Tools & AI9 min read

ChatGPT vs Claude vs Gemini for Business: Privacy & Compliance

ChatGPT Team, Claude Enterprise and Gemini for Workspace don't train on your content by default. A B2B comparison: DPA, BAA, retention, certifications.

By Pierre de ONYRI

For a business, the real question isn't “ChatGPT, Claude or Gemini?” but “which tier?”. On consumer accounts, your content can feed model training; on professional offerings — ChatGPT Team/Enterprise, Claude Team/Enterprise, Gemini for Workspace — training on your content by default does not happen, and a DPA, certifications and (case by case) a HIPAA BAA become available. That's the decisive switch in provider-side risk. But none of these offerings makes the risk zero: the data still leaves your environment. The only guarantee at the content level remains removing the sensitive parts before sending.

The real dividing line: the tier, not the brand

Comparing ChatGPT, Claude and Gemini “in general” leads to false conclusions, because the same provider applies radically different rules depending on the tier. On a consumer or free account, content can be used to train the models — that's exactly the “Shadow AI” terrain, where employees use personal accounts for lack of an enterprise plan. On professional offerings, default training disappears: OpenAI states that business data from ChatGPT Team, ChatGPT Enterprise and the API is not used by default to train its models (sharing data for training via the API is an explicit opt-in, off by default). Anthropic states that, by default, it uses neither the inputs nor the outputs of its commercial products (Claude for Work/Team, API, Claude Gov) to train its models — the only exception being a voluntary opt-in (e.g. clicking a thumbs up/down), in which case the conversation may be retained for up to 5 years after de-identification. Google specifies that in Workspace, prompts are customer data covered by the Cloud Data Processing Addendum, not used to train its models without permission, nor reviewed by humans outside your domain.

DPA, BAA and certifications: what covers compliance

Three contractual levers matter to an IT or data-protection lead. First the DPA (Data Processing Addendum), required by the GDPR as soon as you process EU residents' data: all three providers offer one for their professional services. OpenAI signs a DPA and supports the Standard Contractual Clauses; Anthropic automatically incorporates its DPA (with SCCs) into its Commercial Terms; with Google, Gemini in Workspace automatically benefits from the Cloud Data Processing Addendum because it's classed as a Core service. We cover this obligation in “Do you need a DPA to use AI at work?”.

Then the BAA (Business Associate Agreement), essential to process health data subject to HIPAA in the United States — and whose coverage varies sharply from one building block to another. OpenAI offers a BAA for ChatGPT for Healthcare, the API and, on a sales-managed account, ChatGPT Enterprise/Edu, but not for ChatGPT Business. Anthropic offers a BAA covering the first-party API and Enterprise plans (a HIPAA-ready configuration enabled self-service, BAA click-to-accept), but not Free/Pro/Max/Team or the Workbench/Console. With Google, Vertex AI and Gemini Enterprise offer a HIPAA BAA, but some building blocks (NotebookLM, Gemini in Chrome) don't. The practical rule: verify the exact product coverage, not just the provider's.

Finally the certifications, a signal of independent audit. OpenAI reports a SOC 2 Type 2 examination and ISO/IEC 27001:2022, 27017, 27018, 27701 certifications as well as ISO/IEC 42001:2023 (AI management) for the API, ChatGPT Enterprise and Edu. Anthropic holds ISO/IEC 27001:2022, ISO 42001 and SOC 2 Type I & II. Google reports for Gemini SOC 1/2/3, ISO 9001, ISO/IEC 27001, 27701, 27017, 27018 and 42001, plus FedRAMP High. All three play in the same league; the gaps read case by case, not as a brand hierarchy.

Retention, zero retention and data residency

On OpenAI's API as on Anthropic's, inputs/outputs are by default deleted within about 30 days (bounded retention for abuse monitoring and debugging). “Zero data retention” (ZDR) exists, but remains conditioned on approval and limited to certain eligible endpoints: it's not a simple switch, so many organizations stay on default retention. On residency, OpenAI offers at-rest storage of customer content in several regions (EU, United Kingdom, United States, Japan, Canada, etc.) for eligible customers. Google opened (starting June 9, 2025) data-region support for Workspace's Gemini features — EU, US or both processing, controllable down to the organizational-unit level, reserved for Enterprise Plus editions and Assured Controls add-ons; at-rest storage can be regionalized even if inference may involve Google's global infrastructure. Vertex AI also offers regional residency controls.

Here are the main enterprise dimensions, one offering per row. This comparison describes the professional offerings; consumer accounts differ, and we compare them in “Which AI chatbot is most private?”.

Pro offeringTrains by defaultDPABAA (US health)API retention / ZDR
ChatGPT Team / Enterprise / API (OpenAI)No by default (explicit API opt-in)Yes (signed, + SCCs)Healthcare, API, Enterprise/Edu (not Business)~30 days by default; ZDR on approval
Claude Team / Enterprise / API (Anthropic)No by default (exception: feedback opt-in)Yes (auto in Commercial Terms, + SCCs)API + Enterprise (not Free/Pro/Max/Team)~30 days by default; ZDR on approval
Gemini for Workspace / Vertex AI (Google)No without permission (prompts under DPA)Yes (Cloud DPA, auto for Core service)Vertex AI + Gemini Enterprise (not NotebookLM, Gemini in Chrome)Controls vary by edition; regional residency
Professional offerings. After Anthropic's Privacy Center, Google Workspace's Privacy Hub and the Usercentrics guide. Consumer accounts differ. Always verify the exact coverage of the product you target.
Diagram: at top, a prompt containing sensitive data (amber) reaches three AI pro offerings (dark cards) that receive the exposed data; at bottom, the same anonymized prompt lets only tokens through (cobalt) to those same offerings, with a validation checkmark.
After Anthropic's Privacy Center, Google Workspace's Privacy Hub and the Usercentrics guide. Pro controls reduce provider-side risk; content anonymization stays constant whatever the offering.

The shared limit — and the content-level guarantee

None of these pro offerings makes the risk zero. The controls — no default training, DPA, BAA, bounded retention, certifications, residency — reduce provider-side risk, but the sensitive content still leaves your environment and transits through a third party, often with about 30 days of retention. Anonymizing or tokenizing sensitive data upstream guarantees the content regardless of the chosen tier — and even lets you use consumer accounts without exposing the sensitive parts, since the tool only ever receives tokens.

  1. 1Ban Shadow AI: no professional use on free personal accounts — that's where content feeds training.
  2. 2Choose the right tier (Team/Enterprise/API/Workspace/Vertex) and verify, at the product level, the DPA, the BAA if health, and the certifications.
  3. 3Frame retention: request ZDR on eligible endpoints, otherwise plan for about 30 days of default retention.
  4. 4Anonymize the sensitive parts upstream — the only measure that holds whatever the tool, the tier or a court order.
  • Tier matters more than brand: pro = no training by default; consumer = potentially yes.
  • BAA and residency are verified per product, not per provider — coverage varies from one block to another.
  • The data leaves your environment in every case: only already-anonymized content is truly safe.

That's exactly what ONYRI Sanitize is for: the engine replaces sensitive data with reversible tokens before sending; detection and the token↔value mapping stay in your browser, and only anonymized text reaches the model. Whether you go through ChatGPT Team, Claude Enterprise, Gemini for Workspace or even a consumer account, the tool only finds tokens — not your real information. To go further: “Does an enterprise AI plan keep your data private?” and “Do you need a DPA to use AI at work?”.

Frequently asked questions

ChatGPT, Claude or Gemini: which one for a business on privacy?
None is inherently “safest” — the decisive gap is the tier, not the brand. On pro offerings (ChatGPT Team/Enterprise, Claude Team/Enterprise, Gemini for Workspace), none trains its models on your content by default, and all provide a DPA and certifications (SOC 2, ISO 27001/42001). Compare instead, case by case, the BAA if you process health data, API retention and residency. But the data leaves your environment in every case: anonymizing the sensitive parts before sending remains the content-level guarantee.
Do AI pro offerings train on our business data?
No by default. OpenAI states that data from ChatGPT Team, Enterprise and the API is not used by default for training (explicit API opt-in). Anthropic does not by default use the inputs/outputs of its commercial products, except a voluntary opt-in (a thumbs up/down feedback). Google does not use Workspace prompts to train its models without permission. This is the opposite of consumer accounts, where training can be on by default.
Who offers a HIPAA BAA for health data?
All three, but coverage varies by product. OpenAI offers a BAA for ChatGPT for Healthcare, the API and ChatGPT Enterprise/Edu (sales-managed account), but not for ChatGPT Business. Anthropic covers the first-party API and Enterprise plans (HIPAA-ready self-service), but not Free/Pro/Max/Team or the Workbench. With Google, Vertex AI and Gemini Enterprise offer a BAA, but NotebookLM and Gemini in Chrome don't. Always verify the exact block before processing health data.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next