Who Owns Your Prompts? What the Terms of Service of Major AI Platforms Really Say About Your Data

In June 2026, the question of who owns your AI conversations is no longer academic. As enterprises embed generative AI into every workflow — from legal briefs to customer service — the fine print governing your prompts, outputs, and training data has become one of the most scrutinized contracts in modern business. This report examines what the terms of service of OpenAI, Anthropic, Google, Microsoft, xAI, and Perplexity actually say, informed by the latest policy updates, enterprise contract analysis, and a major Anthropic policy change announced just yesterday.

Photo : Dietmar Rabich / Wikimedia Commons — CC BY-SA 4.0

OpenAI / ChatGPT
Clear output ownership, tier-dependent training controls
Consumer users retain ownership rights in their input and own the output OpenAI generates, with OpenAI assigning its rights to you. However, consumer accounts can be used to train models by default unless you opt out. Business and Enterprise customers get stronger protections: OpenAI will not use customer content to develop or improve services unless explicitly agreed.

Anthropic / Claude
New 30-day retention mandate shakes enterprise trust
On June 9, 2026, Anthropic introduced a mandatory 30-day data retention policy for all prompts and outputs sent to its most powerful models ([personne] 5 and Mythos-class models). This eliminates zero-data-retention options even for enterprise customers. The policy applies across every deployment channel — consumer apps, enterprise workspaces, Amazon Bedrock, and Microsoft Foundry — and is positioned as necessary for safety review of advanced threats.

Google Gemini
Paid vs. unpaid split determines training use
For paid Gemini API services, Google does not use your prompts, system instructions, cached content, files, or responses to improve its products. For unpaid services, Google does use submitted content to provide, improve, and develop its products and machine learning technologies. Google does not claim ownership over original content generated by the service, though you remain responsible for its use.

Microsoft Copilot (Microsoft 365)
No ownership claim, no foundation LLM training for commercial users
Microsoft does not claim ownership of Microsoft 365 Copilot output. Work prompts and responses stay within the Microsoft 365 service boundary, are encrypted at rest, and are not used to train foundation LLMs. Copilot only surfaces organizational data the signed-in user already has permission to access, framing these protections as privacy, security, and compliance commitments for business users.

xAI Grok
Perpetual output ownership for enterprise, usage data retained for free users
Enterprise customers retain all rights in input and own the output in perpetuity; xAI assigns its rights in output to the customer (excluding xAI technology). For consumer/free users who access without logging in, xAI may use data for product development and model training. xAI owns usage data and may use it for service provision, improvement, analytics, and sharing derived analytics.

Perplexity
No ownership claim on your content, but feedback becomes theirs
Perplexity does not claim ownership in "Your Content," but it owns the services and underlying technology used to generate output. Feedback you submit becomes the sole and exclusive property of Perplexity.

Consumer / free accounts: broader provider data use
Most major platforms allow consumer accounts to use prompts and outputs for model training, product improvement, and safety review by default. Retention is typically indefinite or controlled by account-level settings, and admin controls (workspace roles, audit logs, contractual indemnity) are minimal or absent.

Enterprise / business contracts: stronger protections, but not absolute
Enterprise agreements typically prohibit model training on customer content unless explicitly authorized, offer audit rights, limit retention to contract-specified periods, and provide structured admin controls and incident reporting. However, Anthropic's June 2026 policy demonstrates that even enterprise customers may face mandatory retention for safety-critical use cases.

The practical implication
If you handle confidential customer data, trade secrets, legal-privileged material, or regulated information, consumer/free AI accounts are likely prohibited under your organization's acceptable-use policy unless a formal risk assessment and approved exception are in place.

What changed
Starting June 9, 2026, all prompts and outputs sent to [personne] 5 and Mythos-class models are subject to mandatory 30-day retention. This applies to every customer — consumer, enterprise, API, and third-party platforms. There are no exceptions and no zero-data-retention option.

Why it matters
The move targets what Anthropic calls "Mythos-class models" — its highest-capability systems. The company positions the retention requirement as essential for safety reviews of advanced threats, but the policy has drawn criticism from privacy-focused organizations and customers who previously negotiated zero-retention contracts.

Enterprise reaction
Legal and compliance teams must now weigh capability gains against stricter data controls. For regulated industries (healthcare, finance, legal services), the 30-day window may conflict with zero-trust data policies or contractual commitments to clients. Some enterprises are exploring contractual carve-outs, on-premises deployment, or switching to alternative providers with more flexible retention terms.

The broader trend
Anthropic's policy reflects a growing tension in AI governance: advanced capability often requires more data visibility for safety monitoring, alignment research, and adversarial testing. As models become more powerful, vendors may increasingly insist on retention windows that allow post-hoc review — even for enterprise customers.

OpenAI (ChatGPT, API, Enterprise)
You retain ownership rights in your input and own the output; OpenAI assigns its rights in output to you. For consumer accounts, content can be used to train models by default unless you opt out via account settings. For business/enterprise accounts under the Services Agreement, OpenAI will not use customer content to develop or improve services unless the customer explicitly agrees. The Data Processing Addendum adds that deidentified or aggregated data may still be used to improve systems.

Anthropic (Claude)
As of June 9, 2026, all prompts and outputs to [personne] 5 and Mythos-class models face mandatory 30-day retention for safety review. Some enterprise agreements offer express assignment of output ownership to the customer, but vendors may reserve rights to use inputs and outputs for system improvement unless the contract says otherwise. Whether prompts and outputs are reused or retained depends heavily on the specific service configuration and contract terms.

Google (Gemini API, Gemini Apps, Workspace)
For paid Gemini API services, Google does not use your prompts, system instructions, cached content, files, or responses to improve its products. For unpaid services, Google does use submitted content to provide, improve, and develop Google products and machine learning technologies. Google does not claim ownership over original content generated by the service, though you are responsible for its use. Gemini Apps users can access the Gemini Apps Privacy Hub for controls and activity settings; prompts and related data may be stored for 30 days for debugging (Maps Grounded Results) and chat history may be stored for up to 6 months in some scenarios.

Microsoft (Copilot for Microsoft 365)
Microsoft does not claim ownership of Microsoft 365 Copilot output. Prompts and responses remain within the Microsoft 365 service boundary, are encrypted at rest, and are not used to train foundation LLMs. Copilot only returns data the signed-in user can already access. These protections are positioned as part of Microsoft's privacy, security, and compliance commitments for business users, not as an unconditional legal ownership transfer.

xAI (Grok)
Enterprise customers retain all rights in input and own the output "in perpetuity" to the fullest extent allowed by law; xAI assigns its rights in output to the customer, excluding xAI technology. xAI may create and use de-identified data to improve products and for other business purposes; that de-identified data is owned by xAI. For consumer users who access without logging in, you grant xAI rights to use data you provide or obtain for product development and model training. xAI owns usage data and may use it for service provision, improvement, research, analytics, and sharing derived analytics with third parties.

Perplexity
Perplexity does not claim ownership in "Your Content," but it owns the services and underlying software/technology used to generate output. Feedback you submit becomes the sole and exclusive property of Perplexity. The provided terms excerpt does not clearly state output ownership or detail training clauses in the available snapshot.

Training data prohibition
"Vendor will not use Customer Content to train, improve, or develop any machine learning model or AI system unless Customer provides prior written consent."
This is the most important clause. Without it, your prompts, uploads, and outputs may be used to improve the vendor's product for all customers — including your competitors. Enterprise agreements should explicitly prohibit model training on customer content.

Prompt confidentiality
"All prompts, inputs, and system instructions submitted by Customer constitute Confidential Information and will be protected under the confidentiality provisions of this Agreement."
Standard SaaS confidentiality clauses may not explicitly cover prompts. Make sure your AI vendor agreement treats prompts as confidential, subject to the same non-disclosure and use restrictions as other sensitive data.

Output ownership
"Customer owns all Output generated in response to Customer prompts. Vendor assigns to Customer all right, title, and interest in Output, excluding any pre-existing Vendor Technology."
Verify that the contract assigns output ownership to you in writing, and that the assignment is perpetual, worldwide, and covers commercial use. Watch for carve-outs that reserve vendor rights in aggregated, de-identified, or derivative data.

Human review requirement
"Customer acknowledges that Output is informational only and may contain errors. Customer will implement human review before using Output for any decision, communication, or production use."
Terms almost universally disclaim accuracy and fitness for purpose. Your internal policy should mandate human review for any AI output used in legal, HR, medical, customer-facing, or financial decisions. Document the review process and train users on limitations.

Deletion and retention
"Vendor will delete Customer Content within [30/60/90] days of termination or upon Customer request, except as required by law. Vendor will not retain backups beyond [X] days after deletion."
Negotiate clear deletion timelines, especially for regulated data. Understand the difference between logical deletion (hidden from UI), soft deletion (retained in backups), and hard deletion (unrecoverable). Anthropic's new 30-day policy shows that even enterprise customers may face mandatory minimum retention for advanced models.

Accidental disclosure of business data
Employees using consumer AI accounts may paste confidential customer data, trade secrets, legal-privileged material, or regulated information into a platform that stores it indefinitely and uses it for training. This risk is highest for free/consumer accounts with no admin controls.

Output ownership ambiguity
"You own the output" does not mean the vendor has no rights. Many platforms retain broad licenses to store, reproduce, analyze, and create derivative works from outputs. Read the grant-back license carefully.

Training on your data unless you opt out
Consumer and unpaid accounts typically allow training by default. The opt-out setting is often buried in account preferences, product settings, or workspace admin controls — and may reset after account or tier changes.

Retention beyond termination
Even if you delete your account or cancel your subscription, platforms may retain backups, logs, and metadata for legal, security, or safety purposes. Understand the vendor's backup retention schedule and whether deletion is immediate, delayed, or subject to legal holds.

IP infringement risk shifts to you
Most AI terms disclaim liability for output that infringes third-party IP. If you use AI-generated content commercially and it violates someone's copyright, trademark, or trade secret, the platform's terms typically make you responsible — not the vendor.

No guarantee of accuracy, reliability, or fitness for purpose
Every major platform includes strong disclaimers that outputs may be incorrect, unreliable, biased, unsafe, or legally defective. You are responsible for verifying output before use — especially for decisions that affect people's rights, safety, or livelihood.

Audit which AI tools employees are using
Survey teams to identify consumer AI accounts, free trials, and unauthorized tools. Map which tools access what data (PII, customer data, trade secrets, regulated information). Establish an approved-tools list and acceptable-use policy.

Prohibit consumer accounts for business data
Ban the use of free/consumer AI accounts for confidential, regulated, or customer data unless a formal risk assessment and approved exception are in place. Require enterprise or business-tier contracts with explicit training prohibitions and data protection commitments.

Implement prompt hygiene training
Educate users on what data should never be pasted into an AI prompt (PII, customer names, legal-privileged content, trade secrets, source code, internal financials). Provide templates and examples of safe vs. unsafe prompts.

Negotiate AI vendor contracts, not just accept standard terms
Treat AI vendor agreements as first-class governance documents. Negotiate training prohibitions, prompt confidentiality, output ownership, deletion timelines, human review requirements, and IP indemnity. Document exceptions and risk acceptance in writing.

Track terms-of-service changes
Major platforms update their terms regularly. Subscribe to vendor policy update feeds, assign someone to monitor changes, and review updates for material changes to training, retention, ownership, or liability. Anthropic's June 2026 retention mandate illustrates how quickly the landscape can shift.

Establish internal AI output review policies
Mandate human review for AI outputs used in legal, HR, medical, customer-facing, or financial decisions. Define what "review" means (fact-checking, source verification, bias check, legal review) and who is qualified to perform it. Document the review process and train users on AI limitations.

From ownership to control
The debate is shifting from "who owns the output" to "who controls the data." Even if you legally own output, the vendor may retain perpetual licenses, aggregation rights, safety review rights, or mandatory retention windows that limit your practical control.

Safety requirements vs. privacy promises
Anthropic's 30-day retention mandate is likely the first of many safety-driven policy changes. As models become more capable, vendors may increasingly require data visibility for adversarial testing, alignment research, and abuse prevention — even for enterprise customers who negotiated zero-retention terms.

State-level regulation and enforcement
In 2026, AI governance is being shaped by state laws, consumer protection enforcement, and sector-specific disclosure requirements rather than a single federal statute. Organizations must track multiple overlapping regimes (California, New York, EU AI Act, GDPR Article 22) and build compliance into vendor selection and contract negotiation.

Contract-driven risk allocation
Because the legal environment remains unsettled on AI training data rights, output copyrightability, and liability for AI-generated content, firms are relying on contracts, indemnities, audit rights, and liability allocation clauses to manage exposure. The AI vendor contract has become one of the most important governance documents in the organization.

Prompt as intellectual property
Legal commentary is exploring whether complex, reusable prompts can be protected as trade secrets, confidential information, or copyrightable works. Companies are beginning to treat valuable prompts as strategic assets — documented, versioned, access-controlled, and contractually protected.

conductatlas.com

aigr.ee

webpronews.com

news.lavx.hu

tish.law

njbusiness-attorney.com

sipoch.com

letslaw.es

openai.com

openai.com

openai.com

learn.microsoft.com

ai.google.dev

policyforge.co

loeb.com

bakerlaw.com

founderslegal.com

copyright.gov