top of page


  • Writer's pictureOBIS

We Fed 5 LLM Privacy Policies to ChatGPT to Rank in terms of AI Transparency...and guess what? ChatGPT was not biased.

TLDR: See below for the ranking by most transparent to least.

  1. Google's Gemini

  2. Meta's Llama

  3. Hugging Face's Mixtrel

  4. OpenAI's ChatGPT

  5. Anthropic's Claude

Conversation below from the OpenAI GPT-4 Environment

User Prompt: I have a ton of data to share with you privacy policies around ChatGPT, Gemini, Claude, Llama, and Mixtrel. Its 132 pages and the reason I am sharing this with you is because I want you to take your time, take a deep breath and read each page carefully. You are an expert in AI privacy policy and supporting regulators in evaluating how each policy is the same (what they share in common) and where they each are different. So please create a chart that shows us where there is overlap, and which models have unique or different stances on things. It's important that we detect any odd one-off language or things mentioned people normally wouldn't catch. Are you ready?

ChatGPT: Let's Get Started!







Data Collection

Account info, usage data, device info, cookies, analytics

Google Account info, activity, apps, devices, location

User-provided info, device info, third-party info

Activity, device info, location, info from partners

Direct user info, device usage, third-party data

Use of Personal Information

Service provision, improvement, communication, compliance, security

Service provision, personalization, ads, security, communication, research

Similar to OpenAI

Personalization, security, analytics, communication, research

Delivering services, improvement, communication, security, compliance

Sharing of Information

Affiliates, service providers, for legal reasons, security purposes

With integrated partners, for legal reasons, security purposes, with advertisers

Similar to OpenAI

Within Meta Companies, third parties, for legal reasons, security purposes

Affiliates, third-party service providers, for legal reasons, security purposes

Data Retention and Deletion

As necessary for services, legal requirements, security

As necessary for services, legal requirements, security

Not explicitly stated

As necessary for services, legal requirements, security

As necessary for services, legal requirements, security

User Rights

Access, modify, delete info, opt-out of communications

Manage privacy settings, access, delete, export info

Similar to OpenAI

Manage privacy settings, access, delete, export info

Access, modify, delete info

Security Measures

Industry standards, encryption, access controls

Encryption, security features, access controls

Not explicitly stated

Encryption, security features, access controls

Industry standards, encryption, access controls

Data Transfers

Globally, with safeguards

Globally, with safeguards

Not explicitly stated

Globally, within Meta Companies

Globally, with safeguards

Children's Privacy

Not directed to children under 13

Not directed to children under 13

Not explicitly stated

Not directed to children under 13

Not directed to children under 13

Compliance with "Do Not Track"

Honors "do not track" signals

Not explicitly stated

Not explicitly stated

Not explicitly stated

Honors "do not track" signals

User Prompt: Perfect job - now can you call out any unique or stand-out worthy lines that seem a bit off compared to the others, by model? I am not looking for uniqueness of lines due to the nature of the business these companies are in. I am looking for odd things like, for example, one company may email you when privacy policy is updated, and another won't email you - they will just update their privacy policy page.


  1. OpenAI (ChatGPT):

    1. Notification of Changes: OpenAI states that changes to its privacy policy will be effective 10 days after posting the revision on the website, but it doesn't explicitly mention notifying users via email.

  2. Google (Gemini):

    1. Data Transfer Frameworks: Google's policy mentions data transfer frameworks, which is a more detailed approach to international data transfers compared to the other policies.

    2. Compliance & Cooperation with Regulators: Google has a separate section dedicated to compliance and cooperation with regulators, which is more detailed than the other policies.

  3. Anthropic (Claude):

    1. Lack of Detail: Claude's privacy policy is less detailed compared to the others, particularly in areas like data retention and deletion, security measures, and data transfers.

  4. Meta (Llama):

    1. Sharing with Integrated Partners: Meta's policy has a more detailed explanation of how information is shared with integrated partners, which is unique compared to the other policies.

    2. How Meta Companies Work Together: The policy includes a section on how Meta companies work together, which is specific to Meta's corporate structure.

  5. Mixtrel (Hugging Face):

    1. "Do Not Track" Compliance: Mixtrel's policy explicitly states that it honors "do not track" signals, which is a unique mention compared to the other policies.

    2. List of Third-Party Service Providers: Mixtrel provides a list of third-party service providers, which is a level of transparency not seen in the other policies.

User Prompt: Rank them in terms of which Model privacy policies seem the most fair to users and explain why. Put them in descending order finishing with least fair and why.

  1. Google (Gemini):

    1. Reason: Google's privacy policy is detailed and transparent, providing clear explanations of data collection, use, sharing, and user rights. The policy includes specifics about data transfer frameworks and compliance with regulators, which shows a commitment to user privacy and legal obligations. The policy also gives users control over their privacy settings and the ability to manage and delete their information.

  2. Meta (Llama):

    1. Reason: Meta's privacy policy is comprehensive, covering various aspects of data usage, sharing, and user rights. It provides detailed information about how data is shared within Meta Companies and with integrated partners. The policy also outlines user controls for managing privacy settings and accessing, downloading, or deleting their information. However, the policy could be more explicit about how changes to the privacy policy are communicated to users.

  3. Hugging Face (Mixtrel):

    1. Reason: Mixtrel's privacy policy is transparent, especially with its list of third-party service providers and its commitment to honoring "do not track" signals. The policy covers key aspects of data collection, use, and security measures. However, it lacks detail in some areas, such as data retention and deletion, which could be improved for better user understanding.

  4. OpenAI (ChatGPT):

    1. Reason: OpenAI's privacy policy covers essential aspects of data collection, use, and sharing. It mentions that changes to the policy will be effective 10 days after posting, but it doesn't specify how users will be notified about these changes. The policy could be more detailed in areas like data retention and security measures to provide users with a clearer understanding of how their information is handled.

  5. Anthropic (Claude):

    1. Reason: Claude's privacy policy is less detailed compared to the others, particularly in areas like data retention and deletion, security measures, and data transfers. The lack of detail makes it challenging for users to understand how their data is being used and protected. The policy could benefit from more transparency and specificity to ensure users feel their privacy is being fairly respected.

In summary, Google and Meta rank higher due to their detailed and transparent policies, while Mixtrel follows closely with its commitment to "do not track" signals and third-party provider transparency. OpenAI and Claude rank lower due to their less detailed policies and lack of clarity in certain areas.

User Prompt: What do you make of the fact that the organizations that have the most vague privacy policies have the highest performing GPT models in the market?


  1. Focus on Innovation Over Communication: Organizations with high-performing GPT models might prioritize technological innovation and rapid development over clear communication of privacy practices. Their primary goal may be to advance the capabilities of their models, with less emphasis on detailing their privacy policies.

  2. Complexity of Operations: High-performing GPT models often involve complex data processing and machine learning operations. The organizations behind these models may find it challenging to describe their data practices in simple terms, leading to more general privacy policies.

  3. Competitive Advantage: Detailed privacy policies could reveal insights into the proprietary techniques and data sources used to train and improve GPT models. Organizations might keep their policies vague to protect their competitive advantage in the market.

  4. Regulatory Compliance: Organizations may draft their privacy policies to comply with legal requirements while keeping them broad enough to accommodate future changes in their data practices without frequent policy updates.

  5. User Trust: Some organizations may believe that users are more concerned with the performance and capabilities of GPT models than with the specifics of data privacy. As a result, they might not prioritize detailed privacy policies as long as they adhere to legal standards.


Don't miss out on the forefront of AI evolution and business intelligence developments! 

For more insightful updates, cutting-edge research, and tailored strategies on how AI, especially LLMs, can impact and transform your business, make sure to subscribe to our emails. Stay ahead of the curve, be informed, and leverage the power of AI to its fullest potential. Subscribe now for more invaluable information that can redefine the way you do business in the ever-evolving digital landscape!

👉 Subscribe to our emails below for More AI Insights and Business Intelligence. Or book a call today to learn how the diverse service offerings of OBIS and how we can support your business.

Stay ahead, stay informed, and let's revolutionize your business journey together!



bottom of page