Most generative AI companies rely on user data to train their chatbott. For that, they can turn to public or private data. Some services are less aggressive and more flexible that scooping data from their users. Other, not so much. A new report of data removal service looks at the best and worst AI to respect your personal data and privacy.
For its report “General AI and LLM data privacy ranking 2025“Incogni examined nine popular generative AI services and implemented 11 separate criteria to measure their data privacy practices. The criteria cover the following questions:
- Which data is used to train the model?
- Can a user conversation be used to train the model?
- Can signals be shared with non-service providers or other appropriate institutions?
- Can personal information from users be removed from training dataset?
- How clear is it if signals are used for training?
- How easy is it to get information about how the model was trained?
- What is a clear privacy policy for data collection?
- How readable is the privacy policy?
- What sources are used to collect user data?
- Is data shared with third parties?
- What data collect AI apps collected?
Research included the provider and AI in Mistral AI Ke Le Chat, OpenEE’s chat, XE’s Groke, Anthropic Cloud, Inflation AI K PI, Decsec, Microsoft Copillot, Google Gemini and Meta AI. Each AI did well with some questions and not with others as well.
Also: AI wants to work for your business? Then privacy needs to come first
As an example, Groke earned a good grade about how it clearly explains that signals are used for training, but did not do so well on the readability of its privacy policy. As another example, their mobile apps were quite different between the grade iOS and Android versions given to CHATGPT and Gemini for data collection.
Rear over the group, however, Le Chat took the top prize as the most privacy -friendly AI service. Although it lost some points for transparency, it still performed well in that area. In addition, its data collection is limited, and it scored high points on other AI-specific privacy issues.
Chatgpt is in second place. Incogni researchers were slightly worried about how the model of Openai is trained and how user interacts with data service. But Chatgpt clearly presents the company’s privacy policies, lets you understand what happens with your data, and provides clear ways to limit the use of your data.
(Disclosure: ZDNET’s original company Ziff Davis filed a case of April 2025 against Openai, alleging that it violates Ziff Davis copyright training and operating its AI system.)
Groke came in third place, then Cloud and Pai. Each had trouble in some areas, but overall the user was quite good in respecting privacy.
“Le Chat by Mistral AI is the least privacy-invasive platform, with a close back with chat and grooc,” Inclosure said in his report. “These platforms are at the highest place when it comes how transparent they are using how they use and collect the data, and how easy it is to select personal data used to train the underlying model. Catgpt turned out to be the most transparent whether the model would be used for training and was a clear secrecy policy.”
For the lower half of the list, Deepsek finished sixth, followed by Copilot, and then Gemini. Meta AI left at the previous location, evaluating the least confidentiality of the bunch of AI service.
Also: Apple planned to train his AI on his data without renouncing his privacy.
Copilot scored the worst of nine services based on the AI-specific criteria, such as what data is used to train models and whether user interactions can be used in training. Meta AI took the worst grade for its overall data collection and sharing practices.
“Platforms developed by the largest technical companies are the most privacy aggressive, Meta AI (META) is the worst, followed by Gemini and Copillot,” said that “said. “Gemini, Deepsek, PI AI, and Meta AI do not allow users to exit the signals used to train models.”
In his research, Gupta found that AI companies share data with various parties, including service providers, law enforcement, member companies of the same corporate group, research partners, colleagues and third parties.
“Microsoft’s privacy policy implies that user signals can be shared with third parties that do online advertising services for Microsoft or who use Microsoft’s advertising technologies,” said in the report. “The confidentiality policies of the lampsac and the meta indicate that the signals can be shared with the companies within its corporate group. Meta and anthropic’s privacy policies can be properly understood to indicate that signs are shared with research colleagues.”
With some services, you can prevent your signals from using to train models. It is a case with chat, Copilot, Mistral AI and Groke. With other services, however, stopping this type of data collection does not seem possible according to their privacy policies and other resources. These include Gemini, Deepsek, Pai AI and Meta AI. On this issue, Anthropic said that it never indicates the user to train its model.
Also: Your data is probably not ready for AI – here is mentioned how to make it reliable
Finally, a transparent and readable privacy policy sets a long way towards helping you find out what data is being collected and how to get out.
“Being an easy-to-use, only the written support section that enables users to find answers to the questions related to privacy, shown themselves to greatly improve transparency and clarity, as long as it is kept till date,” Inkogan said. “Many platforms have similar data handling practices, however, companies like Microsoft, Meta, and Google suffer from single privacy policy covering all their products and a long privacy policy does not mean that it is easy to find answers to users’ questions.”
Get top stories of morning with us in your inbox every day Tech Today Newsletter.
