Protecting your business in the age of AI
As we move deeper into 2026, the question for most businesses has shifted from "Should we use AI?" to "How do we use AI without leaking our trade secrets?"
The fear is real. You do not want your private financial spreadsheets or internal strategy memos being used to train the next version of a public model. This guide covers everything you need to know about enterprise AI data privacy and how to set up a "safe harbor" for your company data.
The hidden cost of free AI
The most important rule of modern data privacy is if you are not paying for the product, your data is likely the payment.
On the free tiers of tools like ChatGPT, Claude, Gemini, or others, the default settings often allow the provider to use your prompts and uploaded files to "improve their models." This means your private business data could influence the future answers the AI gives to other people.
That much most people already know. But, pay close attention to the next section.
Paid plans do not automatically mean your data is safe
Here is a common mistake: a business owner signs up for ChatGPT Plus, Claude Pro, or Gemini Pro, assumes their data is now protected, and starts pasting in customer contracts and internal financials.
This assumption is dangerous.
Paid personal subscriptions like ChatGPT Plus, ChatGPT Pro, Claude Pro, and above are still governed by consumer privacy terms in most cases. Depending on your settings and the provider, your conversations on these plans can still be used to improve future models. The simple act of upgrading from a free plan to a $20 or $200 monthly subscription does not flip a legal switch that protects your business data.
The plans that include real data protection are the Team and Enterprise tiers, where providers sign a legal agreement stating your data will not be used for model training.
Even then, some providers may retain your data for a short window (often 30 days) to check for policy violations, unless you have a formal "Zero Data Retention" (ZDR) agreement in place. More on that below.
2026 enterprise AI pricing comparison
Here is a quick breakdown of where the data protection begins:
| Provider | Minimum Tier for Data Privacy | Estimated Cost (Per User/Mo) | Key Security Feature |
|---|---|---|---|
| OpenAI | ChatGPT Team | $25 (Annual) | No training on your data. |
| Anthropic | Claude Team | $25 (Annual) | Zero Data Retention on request. |
| Gemini Business | $20 (Add-on) | Integrated with Google Workspace privacy. | |
| Microsoft | Copilot for M365 | $30 | Enterprise grade data protection. |
Note: The information in this table is subject to change. AI providers frequently update their pricing, features, and data policies. Please verify directly with each provider for the most current details.
Read each provider's terms carefully, as the exact language around data usage can vary. The key is to look for explicit statements about "no training" and "data retention policies."
Zero data retention: what it actually takes to get it
"Zero Data Retention" sounds like a feature you can toggle on in your account settings. For most providers, it is not. ZDR is a formal policy, often tied to a specific enterprise contract, and you usually have to go out of your way to get it.
Here is how each major provider handles it:
Claude (Anthropic)
Anthropic offers ZDR through their Claude for Enterprise plan. When it is enabled, your prompts and Claude's responses are processed in real time and never stored by Anthropic after the session ends.
ZDR is not turned on by default, even for enterprise customers. You have to specifically reach out to your Anthropic account team and request it for your organization. Each new organization requires a separate ZDR request. It does not roll over automatically if you create a new org under the same account.
It is also worth knowing what ZDR does and does not cover. It applies to Claude Code inference on Claude for Enterprise. It does not apply to claude.ai web chat, Cowork sessions, or any third-party integrations you connect to the platform.
- ZDR is available on Claude for Enterprise only (not Pro or Max personal plans)
- It is not enabled by default, you must contact your Anthropic account team to request it
- Each organization must request ZDR separately
- ZDR covers Claude Code inference, but not claude.ai chat or Cowork sessions
- If a session is flagged for a policy violation, Anthropic may retain that data for up to 2 years
- Read Anthropic's full ZDR documentation
OpenAI
OpenAI's data practices depend heavily on which product you are using and which plan you are on.
For ChatGPT Free and paid personal plans like Plus and Pro, OpenAI may use your conversations to train future models unless you manually opt out. You can turn this off by going to Settings > Data Controls > Improve the model for everyone and toggling it off. However, opting out on a personal plan is a settings change, not a legal contract. It is not the same as ZDR.
The ChatGPT Team plan is the first tier where OpenAI contractually agrees not to use your data for training by default. The Enterprise plan goes further, offering Zero Data Retention as part of a formal agreement with OpenAI.
For API users, ZDR is available through a special enterprise agreement, where data is not retained beyond the immediate request.
- ChatGPT Free, Plus, and Pro: data may be used for training by default unless you opt out in settings
- ChatGPT Team: no training on your data by default
- ChatGPT Enterprise: ZDR available through a formal agreement with OpenAI
- API ZDR: requires enterprise agreement; contact OpenAI's sales team to get started
- See OpenAI's enterprise privacy page
Google Gemini
Google draws a clear line between its consumer Gemini products and its business offerings.
If you use the free version of Gemini or even Gemini Advanced through a personal Google One AI Premium subscription, Google's standard consumer privacy terms apply. That means your conversations may be reviewed by human reviewers to improve Google's products and safety systems.
The situation changes when you move to a business or enterprise context. For Google Workspace customers using Gemini through their organization's account, Google does not use your prompts or responses to train its AI models.
For the strongest data protections, businesses should be using Gemini through a managed Google Workspace Business or Enterprise account. Consumer Google accounts, even paid ones, do not carry the same contractual data protections.
- Free Gemini and Google One AI Premium: consumer terms apply, conversations may be reviewed and used for product improvement
- Google Workspace Business/Enterprise: prompts and responses are not used to train Gemini models
- You can turn off Gemini Apps Activity in your Google Account settings, but this limits functionality
- True ZDR requires a Google Workspace enterprise agreement, not a personal subscription
- Read Google's Gemini data and privacy FAQ
Microsoft Copilot
Microsoft has two very different "Copilot" products, and confusing them is a costly mistake.
The free Microsoft Copilot available at copilot.microsoft.com operates under consumer privacy terms. If your employees are using this version on personal accounts, your data is not protected under any enterprise agreement.
Microsoft 365 Copilot, the paid product built into your organization's Microsoft 365 subscription, is a completely different situation. Microsoft explicitly states that prompts, responses, and data accessed through Microsoft Graph are not used to train the foundation LLMs that power Copilot. This protection is baked into the Microsoft Products and Services Data Protection Addendum (DPA) that your organization agrees to when subscribing to Microsoft 365.
This means that if your team is already on Microsoft 365 Business or Enterprise and using Copilot through that subscription, the data protection commitments are in place as part of your existing contract. You do not need to make a separate request for ZDR the way you would with Claude.
- Free Copilot (copilot.microsoft.com): consumer terms, not protected under an enterprise agreement
- Microsoft 365 Copilot (paid M365 subscription): prompts and responses are NOT used to train foundation LLMs
- Enterprise Data Protection (EDP) is built into Microsoft 365 Copilot subscriptions by default
- Data is covered by the Microsoft Products and Services Data Protection Addendum (DPA)
- Web search queries sent through Copilot to Bing are handled separately and have different data practices
- Read Microsoft's enterprise data protection documentation
Why agents aren't "going rogue": the sandbox method
A major concern for business owners is the idea of an AI agent "wandering" through their entire computer and exposing sensitive files.
Tools like Claude Cowork have addressed this with a "Sandbox" architecture. When you launch an agent on your desktop, it does not have raw access to your hard drive. Instead, it runs in an isolated virtual environment (a sandbox) and is strictly confined to the specific folders you grant it access to.
The other major providers are also scoped to specific ecosystems rather than your local machine. ChatGPT only sees files you explicitly upload into the conversation window. Nothing on your computer is reachable unless you put it there yourself.
Gemini is a bit different and worth understanding carefully. When connected to your Google Workspace account, it can search and read across your entire Google Drive, not just specific folders you point it to. Your local desktop files are out of reach, but everything inside Drive that you have permission to view is fair game. This makes proper Drive hygiene important. If sensitive files are sitting in loosely shared folders, Gemini can reach them. The best practice here is to use Google Shared Drives with tightly controlled membership, apply sensitivity labels where available, and audit your Drive permissions regularly so that broad AI access does not expose files that were only meant for a small group.
Microsoft Copilot works similarly across your Microsoft 365 environment, including OneDrive, SharePoint, Teams, and email. It can access anything in that ecosystem that you have permission to see, which is powerful but also means your existing permission structure matters a great deal. If a SharePoint folder is open to the whole company, Copilot can pull from it when answering questions on behalf of any employee. Microsoft recommends using sensitivity labels through Microsoft Purview to restrict what Copilot can surface, and admins can configure data loss prevention policies to add another layer of control.
The short version for both: neither Gemini nor Copilot can touch your local file system or go outside their cloud ecosystem. But within their ecosystems, they read broadly. Clean permissions and proper access controls are what actually keep sensitive files out of reach.
Common business privacy questions
1. Can my employees use AI without me knowing?
Without a corporate plan, employees often use their personal free accounts, which puts your data at risk of being used for training. Providing a secure Team tier is the best way to prevent this.
2. Is the data encrypted?
Standard enterprise tiers use AES-256 encryption for data "at rest" and TLS 1.3 for data "in transit." This means that even if the data was intercepted, it would be unreadable.
3. What about compliance (HIPAA, GDPR)?
If you are in healthcare or handle European data, you cannot use free tiers. You must sign a Business Associate Agreement (BAA) or a Data Processing Addendum (DPA), which are only available on Enterprise plans.
Your enterprise AI data privacy checklist
If you are adopting AI agents or assistants into your business today, follow these steps:
1. Stop using free tiers for any task involving non-public information.
2. Do not assume a paid personal plan is enough. Plus, Pro, Max, and similar consumer subscriptions do not give you the same protections as a Team or Enterprise contract.
3. Ask for ZDR explicitly. For Claude in particular, you must contact your Anthropic account team and request Zero Data Retention for your organization. It does not activate on its own.
4. Read the fine print. ZDR policies vary by provider and sometimes by feature within the same provider. Know what is and is not covered before you share anything sensitive.
5. Use specific folder access for agents like Claude Cowork. Never grant "Full Disk Access" to an AI tool.
By treating AI like a digital contractor with limited permissions, you can unlock the productivity gains of 2026 without compromising your company secrets. For practical ideas on how to deploy these tools safely, check out our top AI agent use cases.
A note on legal and financial advice
Nothing in this article, or anywhere else on this website, should be considered legal or financial advice. The information here is intended for general educational purposes only.
Data protection laws, contractual rights, and compliance obligations vary depending on your industry, your location, and the specific agreements you have in place with your software providers. What applies to one business may not apply to yours.
If you have specific concerns about your data protection rights, your obligations under regulations like GDPR or HIPAA, or the terms of any AI service agreement, please consult a qualified legal professional. Getting the right advice for your situation is always worth it.
