2. Find “Gemini Apps Activity” (now called “Keep Activity”)
  3. Set to Off or configure auto-delete

Remember: 72-hour minimum retention applies regardless.

Microsoft Copilot

Consumer Copilot: Review settings at account.microsoft.com under Privacy.

Enterprise: Your IT admin controls training settings. Ask them.

Midjourney

You can’t opt out of training. Your options:

  • Don’t use it for anything you want private
  • Accept that prompts are part of their training data

Voice Assistants

Alexa: Settings → Privacy → Alexa Privacy → Manage Your Alexa Data → Choose how long to save recordings (3 or 18 months) or delete all.

Google Assistant: Activity controls → Voice & Audio Activity → turn off or set auto-delete.

Siri: Settings → Siri & Search → Siri & Dictation History → Delete.

Quarterly Privacy Check

AI companies change settings without fanfare. What you configured six months ago might not be active today.

Every three months:

  1. Review privacy settings on each AI service you use
  2. Check for new toggles or renamed options
  3. Clear conversation history you don’t need
  4. Audit which AI tools have access to your accounts

Use temporary/incognito chat modes for sensitive queries. Claude, Perplexity, and Gemini all offer these - conversations aren’t saved or trained on.

What This Means

The trend is clear: AI companies are shifting from opt-in to opt-out for training data. Each service frames this as improving their models, which is true - but it also means your conversations become training material unless you actively prevent it.

Enterprise users generally have better protections. Consumer users need to be proactive. If you’re pasting sensitive information into any AI tool, verify your settings first.

The companies that prioritize privacy - Apple with on-device processing, Anthropic’s clear opt-out process, enterprise tiers with contractual guarantees - deserve recognition. The ones that make opting out difficult or impossible deserve scrutiny.

Your AI conversations are valuable. Treat them that way.