Comparison
ChatGPT vs. Claude vs. Gemini vs. Perplexity: A Data-Retention Breakdown
A blunt side-by-side of what each major consumer LLM does with your prompts as of 2025 — retention, training, human review and enterprise carve-outs.
PromptShielder Security Team· Applied cryptography & privacy engineering September 23, 2025 8 min read
ChatGPT (consumer)
- Retention: default on, controllable per chat and account-wide.
- Training: on by default, opt-out available.
- Human review: possible on flagged content.
- Enterprise/API: separate terms, Zero Data Retention available on request, BAA available.
Claude
- Retention: 30 days by default, longer if flagged.
- Training: off for consumer content by default (2024 policy).
- Human review: on flagged content only.
- Enterprise/API: separate terms, ZDR available, DPA available.
Gemini
- Retention: default on for Google Account, controllable.
- Training: on by default when Gemini Apps Activity is on.
- Human review: possible on sampled content.
- Enterprise/API: Workspace enterprise tiers have distinct terms, no training on customer content.
Perplexity
- Retention: default on, controllable per conversation.
- Training: on by default for the standard tier, opt-out available.
- Human review: possible.
- Enterprise: separate terms, no training on customer content.
Practical takeaways
- Enterprise tier with a DPA is the compliance floor.
- Redaction-before-send is the belt-and-braces layer.
- Policies change quarterly — re-read the one you rely on every quarter.
Frequently asked
Do any of these guarantee no human review?+
None do at the consumer tier. Enterprise tiers typically restrict human review to abuse investigations.
Which tier is safest to default to?+
The one your company has a DPA for and can enforce via SSO. Everything else is secondary.
Sources
ComparisonPrivacy