Spell-check for privacy
Blog
AI data leakage 8 min read

Free vs business AI accounts: the privacy difference

The biggest privacy variable in AI tools is not which tool your team picks. It is which account tier sits underneath it. A free login and an enterprise licence process the same prompt under very different terms.

A decision-maker choosing between a free and a business AI account for the team
Quick answer

The account tier decides the privacy difference, not the tool. Free and personal AI accounts (ChatGPT Free/Plus/Pro, Gemini Apps, consumer Copilot, Claude Free/Pro) run under consumer terms, can use input for model training unless the user opts out, and give the organisation no data processing agreement and no central admin control. Business and enterprise tiers (ChatGPT Team/Enterprise/Edu, Gemini for Workspace, Microsoft 365 Copilot, Claude Team/Enterprise) exclude data from training by default, offer a data processing agreement, and give admins control. Even on the right tier, one gap remains: the moment an employee pastes sensitive data into the prompt.

01

The account tier, not the tool, is the biggest privacy variable

02

Free and personal accounts can use input for training unless the user opts out

03

Business and enterprise tiers exclude data from training by default and offer a data processing agreement

04

Only a business tier gives admins central control over members, settings, and sharing

05

Even on the right tier, the paste moment is the gap settings do not close

A finance director has signed off on AI for the team. The request looked simple: let people use ChatGPT to speed up the month-end close. Then the IT lead asked one question back. "Which ChatGPT do you mean?"

It is the question that decides everything. One person on the team has a free account. Another pays for Plus out of pocket. A third has a Workspace licence that came in through a marketing subscription. Three answers of "ChatGPT", three different privacy stories. The tool on screen looks identical. What sits underneath is not.

For a leader making the call, that is the whole point. The biggest privacy variable is not which AI tool the team picks. It is which account tier runs underneath it.

Same screen, different terms

A free or personal account is built for an individual, not an organisation. That creates three consequences at once.

Input can be used to improve the model. On most consumer tiers this is on by default, and the user has to turn it off. There is no data processing agreement, so the organisation has no contractual say in how the vendor handles personal data. And there is no admin who can manage settings, members, or shared links centrally. Everything sits with the individual user.

A business or enterprise tier reverses all three. Data is excluded from training by default. There is a data processing agreement under GDPR. And an admin can manage members, apps, settings, and sharing.

That difference matters more in practice than the choice between ChatGPT and Gemini.

The four vendors side by side

For the four tools most teams reach for, the gap between tiers looks like this.

Account tierTraining defaultData processing agreementAdmin control
ChatGPT Free, Plus, Pro (personal)Input can be used for model improvement unless the user opts out in Data ControlsNo, consumer termsNone, all settings sit with the user
ChatGPT Team, Enterprise, EduInput excluded from training by defaultYesMembers, apps, and settings; Enterprise adds SSO, SCIM, and retention
Gemini Apps (free, consumer)Chats may be used for improvement and may be reviewed by humansNo, consumer termsNone
Gemini for WorkspaceInput not used for training, not human-reviewedYes, under Workspace termsManaged through the Workspace console
Consumer CopilotConsumer terms; no enterprise data protectionNoNone
Microsoft 365 CopilotPrompts and responses not used to train the underlying models; EU Data Boundary appliesYes, under Microsoft termsManaged through the Microsoft 365 environment
Claude Free, Pro, Max (consumer)Since late 2025, chats are used for training unless the user opts outNo, consumer termsNone
Claude Team, EnterpriseInput under commercial terms, not used for training by defaultYesMembers and settings

A few rows need context.

At OpenAI, the model trains on input from personal ChatGPT Free, Plus, and Pro accounts by default; the user turns it off under Settings, Data Controls, "Improve the model for everyone". For Team, Enterprise, and Edu, input is excluded from training by default (source: OpenAI, enterprise privacy, accessed June 2026).

Google draws the sharpest consumer-versus-business line. Gemini Apps may use chats for improvement, and human reviewers can see anonymised samples. Gemini for Workspace does not use input for training and is not human-reviewed (source: Google Workspace, AI privacy, accessed June 2026).

Microsoft is just as clear: Microsoft 365 Copilot does not use prompts and responses to train the underlying models, with the EU Data Boundary keeping EU traffic inside the EU. The consumer version of Copilot does not carry that enterprise data protection (source: Microsoft Learn, enterprise data protection, accessed June 2026).

Anthropic changed its consumer terms in late 2025. Since then, chats from Free, Pro, and Max users are used for training unless someone opts out; existing users had to choose by 28 September 2025. Enterprise, education, and API accounts were excluded from that change and run under commercial terms where input is not used for training by default (source: Anthropic, updates to consumer terms, August 2025).

The pattern holds: the four vendors differ in the details, but the dividing line falls between consumer and business every time, not between one brand and another.

Why this is a leadership decision

A free account is a choice made by an individual. A business licence is a choice made by the organisation. That is exactly where the governance question sits.

While teams run on free accounts, no one knows centrally which settings are on, which shared links are circulating, or which data has landed in which history. There is no data processing agreement to fall back on when a regulator asks under what terms the tool was running. And when someone leaves, their access walks out the door with everything in it.

Menlo Security's 2025 report shows how ordinary this is: 68% of employees used free AI tools through a personal account, and 57% of those entered sensitive data (source: Menlo Security, August 2025). That is not recklessness. It is a free account that was already open when the work arrived.

So choosing the right tier is not an IT detail. It decides whether the organisation has any legal and governance footing at all for the AI use that is already happening.

How to choose as a leader

The decision comes down to a few questions.

Does the team work regularly with personal data, customer records, or confidential context? Then a managed business or enterprise tier with a data processing agreement fits, with training excluded and central control. A personal account is not an approved environment for that work.

Do you need SSO, roles, retention policy, or data residency? That points to the enterprise tiers, which add those controls on top of the standard business protection.

Is the team still on free accounts today? The first step is not a ban but moving the work to a managed tier. A ban on its own just pushes use to accounts you cannot see.

For the legal footing, it helps to have your GDPR measures for AI use and the data processing agreement per AI tool lined up before you roll a tool out broadly.

What the right tier still does not solve

Say the decision is made. The team runs on a managed enterprise tier, training is off, the data processing agreement is signed, and the admin has control. Most of the account-level risk is now covered.

One thing remains. The account tier governs what happens to data after it reaches the tool. It does not decide whether the employee should have pasted the account number, the card number, or the health note in the first place.

A data processing agreement does not redact a prompt. A training exclusion does not notice that a screenshot shows a customer name in the browser tab. An enterprise tier does not stop someone sending a full HR file for a wording suggestion. The data still reaches the model; the difference is that it will not be used for training and falls under a DPA. That is real, but it is not the same as sharing less sensitive data.

What is left is the human moment: the few seconds where the employee can still see what is sensitive and remove, replace, or mask it.

Where BeeSensible fits

BeeSensible highlights sensitive data in text fields while the employee is still typing. Through the desktop app, detection runs entirely on the device and no text leaves the machine. For browser-only use, the extension sends the text to BeeSensible's EU detection service, where analysis runs in working memory and the text is discarded after detection. In ChatGPT, Gemini, Copilot, and Claude, names, email addresses, phone numbers, account numbers, card numbers, and other configured categories get a highlight before anyone presses Enter.

The user decides: remove it, replace it with a placeholder, or mask it. BeeSensible does not store the prompt text. Admins see patterns by category and application, without reading employee chats.

Outlook
New message
Todr.smith@clinic.co.uk
SubjectClient file: Jane Richards
Dear colleague, please find the file for client Jane Richards (BSN: 384920173). She can be reached at 06-12345678. See the attachment for the full care plan.
BeeSensible highlights sensitive details before send.

This works on any account tier, including the right one. A managed enterprise tier and a signed data processing agreement set the terms; the highlight in the text field handles the moment itself.

The account tier is the biggest lever a leader can pull. Set it to business, with a DPA and training excluded. Then cover the gap that is left, where AI data leakage usually begins: the ordinary paste, just before the prompt is sent.

FAQ

Common questions

What is the main privacy difference between a free and a business AI account?

The account tier, not the tool. A free or personal account runs under consumer terms: input can be used for model training unless the user opts out, there is no data processing agreement, and the organisation has no central control. Business and enterprise tiers exclude data from training by default, offer a data processing agreement, and give admins control over members and settings.

Do AI vendors train on free accounts?

On personal accounts, they can. OpenAI trains on input from ChatGPT Free, Plus, and Pro by default unless the user opts out in Data Controls. Since late 2025 Anthropic uses Free, Pro, and Max chats for training unless users opt out. Gemini Apps and consumer Copilot run under similar consumer terms. The business tiers exclude input from training by default.

Do you get a data processing agreement with a free AI account?

No. Free and personal accounts run under consumer terms, not a data processing agreement (DPA) under GDPR Article 28. A DPA comes with the business and enterprise tiers. Without one, the organisation lacks the legal footing to have personal data processed through that tool.

Can an admin manage the settings of personal AI accounts?

No. On a personal account the training setting, chat history, memory, and shared links all sit with the individual user. There is no central admin, no SSO, and no clean way to offboard when someone leaves. Only a managed business tier provides that control.

Does the right account tier solve the privacy risk?

Not fully. The right tier governs what happens to data after it reaches the tool. It does not decide whether the employee should have pasted the account number, card number, or health note. That paste moment is the gap settings leave open.

Which account tier is enough for work involving personal data?

For regular work with personal data, use a managed business or enterprise tier with a data processing agreement, training excluded, and central control of members and settings. A personal account is not an approved environment for customer, patient, employee, or case data.

See how BeeSensible works

Detect sensitive data before it leaves your team, in any app, in real time.