Welcome to The AI Brief.

Every week, you get clear, honest breakdown of what’s really happening in AI. No recycled press releases pretending to be insight. Just the developments that actually matter.

Every time you have typed something personal into ChatGPT, Gemini, or Claude, that conversation went somewhere. Medical questions, relationship problems, work situations you would not put in an email: stored on a server, kept after you deleted it in many cases, and in some cases read by a human being.

None of this is secret. It is in the privacy policies of every major AI company, written in language designed to be accurate rather than understood. The gap between what people believe they agreed to and what they actually agreed to is large, and it gets larger as these tools move deeper into daily work.

Let's get into it.

When you type a prompt, you summarize. When you speak one, you explain. Wispr Flow captures your full reasoning — constraints, edge cases, examples, tone — and turns it into clean, structured text you paste into ChatGPT, Claude, or any AI tool. The difference shows up immediately. More context in, fewer follow-ups out.

89% of messages sent with zero edits. Used by teams at OpenAI, Vercel, and Clay. Try Wispr Flow free — works on Mac, Windows, and iPhone.

Start flowing free

The most important distinction in AI privacy is one most users never make. "Not used for training" and "not retained" are two different things. AI companies keep them distinct in their policy documents and are much less careful about explaining the difference in their products.

All three major platforms, ChatGPT, Claude, and Gemini, keep your conversations longer than most users assume. Opting out of model training, where that option exists, removes your data from one specific use. It does not remove it from company servers on the same schedule. Conversations can persist well after you delete them, kept for safety review, legal compliance, and abuse prevention, and the exact timeline is rarely stated anywhere you would naturally find it.

The human review issue surprises people most. All three companies reserve the right to have employees read your conversations. This is not hidden. It is in each company's privacy documentation, described as safety monitoring, quality review, and policy enforcement. Most users have never seen that sentence because most users have never read past the first paragraph of a privacy policy.

OpenAI gives ChatGPT users a training opt-out under Data Controls, and it does what it says: your conversations are not used to improve future models. What it does not do is remove your data from OpenAI's systems on the same schedule as your delete button. Free tier users have historically had less protection than paid users, with more data going to training by default unless you go and change it.

Anthropic's Claude.ai works similarly. Consumer conversations may be used for training, with an opt-out in settings. The API is a different story: conversations sent through the API are not used for training by default, which is why developers and enterprise customers operate under stronger terms than the average consumer account. The same gap exists at OpenAI and Google.

Google's case is the most layered because Gemini sits inside an account system that includes Search, Gmail, and Workspace. The data connections possible across that system are a different thing altogether from a standalone AI product.

Gemini conversations are controlled through Gemini Apps Activity in your Google Account, not through a setting inside the Gemini app itself, which means most people who believe they have opted out have not found the right place. Workspace accounts operate under separate terms with stronger protections, a fact that exists and is almost never communicated to anyone.

The word doing the most work across all three privacy policies is "may." We may use your conversations to improve our models. Not "will not." Not "definitely will." May, which in practice means when it suits us, under terms we can update with notice.

None of this is unique to AI. Every major tech platform works this way. What makes the AI version worth paying attention to is what people actually put into these conversations. People tell these tools things they would not post publicly: health concerns, financial problems, work anxieties, relationship issues. The chat interface feels like a private room. The policy was never written to support that feeling.

The gap is not fraud. Every term was in the document. The document was just written by lawyers for regulators, not by anyone trying to help users understand what they signed up for, and those are very different jobs.

AI companies describe having employees read your conversations as "safety review" and "quality assurance." This is accurate. It is also an unusually calm way to describe a stranger at the company reading the message you typed at midnight wondering whether your symptoms might be something serious. The calmness of the language in those policies is doing a lot of work.

Right?

The terms you agreed to when you signed up for ChatGPT, Claude, or Gemini are accurate. Human review is disclosed. Data retention exists. Training opt-outs are available. Nothing in those documents is false.

What they are is unreadable to a normal person under normal conditions, and that ends up being the same as not being told at all. A disclosure buried in a document nobody reads is not really different from no disclosure, in terms of the actual awareness it creates.

The companies know this. Privacy policies are written by legal teams whose job is satisfying regulators, not helping users understand what they signed up for, and those are different jobs with different outputs.

The result is hundreds of millions of people using tools they have a wrong understanding of, sharing personal information under assumptions the policy never supported. That happened by design, not by accident. Consumer products are built to reduce friction at signup and only show users the controls when they go looking, because users who never look generate more data and fewer support tickets.

The fix is not reading the full policy. It is knowing the five settings that actually apply to you and checking them once. That is what this issue was for.

Three things worth doing today: find the training opt-out in whichever AI tool you use most, check whether your Gemini Apps Activity is turned on in your Google Account settings, and decide whether sensitive work belongs in a consumer account or an enterprise one.

If something in this issue surprised you, reply and tell me what it was. And if you work in AI policy or legal and think I got something wrong, I especially want that reply.