Most generation AI companies rely on user data to train chatbots. To do this, we may look to public or private data. Some services are less invasive and more flexible when scooping up data from users. Others, not that much. A new report from the Data Deletion Service looks at the best and worst of AI when it comes to respecting personal data and privacy.
For that report.”Gen AI and LLM Data Privacy Ranking 2025“Incogni has investigated nine common generation AI services and applied 11 different criteria to measure data privacy practices. The criteria covered the following questions:
- What data is used to train the model?
- Can user conversations be used to train models?
- Can the prompt be shared with a non-service provider or other reasonable entities?
- Can I remove personal information from users from my training dataset?
- If the prompt is used for training, how clear is it?
- How easy is it to find information about how the model was trained?
- Is there a clear privacy policy for data collection?
- How easy is your privacy policy?
- Which source is used to collect user data?
- Is the data shared with third parties?
- What kind of data does AI app collect?
The providers and AI included in the study were Mistral AI’s LE Chat, Openai’s ChatGpt, Xai’s Grok, Anthropic’s Claude, fechefcseek, Deekseek, Microsoft Copilot, Google Gemini, and Meta AI. Each AI worked well on a few questions, but not like the others.
Also: Want to work for your business with AI? Next, privacy must come first
As an example, Grok did well by clearly informing us that prompts would be used for training, but did not work out the readability of the privacy policy. As another example, the grades given to ChatGpt and Gemini for data collection for mobile apps differed considerably between iOS and Android versions.
But across the group, Le Chat received the top prize as the most privacy-friendly AI service. We lost some points for transparency, but it still worked out in that area. Furthermore, its data collection is limited and earned high points on other AI-specific privacy issues.
ChatGpt ranked 2nd. Incogni researchers were slightly interested in how Openai’s models are trained and how user data interacts with services. However, ChatGpt can clearly present your company’s privacy policy, understand what happens with your data, and provide a clear way to limit your data usage.
(Disclosure: Ziff Davis, the parent company of ZDNET, filed a lawsuit against Openai in April 2025, claiming it infringed Ziff Davis’ copyright in training and operating AI systems.)
Grok came in third, followed by Claude and Pi. Each had issues in a particular area, but overall it worked pretty well by respecting user privacy.
“LeChat by Mistral AI is a platform that has not been violated by privacy, and ChatGpt and Grok are even more behind,” Incogni said in the report. “These platforms ranked the highest in terms of how data is used and collected, and how easy it is to opt out of opting out of the personal data used to train the underlying model. ChatGpt has proven to be most transparent about whether prompts are used for model training and have a clear privacy policy.”
For the bottom half of the list, Deepseek came in sixth, followed by Copilot and Gemini. It left meta AI in the last place, rated privacy-friendly AI services as the least.
Also: Apple plans to train AI with your data without sacrificing your privacy
Copilot recorded the worst of nine services based on AI-specific criteria, such as data used to train models and whether training allows users to use conversations. Meta AI took home the worst results across data collection and sharing practices.
“The platforms developed by the largest tech companies have proven to be the most privacy invasive. Meta AI (META) is the worst, followed by Gemini (Google) and Copilot (Microsoft),” Incogni said. “It appears that Gemini, Deepseek, Pi AI, and Meta AI don’t allow users to opt out of the prompts used to train models.”
In its investigation, Incogni found that AI companies share data with a variety of parties, including service providers, law enforcement agencies, members of the same company group, research partners, affiliates, and third parties.
“Microsoft’s privacy policy means that user prompts can be “shared with third parties running Microsoft’s online advertising services or using Microsoft’s advertising technology,” Incogni said in the report. “The Deepseek and Meta’s privacy policy indicates that prompts can be shared with companies within a corporate group. The Meta and human privacy policy can be reasonably understood to show that prompts are shared with research collaborators.”
Some services allow you to prevent prompts from being used to train your model. This is for ChatGpt, Copilot, Mistral AI, and Grok. However, it seems impossible for other services to stop this type of data collection in accordance with our privacy policy and other resources. These include Gemini, Deepseek, Pi AI and Meta AI. On this issue, humanity said that it would not collect user prompts to train models.
Also: Your data is probably not AI ready – this is how to make it trustworthy
Finally, our transparent and easy-to-read privacy policy will help you understand what data is being collected and how you opt out.
“Having an easy-to-use, simply written support section that allows users to search for answers to privacy-related questions shows a significant improvement in transparency and clarity as long as they are up to date,” Incogni said. “Many platforms have similar data processing practices, but companies like Microsoft, Meta, Google, and others suffer from having a single privacy policy covering all their products, and a long privacy policy doesn’t necessarily mean that they can’t easily find the answer to their users’ questions.”
Get the top stories of the morning in your inbox every day Tech Today newsletter.
