What happens to the data you send to an AI model

When your team types something into an AI tool, that text leaves your company. What the provider does with your data and what to demand before approving the tool.

What happens to the data you send to an AI model

Someone on your team pastes the draft of a contract into an AI tool so it can summarize it. In that instant, that contract stops living only inside your company. It travels across the internet to another company’s servers, which may sit anywhere in the world, and gets processed there.

The question that matters is not whether this happens. It always does: that is how these tools work. The question is what the provider does with that contract once it has it. And the answer depends, more than on anything else, on the plan you have signed up for. The same text handled under a free account and under an enterprise account gets treated differently.

This article is not legal advice. It is a guide to understanding the mechanics and knowing what to ask before your team starts feeding company information into a system you do not control.

What “sending data to a model” means

It is worth pausing on two words you will read over and over.

An AI model (you will also see it called an LLM, short for “large language model”) is a program that lives on the provider’s servers, not on the computer of whoever uses it. When you open ChatGPT, Claude, or Gemini in your browser, you download nothing: you type into a window and your text travels to that remote program, which replies.

The prompt is simply what your team writes: the instruction, the question, the document they paste. All of that is the prompt.

Think of it like sending a document to an outside print shop. The shop does its job and hands you back the result. But the original has left your office, passed through their hands, and, depending on the agreement you have with them, they might keep a copy, might use it to fine-tune their machines, or might destroy it the moment they finish. With an AI provider it is the same. The difference is that almost nobody reads the “agreement with the print shop”.

Diagrama de flujo: un dato sale de tu empresa cuando alguien escribe un prompt, viaja a los servidores del proveedor y allí se bifurca según el plan contratado en entrenamiento del modelo, retención y subencargados
The journey of a piece of data: it leaves your company, reaches a third party’s servers, and its treatment depends on the plan.

The question that decides almost everything: do they train on what you send?

Training a model means using texts to improve it. If your prompts enter that process, fragments of what your team wrote can end up influencing the system and, in the worst case, surface indirectly in answers to other users.

Here is the dividing line almost nobody looks at: the consumer plan behaves differently from the enterprise plan.

On free or personal plans, the general rule among the big providers is to use conversations to improve the model, unless the user goes into the settings and turns it off. OpenAI works this way on ChatGPT consumer accounts[1]. Anthropic changed its consumer terms to ask the user to decide: if they accept the use for training, their retention period grows considerably; if they do not accept, it stays short[3]. Google, on the free version of Gemini, uses activity for training unless you disable it[4].

On enterprise plans and API access (the technical route that applications use to connect to the model), the usual practice from the same providers is the opposite: they do not train on your data by default. OpenAI states this for ChatGPT Enterprise, Team, and the API[1][2]. Google says the same for Workspace, Cloud, and its API[4]. Anthropic excludes its commercial plans from use for training[3].

This is not a minor detail of the fine print. It is the difference between your contract summary feeding a third party’s system or not. And it comes down to a checkbox and an account type.

Tabla comparativa entre plan de consumo y plan de empresa o API en cuatro dimensiones: entrenamiento con tus datos por defecto, retención, residencia de datos en la UE y contrato de tratamiento firmado
Consumer plan versus enterprise plan: where the treatment of your data changes.

Even if they don’t train, how long do they keep your data?

That a provider does not train on your prompts does not mean it deletes them instantly. Almost all of them keep a copy for a while, mainly to detect abusive use and for security. That is called retention.

That period varies a lot. It can be a few days, it can be a month, and it can stretch to years once the user has accepted that their data be used to improve the model. On Anthropic’s consumer accounts, for example, retention jumps from a short window to five years the moment the user accepts the use for training[3]. Each provider has its own numbers and changes them over time, so the specific figure is something you have to ask for, not assume.

There are two questions worth asking every time: how long do you keep what I send? And, is there a zero-retention option so nothing is stored beyond the moment of the reply? Some enterprise plans offer it. If you handle sensitive information, that option is worth its weight in gold.

Where do those servers live?

When your team sends a text, that text is physically processed in a data center located in some country. If that country is outside the European Union, you enter the territory of international data transfers, which the GDPR regulates under specific conditions.

That is why it matters to ask where your data is processed and stored. The big providers offer, on their enterprise plans, EU data residency options: the guarantee that your information stays in European data centers. On consumer plans that guarantee normally does not exist.

If you handle personal data of European clients or employees, location is not a technical whim. It is part of what an inspector would ask you about.

The provider is not alone: subprocessors

Here comes the part most often overlooked. Your AI provider rarely does everything with its own means. It leans on other companies: the one hosting its servers, the one giving it computing capacity, the one providing support services. The GDPR calls those subcontracted companies that can also handle your data subprocessors.

It helps to be clear about the roles. Under the GDPR, your company is the data controller: you are the one who decides what data is handled and why, and the legal obligation falls on you. The AI provider is a processor: it handles that data on your behalf and following your instructions[5]. And when the provider subcontracts a third party, that third party is the subprocessor.

The chain has rules. The provider cannot bring in a subprocessor to handle your data without your authorization, must inform you of changes to that list, and must give you the chance to object[5]. If something goes wrong in the chain, the responsibility toward your clients does not disappear because you subcontracted it. It is still yours.

You work through this with judgment in the IA sin hype course, where we look at how to read a processing agreement without being a lawyer and what warning signs to watch for.

What to ask and demand before approving a tool

Before letting your team use an AI tool with company information, put these questions on the table. If the provider does not answer any of them clearly, that is already an answer.

What to askWhat you want to hear
Do you use what we send to train your models?No, not by default, on the plan we are going to sign up for
How long do you keep our data? Is there zero retention?A short, specific window, with an option not to keep it
Where is it processed and stored? Can we require EU residency?EU data centers available on our plan
Do you sign a data processing agreement (DPA)?Yes, and they hand it over for us to review
Who are your subprocessors and how do you notify us of changes?An accessible list and advance notice with an option to object
Which specific plan covers all of the above?The enterprise one, in writing, not the free one

The DPA (data processing agreement) is the contract that fixes all of this in writing. Without that signed document, the promises on the marketing website will not help you much the day something goes wrong.

One new concept every week

The mistakes that cost you

The most common one is believing that deleting the chat deletes the provider’s copy. You delete what you see on your screen. Whatever the provider stored in retention follows its own timeline, regardless of your “delete” button.

The second is treating the free plan and the enterprise plan as if they were the same tool at a different price. They are not, as far as your data is concerned. The free version your team uses “just to try it out” may be feeding a third party’s model with information you never authorized sharing.

And the third, quieter one: approving the tool without reading the processing agreement or asking about subprocessors. That is where a small business gets the scare months later, when client data is already circulating through a chain of companies it never reviewed.

Before deciding which tool comes into your company, it also helps to understand what tying yourself to a single provider means: you have it in the risks of depending on one AI provider. And if the focus is specifically on uploading client information, see what happens when you paste client data into ChatGPT.

Sources

  1. OpenAI, Enterprise privacy: openai.com/enterprise-privacy
  2. OpenAI, How your data is used to improve model performance: openai.com/policies
  3. Anthropic, Updates to Consumer Terms and Privacy Policy: anthropic.com/news
  4. Google, Generative AI in Google Workspace Privacy Hub: knowledge.workspace.google.com
  5. AEPD, Data controller and processor: aepd.es

Frequently asked questions

If my team uses the free plan, do they train on our data? As a general rule, yes, unless someone goes into the settings and turns that option off. On free plans, use for improving the model usually comes switched on out of the box.

Does deleting the conversation remove what the provider kept? Not necessarily. You delete your visible copy. The copy the provider keeps during its retention period follows its own timeline and its own rules.

Does signing up for an enterprise plan mean I already comply with the GDPR? It helps a lot, but it is not enough on its own. The enterprise plan gives you better guarantees (no training, EU residency, a processing agreement), but you remain the controller: you have to sign the DPA, review the subprocessors, and use the tool in a way that is consistent with what you declare. The general framework for your company is in the guide to GDPR and the AI Act for companies.

What if the servers are in the United States? You enter the territory of international transfers, which the GDPR only allows under certain conditions. It is not impossible, but it is a point you should review with whoever handles your data protection before moving Europeans’ personal information there.