A finance director has signed off on AI for the team. The request looked simple: let people use ChatGPT to speed up the month-end close. Then the IT lead asked one question back. "Which ChatGPT do you mean?"
It is the question that decides everything. One person on the team has a free account. Another pays for Plus out of pocket. A third has a Workspace licence that came in through a marketing subscription. Three answers of "ChatGPT", three different privacy stories. The tool on screen looks identical. What sits underneath is not.
For a leader making the call, that is the whole point. The biggest privacy variable is not which AI tool the team picks. It is which account tier runs underneath it.
Same screen, different terms
A free or personal account is built for an individual, not an organisation. That creates three consequences at once.
Input can be used to improve the model. On most consumer tiers this is on by default, and the user has to turn it off. There is no data processing agreement, so the organisation has no contractual say in how the vendor handles personal data. And there is no admin who can manage settings, members, or shared links centrally. Everything sits with the individual user.
A business or enterprise tier reverses all three. Data is excluded from training by default. There is a data processing agreement under GDPR. And an admin can manage members, apps, settings, and sharing.
That difference matters more in practice than the choice between ChatGPT and Gemini.
The four vendors side by side
For the four tools most teams reach for, the gap between tiers looks like this.
| Account tier | Training default | Data processing agreement | Admin control |
|---|---|---|---|
| ChatGPT Free, Plus, Pro (personal) | Input can be used for model improvement unless the user opts out in Data Controls | No, consumer terms | None, all settings sit with the user |
| ChatGPT Team, Enterprise, Edu | Input excluded from training by default | Yes | Members, apps, and settings; Enterprise adds SSO, SCIM, and retention |
| Gemini Apps (free, consumer) | Chats may be used for improvement and may be reviewed by humans | No, consumer terms | None |
| Gemini for Workspace | Input not used for training, not human-reviewed | Yes, under Workspace terms | Managed through the Workspace console |
| Consumer Copilot | Consumer terms; no enterprise data protection | No | None |
| Microsoft 365 Copilot | Prompts and responses not used to train the underlying models; EU Data Boundary applies | Yes, under Microsoft terms | Managed through the Microsoft 365 environment |
| Claude Free, Pro, Max (consumer) | Since late 2025, chats are used for training unless the user opts out | No, consumer terms | None |
| Claude Team, Enterprise | Input under commercial terms, not used for training by default | Yes | Members and settings |
A few rows need context.
At OpenAI, the model trains on input from personal ChatGPT Free, Plus, and Pro accounts by default; the user turns it off under Settings, Data Controls, "Improve the model for everyone". For Team, Enterprise, and Edu, input is excluded from training by default (source: OpenAI, enterprise privacy, accessed June 2026).
Google draws the sharpest consumer-versus-business line. Gemini Apps may use chats for improvement, and human reviewers can see anonymised samples. Gemini for Workspace does not use input for training and is not human-reviewed (source: Google Workspace, AI privacy, accessed June 2026).
Microsoft is just as clear: Microsoft 365 Copilot does not use prompts and responses to train the underlying models, with the EU Data Boundary keeping EU traffic inside the EU. The consumer version of Copilot does not carry that enterprise data protection (source: Microsoft Learn, enterprise data protection, accessed June 2026).
Anthropic changed its consumer terms in late 2025. Since then, chats from Free, Pro, and Max users are used for training unless someone opts out; existing users had to choose by 28 September 2025. Enterprise, education, and API accounts were excluded from that change and run under commercial terms where input is not used for training by default (source: Anthropic, updates to consumer terms, August 2025).
The pattern holds: the four vendors differ in the details, but the dividing line falls between consumer and business every time, not between one brand and another.
Why this is a leadership decision
A free account is a choice made by an individual. A business licence is a choice made by the organisation. That is exactly where the governance question sits.
While teams run on free accounts, no one knows centrally which settings are on, which shared links are circulating, or which data has landed in which history. There is no data processing agreement to fall back on when a regulator asks under what terms the tool was running. And when someone leaves, their access walks out the door with everything in it.
Menlo Security's 2025 report shows how ordinary this is: 68% of employees used free AI tools through a personal account, and 57% of those entered sensitive data (source: Menlo Security, August 2025). That is not recklessness. It is a free account that was already open when the work arrived.
So choosing the right tier is not an IT detail. It decides whether the organisation has any legal and governance footing at all for the AI use that is already happening.
How to choose as a leader
The decision comes down to a few questions.
Does the team work regularly with personal data, customer records, or confidential context? Then a managed business or enterprise tier with a data processing agreement fits, with training excluded and central control. A personal account is not an approved environment for that work.
Do you need SSO, roles, retention policy, or data residency? That points to the enterprise tiers, which add those controls on top of the standard business protection.
Is the team still on free accounts today? The first step is not a ban but moving the work to a managed tier. A ban on its own just pushes use to accounts you cannot see.
For the legal footing, it helps to have your GDPR measures for AI use and the data processing agreement per AI tool lined up before you roll a tool out broadly.
What the right tier still does not solve
Say the decision is made. The team runs on a managed enterprise tier, training is off, the data processing agreement is signed, and the admin has control. Most of the account-level risk is now covered.
One thing remains. The account tier governs what happens to data after it reaches the tool. It does not decide whether the employee should have pasted the account number, the card number, or the health note in the first place.
A data processing agreement does not redact a prompt. A training exclusion does not notice that a screenshot shows a customer name in the browser tab. An enterprise tier does not stop someone sending a full HR file for a wording suggestion. The data still reaches the model; the difference is that it will not be used for training and falls under a DPA. That is real, but it is not the same as sharing less sensitive data.
What is left is the human moment: the few seconds where the employee can still see what is sensitive and remove, replace, or mask it.
Where BeeSensible fits
BeeSensible highlights sensitive data in text fields while the employee is still typing. Through the desktop app, detection runs entirely on the device and no text leaves the machine. For browser-only use, the extension sends the text to BeeSensible's EU detection service, where analysis runs in working memory and the text is discarded after detection. In ChatGPT, Gemini, Copilot, and Claude, names, email addresses, phone numbers, account numbers, card numbers, and other configured categories get a highlight before anyone presses Enter.
The user decides: remove it, replace it with a placeholder, or mask it. BeeSensible does not store the prompt text. Admins see patterns by category and application, without reading employee chats.
Outlook