That helpful AI assistant you’ve been using to draft emails, brainstorm ideas, and solve problems? It might know more about you than your closest colleague.

Recent research from Surfshark analyzed the data collection practices of the top AI chatbots, and the results should give every knowledge worker pause. These tools we’ve embraced for productivity are quietly gathering extensive information about us. And not all of them handle that data responsibly.

Here’s what every professional needs to know about the privacy trade-offs hiding behind those helpful chat interfaces.

The Data Collection Reality Check

Every single AI chatbot analyzed collects user data. That’s not necessarily surprising, but the scope might be. On average, these apps collect 13 different types of data out of 35 possible categories. Nearly half track your location, and about 30% actively track your behavior for advertising purposes.

Think about what you’ve shared with your AI assistant lately. Project details, client information, strategic thinking, personal work challenges… all of this becomes part of the data these platforms collect and store.

Meta AI: The Data Vacuum

Meta AI stands out as the most aggressive data collector, gathering 32 out of 35 possible data types. That’s over 90% of everything it could potentially collect about you. It’s the only platform collecting financial information, health and fitness data, and what Apple classifies as “sensitive information”, including racial or ethnic data, political opinions, and even biometric information.

If you’re using Meta AI for work tasks, consider that it’s also collecting data specifically to display third-party ads and share information with advertisers. Up to 24 different data types could be used for these commercial purposes.

Google Gemini: The Location Tracker

Google Gemini collects 22 unique data types, including precise location data. This means it potentially knows not just what you’re working on, but where you’re working on it. For professionals who travel for business or work with sensitive client information, this level of location tracking raises serious questions about operational security.

Gemini also collects contact information, search history, browsing history, and user content. When you’re using it to research competitors, draft sensitive communications, or explore strategic initiatives, all of that activity becomes part of Google’s data ecosystem.

ChatGPT: The Middle Ground

ChatGPT collects 10 types of data, significantly less than Meta AI or Gemini. It focuses on contact information, user content, identifiers, usage data, and diagnostics, while avoiding third-party advertising within the app.

The Enterprise Risk Factor

For knowledge workers, the privacy implications extend beyond personal concerns. When you use these tools for work, you’re potentially exposing:

• Confidential client strategies and financial projections
• Proprietary research and competitive intelligence
• Internal merger and acquisition discussions
• Strategic planning documents and market analysis
• Board-level communications and executive decision-making processes
• Detailed customer data and sales pipeline information

Imagine uploading a competitive analysis document to get AI help with strategic recommendations, only to discover later that your market research is now part of a training dataset accessible to competitors. Or consider what happens when an AI platform with advertising partnerships suddenly has access to your confidential merger discussions, client acquisition strategies, or proprietary methodologies. These aren’t hypothetical risks. They’re the reality of using consumer AI tools for enterprise work.

Making Smarter Choices

Not all AI assistants are created equal from a privacy perspective. Here’s how to evaluate your options:

• Look for platforms that limit data collection. ChatGPT’s approach of collecting fewer data types while still providing robust functionality shows it’s possible to balance utility with privacy.
• Understand retention policies. Some platforms delete conversations after set periods, while others store them indefinitely. Know which category your preferred tool falls into.
• Check for tracking and advertising use. Several platforms use your data for targeted advertising or share it with data brokers. If you’re using AI for sensitive work discussions, these practices create unnecessary risk.
• Consider enterprise-specific solutions. Many AI providers offer business plans with enhanced privacy protections and data handling agreements that consumer versions lack.

Practical Steps for Immediate Protection

Start by auditing your current AI tool usage. What platforms are you using, and what type of information have you shared? Review the privacy settings available and enable the most restrictive options that still allow for productive use.

For ongoing work, consider using temporary or incognito modes when available. ChatGPT’s temporary chat feature, for example, provides much of the utility without long-term data retention.

When possible, anonymize the information you share. Instead of using real client names or specific project details, use placeholders or generic examples that still allow the AI to provide helpful guidance without exposing sensitive information.

The Bigger Picture

As AI becomes more integrated into our daily work, the privacy decisions we make today will shape our professional data security for years to come. The convenience these tools provide is undeniable, but understanding the true cost of that convenience is essential for making informed choices.

Your professional conversations deserve the same consideration you’d give to any other confidential business communication. Choose your AI assistant accordingly. If your organization offers an internal AI chatbot, use that for anything work-related.