A comparative analysis of 15 major AI chat platforms found that 8 of them don't offer end-to-end encryption (meaning your messages are readable on the company's servers, not just in transit). ChatGPT, Gemini, Grok, Perplexity, Poe, OpenRouter, and You.com all fall into this group. The platforms that do encrypt end-to-end: Claude, Venice.ai, Brave Leo, DuckDuckGo AI Chat, TypingMind, Merlin AI, Lumo (Proton's AI chat), and Anuma.
The research, compiled from public documentation, privacy policies, and product testing conducted in February 2026, paints a picture most casual AI users probably haven't considered.
The Big Three All Train on Your Conversations
ChatGPT and Gemini both train on user data by default. You can opt out, but the toggle is buried in settings, and most people never touch it. Grok offers a per-chat "Private Chat" mode, which is better UX but still defaults to training-on. Claude takes a middle path: free-tier conversations may be used for training, but Pro and Business users are exempt.
Perplexity, Venice.ai, Brave Leo, and DuckDuckGo don't train on your data at all. Venice.ai goes furthest by not even storing conversations on its servers.
Data retention varies wildly. ChatGPT keeps data 30 to 90 days. Claude's range stretches from 30 days to 5 years depending on plan and context. Gemini holds onto consumer data for up to 3 years. DuckDuckGo auto-deletes after 30 chats.
Encryption Is Not Binary
The encryption details matter more than a simple yes/no. ChatGPT, Gemini, and Grok use TLS in transit only, which means your messages are encrypted while traveling to the server but sit readable once they arrive. Claude uses AES-256 encryption at rest, a meaningful step up. Venice.ai does client-side AES-256, so data is encrypted before it ever leaves your device. Brave Leo keeps everything local to your device entirely.
For anyone using AI chatbots to discuss sensitive business information, client data, medical questions, or legal matters, these differences are significant. TLS-only means the company (and potentially anyone who breaches their servers) can read your conversations.
A Caveat on the Source
This report was published by Anuma, one of the 15 platforms evaluated, and Anuma happens to score highest across nearly every category in its own analysis. The underlying data points about encryption standards, training defaults, and retention policies are verifiable against each platform's public documentation. But the framing and selection of evaluation criteria clearly favor Anuma's feature set (blockchain integration, cross-platform chat import, multi-model routing).
The privacy and encryption data is still useful. Just read it as what it is: a vendor-published comparison where the vendor designed the scorecard.
The practical takeaway holds regardless of source bias: if you're typing anything sensitive into an AI chatbot, check whether your platform encrypts at rest or just in transit, whether it trains on your data by default, and how long it keeps your conversations. Most people assume these tools are private. Most of them aren't.