Trains by default. Opt-out only future chats. Memory persists after deletion. Court order (May-Sept 2025) preserved deleted conversations. Operator retains screenshots 90 days. 30-day abuse screening retention even when opted out.

Training by default. Human reviewers retain conversations 3 years after deletion. 72-hour minimum even with activity off. 2025: uploaded files/photos for training (default-on). Google warns: don't enter confidential info.

DeepSeek is headquartered in Hangzhou, China and is a subsidiary of High-Flyer Capital Management, a Chinese quantitative hedge fund. China's National Intelligence Law (2017) requires all Chinese organisations to "support, assist, and cooperate with national intelligence work." DeepSeek's privacy policy explicitly states data is stored on servers in the People's Republic of China. In January 2025, Italy's data protection authority blocked DeepSeek for GDPR violations. Australia, Taiwan, and South Korea banned DeepSeek from government devices. The US Navy issued guidance prohibiting its use. Your prompts are stored on Chinese servers by a company legally required to hand them to Chinese intelligence on request.

Grok is integrated into X, which was acquired by xAI in March 2025. SpaceX then acquired xAI in February 2026. This means Grok training data, X user data, Starlink subscriber data, and Tesla vehicle data all flow to the same parent entity. Grok Voice Think Fast 1.0 handles Starlink sales calls, collecting names, addresses, phone numbers, email addresses, and account numbers. The same AI processes your social media posts, handles your phone calls, and powers ad targeting on X. One model, multiple data streams, no structural separation.

Class-action (2026, 135 pages): tracking sent chat data to Google and Meta before Perplexity processed it. Even in 'incognito mode' claiming 'anonymous threads.' Google/Meta co-defendants.

Within weeks of ElevenLabs' launch, users cloned the voices of Joe Biden, Emma Watson, and other public figures to generate fake audio. A deepfake Biden robocall reached New Hampshire voters before the 2024 primary, using AI-generated voice to discourage voting — the creator used ElevenLabs technology. 4chan users used ElevenLabs to generate racist and antisemitic audio in celebrities' cloned voices. ElevenLabs added verification requirements for voice cloning after the incidents, but the technology had already demonstrated that voice identity is no longer reliable. A voice clone of anyone can be created from seconds of audio.

In January 2026, security researchers discovered a Firebase misconfiguration that exposed over 300 million messages from 25 million users. The exposed conversations included mental health discussions, financial details, and illegal activities — the most intimate conversations people have with an AI chatbot. The database was accessible to anyone on the internet without authentication. A company that claimed enterprise-grade security and GDPR compliance left its entire conversation database open on the internet. 300 million of your most private thoughts, accessible to anyone who looked.

A code defect in Microsoft 365 Copilot bypassed sensitivity labels on Outlook emails for approximately four weeks in early 2026, exposing confidential content in Sent Items and Drafts — the second such failure in eight months. The European Parliament responded by disabling AI-powered features across 8,000 employee devices on February 17, 2026.