The 7 key things to evaluate in any AI app: where inference runs, what data is stored and for how long, whether conversations train future models, what third parties receive your data, whether an account is required, what happens to your data if the company is acquired or shuts down, and whether the privacy claims are architectural or just policy.
Privacy policies run to thousands of words and most people read none of them. That’s understandable — but it creates a real gap between what users assume about their AI tools and what’s actually happening with their data.
This checklist gives you seven concrete questions that cut through the language and get to what actually matters. Run any AI app through these before you use it for anything you wouldn’t want stored on a server indefinitely. For the broader context on why this matters, read our AI Privacy Guide.
The 7 Questions
1. Where Does Inference Actually Run?
This is the most important question, and it divides the entire landscape into two categories.
Cloud inference means your text is sent to an external server, processed by a model running on that server, and a response is returned to you. Your conversation has now touched an external system.
On-device inference means the model runs on your hardware. Your text goes to a local process, never to a network endpoint. The response comes from your own device.
Everything else on this checklist matters more or less depending on the answer to this question. If inference runs on-device, most of the subsequent questions are moot — there’s nothing to store because nothing left your device. If inference runs in the cloud, every other question becomes critical.
According to the OWASP LLM Top 10 security framework, data exposure during transmission and storage is among the most common and consequential risks in AI application deployments. The most complete mitigation is not transmitting the data at all.
How to check: Look for terms like “on-device,” “local inference,” or “runs on your iPhone/Mac.” If the app requires an internet connection to process queries, inference is in the cloud.
2. What Gets Stored and for How Long?
If inference is cloud-based, your next question is retention. Some providers store conversations indefinitely. Others set explicit retention windows. A few offer “ephemeral” or “temporary” modes that still process data on their servers but claim not to retain it afterward.
Retention matters because stored data is permanent risk. A conversation stored today could be involved in a breach next year, subpoenaed in litigation, or reviewed by a future employee. Data that was never stored can’t be any of those things.
A 2024 report from the International Association of Privacy Professionals found that data breaches involving AI service providers increased 340% between 2022 and 2024, driven primarily by the rapid scaling of cloud AI infrastructure without commensurate security investment.
How to check: Search the privacy policy for “retention,” “delete,” and “store.” Look for specific time periods. “We retain data as long as necessary” means indefinitely.
3. Do Your Conversations Train Future Models?
This is opt-out at most providers and opt-in at none. The default assumption for any cloud AI product is that your conversations contribute to training data unless you’ve explicitly disabled it.
Training use matters for several reasons. It means your words might appear — even in transformed form — in model outputs for other users. It means your data has value to the provider that extends beyond your immediate use. And it means a broader set of people and systems may interact with something derived from your conversations.
How to check: Settings > privacy or data controls. Look for a toggle labeled something like “improve the model” or “help improve our products.” Off means opt-out. Note that opting out of training typically doesn’t stop storage.
4. What Third Parties Receive Your Data?
No major cloud AI provider processes data exclusively on its own infrastructure. The realistic minimum involves:
- Cloud infrastructure providers (AWS, Azure, GCP)
- Content delivery and security services
- Internal analytics and logging systems
- Trust and safety vendors
Beyond infrastructure, data sharing agreements with partners, advertisers (in consumer products), and enterprise integrations can distribute your data further. Each party in that chain is a separate attack surface and a separate set of data practices.
How to check: Privacy policy section on “sharing” or “third parties.” Look for named categories of recipients. “Service providers who are contractually obligated to protect your data” is standard language but tells you little about actual practices.
5. Is an Account Required?
Account requirements create a persistent, identity-linked record of your AI usage. Even if individual conversations are treated carefully, the account structure means the provider knows who you are, when you use the product, and potentially links your usage to other identity data.
Account-free access is a meaningful privacy signal — but not a complete one. An app that doesn’t require an account can still send all conversations to a cloud server. No account + on-device inference is the combination that actually protects you.
According to Privacy International’s AI surveillance taxonomy, account-linked AI usage creates what they term “behavioral intelligence profiles” — longitudinal records of how a specific individual thinks, reasons, and problem-solves over time.
How to check: Try to use the app without signing in. If the full functionality works without an account, that’s a positive indicator.
6. What Happens in a Sale, Acquisition, or Shutdown?
This is the question almost nobody asks and almost every privacy policy answers — if you know where to look.
Standard privacy policy language reads something like: “In the event of a merger, acquisition, or asset sale, user data may be transferred as part of that transaction.” This is boilerplate. It means: if this company is acquired, your conversation history goes with it.
The acquiring company operates under different management, different values, and potentially different privacy policies. The data you shared with a privacy-conscious startup might become part of a larger corporation’s training pipeline.
Shutdowns create additional complexity. Data might be sold to recover value, transferred to a partner, or in rare cases, actually deleted. The privacy policy usually controls this, and “we will delete data in a shutdown” is far less common than “data may be transferred.”
How to check: Search the privacy policy for “merger,” “acquisition,” “transfer,” and “bankruptcy.” Note what the policy actually commits to in each scenario.
7. Are the Privacy Claims Architectural or Just Policy?
This is the most underappreciated distinction in AI privacy.
Policy-based privacy: “We won’t read your conversations.” “We don’t sell your data.” “We’re committed to your privacy.” These are promises. They’re enforceable only to the extent that regulations require and the company chooses to comply. They can change. The underlying system can still store, transmit, and process your data — the company has simply committed not to misuse it.
Architectural privacy: The system is designed so that certain things are technically impossible. If inference runs on your device and data never leaves it, the company cannot read your conversations — not because they’ve promised not to, but because there’s nowhere for them to go.
Architectural privacy is harder to build and harder to sell, because you can’t see the architecture. But it’s the only form of privacy that isn’t contingent on trusting a company’s current and future intentions.
OWASP’s secure development guidance for AI applications emphasizes this distinction under the principle of “privacy by design” — building systems where privacy is inherent to the architecture rather than enforced through policy after the fact.
How to check: Ask not “what does the company promise” but “what is the company capable of.” If the answer to “could the company read my conversations if they wanted to” is “technically yes, but they’ve promised not to,” that’s policy-based. If the answer is “no, the data never reaches them,” that’s architectural.
Scoring the App You’re Evaluating
Run any AI tool through these seven questions and you’ll have a clear picture:
- On-device inference scores positively on almost every item simultaneously
- Cloud inference with strong retention controls, opt-out training, and no required account is moderate
- Cloud inference with indefinite retention, default training opt-in, and account requirements is the highest-risk configuration
Most mainstream AI products — ChatGPT, Claude, Gemini, Copilot — operate in the middle or high-risk category for some or all questions. That’s not necessarily a reason not to use them. It’s a reason to be deliberate about what you use them for.
For context on what cloud AI providers actually do with your data, read what happens to your ChatGPT conversations as a detailed case study.
Building the Checklist Into Your Habit
The goal isn’t to stop using AI. It’s to match the tool to the task.
For brainstorming a blog post title or drafting a grocery list, the privacy stakes are low. For working through a health concern, a legal question, or a personal crisis — use a tool that’s architecturally private.
Cloaked scores perfectly on every item in this checklist. Inference runs on your iPhone using Apple’s MLX framework. No data is stored externally because no data leaves your device. No training is possible because there’s no server receiving your input. No third parties receive anything. No account is required. Acquisition or shutdown can’t affect your data because the company never held it. And the privacy is architectural — we can’t read your conversations because there’s nowhere for them to go.
15+ open-source models, full offline capability after download, and zero compromise on privacy. Download Cloaked on the App Store and use AI the way it should have been built from the start.
Frequently Asked Questions
What is the most important privacy factor in an AI app?
Where inference runs. If the AI model runs on your device, your conversations never leave it. If it runs in the cloud, your data transits and is stored on external servers regardless of what the privacy policy says.
How do I know if an AI app uses my conversations for training?
Read the privacy policy's training data section. Most cloud AI providers use conversations for training by default, with an opt-out buried in settings. On-device AI apps can't train on your data because they never receive it.
Is an AI app safe to use without an account?
Not requiring an account is a positive signal — it means the provider isn't building a profile linked to your identity. However, account-free apps can still send conversations to servers, so check where inference runs.
What should I look for in an AI privacy policy?
Look for explicit statements about data retention periods, employee access policies, third-party data sharing, training data practices, and what happens to your data if the company is acquired. Vague language like 'we may use your data to improve our services' is a red flag.