← all guides
AI

We take no money from any AI company. Nothing here is sponsored. We rank by public policies, model cards, open releases, and user controls, and AI policies change fast.

Choosing an AI assistant, privately

AI assistants are becoming infrastructure. They sit between you and your questions, writing, code, research, plans, and sometimes work documents. That makes two questions worth asking before the demo magic: what happens to what you type, and can anyone outside the company verify how the system behaves?

The honest one-paragraph answer. Pick by sensitivity. For personal, confidential, legal, health, work, or identity-heavy material, use a local model or a hosted product with clear data controls and the right account tier for privacy. For everyday brainstorming, a hosted assistant can be fine if you understand whether your chats may be used to improve models and where the opt-out lives. For openness, be precise: "open weights" is not always the same as Open Source AI. The safest habit is to treat AI output as a draft to verify, not an oracle.

Weigh what you care about

AxisThe questionWhy it matters
Privacy controlsCan you stop chats from being used for model improvement?Your prompts may contain personal, work, or third-party data
Local optionCan the model run on your device or private infrastructure?Local use can remove the upload question entirely
OpennessAre weights, code, data information, and licenses clear?OSI distinguishes open weights from fully open-source AI systems
TransparencyAre there model cards, system cards, safety reports, or policy pages?Public documentation gives outsiders something to inspect
Safety and reliabilityDoes the provider document risk management and limitations?NIST frames trustworthy AI as something designed and managed, not assumed

Choose by task shape, not by leaderboard

The "best" assistant changes with the work. A model that is excellent for coding may be the wrong place for a diary. A source-grounded search assistant may be better for a fresh factual question than a more fluent general chatbot. A local model may be weaker at hard reasoning but much stronger for private drafting.

Task shapeBetter assistant typeWatch for
private draftinglocal model, private deployment, or strong consumer data controlsdevice limits, weaker models, forgotten file uploads
public brainstorminghosted general assistanthallucinated facts, paste creep into sensitive material
current researchsource-grounded assistant or search plus primary sourcessummaries that cite weak, old, or mismatched sources
codingapproved coding assistant, local tool, or enterprise routerepository secrets, license exposure, insecure suggestions
study and explanationgeneral assistant with citation checksoverconfident simplification and invented examples
companionship or roleplaycompanion-specific tool with strict boundariesemotional dependence, parasocial nudges, identity and safety risk
regulated or consequential advicegoverned workflow plus expert reviewtreating a plausible answer as a decision

This keeps capability in its lane. You do not need one permanent AI brand identity. You need a small map of what each assistant is allowed to touch.

A one-session AI privacy audit

  1. Find the data-control page before you paste anything sensitive. Check whether chats, files, voice, images, and code can be used for training or model improvement.
  2. Separate account tiers. Free, consumer paid, team, enterprise, API, and local use can have different retention, logging, and training rules.
  3. Check file handling. A prompt is one thing; uploading a contract, source file, meeting transcript, spreadsheet, medical note, or unpublished manuscript is a different privacy event.
  4. Look for export and deletion. If the assistant becomes part of your workflow, you should know how to retrieve, delete, or migrate important conversations.
  5. Read the limits page. Safety reports, model cards, system cards, or known-limitation pages tell you what the provider is willing to admit publicly.
  6. Decide what never goes in. Names, secrets, credentials, client data, unpublished work, health details, and legal facts may need a local or governed route.

Sort inputs before you paste

Input typeSafer routeWhy
Public textHosted assistant is usually fineThe information is already public
Personal journalingData controls on, or local modelIt may reveal identity, health, relationships, or location
Work documentsApproved team, enterprise, API, or private deploymentYour employer or client may own the risk
Source codeCheck policy and repository sensitivityCode can include secrets, IP, vulnerabilities, or customer logic
Legal, medical, financial factsUse governed tools and professional reviewConsequential advice needs verification and confidentiality
Passwords, API keys, credentialsDo not pasteThese are secrets, not prompts

This small sorting step prevents most accidental over-sharing. The issue is not whether AI is good or bad; it is whether the tool, account tier, and retention policy match the sensitivity of the material. A casual assistant can be wonderful for brainstorming and still be the wrong place for a client file.

Match the account tier to the promise

Do not assume the logo tells you the privacy deal. The same provider can offer different controls for free chat, paid consumer chat, team plans, enterprise plans, API use, education accounts, and local deployments.

Tier or routeOften better forCheck before trusting it
free consumer chatcasual learning, drafts, low-risk brainstormingmodel-improvement defaults, ad/data ecosystem, retention
paid consumer chatordinary personal productivitywhether payment changes training, retention, or support rights
team or business planwork documents and collaborationadmin controls, data-use promises, workspace ownership
enterprise or education plangoverned organizational useaudit logs, retention, contractual terms, deletion, regional controls
APIapp workflows and controlled processinglogging window, abuse monitoring, data retention, downstream storage
local modelsensitive drafts and offline workdevice security, model quality, update source, prompt-history storage

The uncomfortable rule is simple: if you are relying on a privacy promise, find the exact promise for the exact route you are using. A general privacy page is not enough when the work is confidential.

Match the assistant to the risk band

The practical choice is not one assistant for everything. It is a risk band for each kind of task. The same person may sensibly use a fast hosted assistant for public brainstorming, an approved work tool for client documents, and a local model for private notes.

Risk bandBetter defaultBefore using it
Lowhosted assistant with ordinary data controlsverify facts and sources before sharing
Personalhosted with training controls off, or localredact names, health details, locations, and third-party secrets
Professionalapproved team, enterprise, API, or private deploymentcheck employer, client, and repository rules
Consequentialgoverned route plus primary-source or expert reviewtreat output as a draft, not a decision-maker
Secretdo not paste into a chatbotrotate exposed credentials and move to secure tooling

This framing is useful because capability can seduce the boundary. A model that writes beautifully is still the wrong place for material you promised to protect.

Use a prompt boundary before the prompt

Before pasting, decide which boundary the task belongs in: public, personal, professional, confidential, or prohibited. Then choose the assistant, account tier, and data-control setting to match. This one step prevents the common failure mode where a low-stakes brainstorming tool slowly becomes the default place for every document in your life.

BoundaryReasonable useGuardrail
publicrewriting public text, summarizing published sourcesstill verify citations and dates
personaljournaling, planning, sensitive life detailsdata controls on, local model, or careful redaction
professionalwork drafts, meeting notes, codeapproved tool and employer/client rules
confidentialcontracts, customer records, health or legal factsgoverned private route and human review
prohibitedpasswords, API keys, identity secretsdo not paste

The boundary can change during a conversation. If a harmless brainstorm turns into names, files, secrets, or decisions with consequences, stop and move to the right environment before continuing.

Verify output by risk

For low-stakes writing, you can treat AI as a draft partner. For research, ask for primary sources and then open them. For code, run tests and review security-sensitive changes. For health, legal, finance, employment, housing, immigration, or safety decisions, treat the answer as a starting point for professional or primary-source verification. NIST's AI risk work is useful because it frames reliability as a managed risk, not a personality trait a model either has or lacks.

Treat memory, tools, and agents as permissions

The privacy question is no longer only "what did I paste into chat?" Assistants increasingly remember preferences, connect to files, browse the web, call tools, summarize meetings, write code, schedule tasks, or act across apps. Each capability is a permission surface.

CapabilitySafer defaultWhy it matters
long-term memoryturn on only for low-risk preferences you actually want rememberedmemory can turn casual chats into a profile
file connectorsconnect the smallest folder or workspace that solves the jobsearch over all files can expose drafts, contracts, photos, or client data
email and calendar accessuse approved work tools and review what the assistant can read or sendinboxes contain other people's private information too
browser or shopping actionsconfirm before purchases, bookings, posts, or form submissionsan agentic mistake can become an external action
code executionkeep secrets, credentials, and production data out of the sessiongenerated or executed code can leak, delete, or transform sensitive material
shared assistants or botsassume prompts, files, and outputs may be visible to admins or collaboratorsteam tools change who can inspect the work

If an assistant can act, not just answer, slow down. The more the tool can do for you, the more clearly you need consent, logs, review, and an undo path.

Source-grounded does not mean verified

Assistants that show citations are often better for research than plain chat, but the citation box is not the finish line. It can point to a page that is outdated, irrelevant, low-quality, quoted out of context, or summarised too aggressively.

Claim typeVerification habit
date-sensitive newsopen the original source and check publication/update date
product policyopen the provider's own policy page for the exact account tier
scientific or technical claimprefer papers, standards, documentation, or primary data
legal, medical, financial, safetyuse primary official sources and qualified human review
statisticscheck methodology, sample, geography, and year
citations in generated textmake sure each cited source actually supports the sentence

The assistant can make retrieval faster. It should not outsource judgment. A good workflow is: ask, collect sources, open the sources, then write the conclusion in your own words.

The honest framing

  • "We value your privacy" is not a setting. Find the actual data-control page and check what is on by default for your account.
  • Local is strongest for sensitive input. If nothing leaves your machine, the privacy question becomes much simpler.
  • Open weights are useful but not magic. They can support self-hosting and scrutiny, but openness also depends on license, code, and training-data information.
  • Hosted frontier models trade control for capability. That can be worth it; just make the trade consciously.
  • AI can be confidently wrong. For anything consequential, verify with primary sources or a human expert.
  • A chatbot is not a records system. Treat important outputs like drafts: save the source material, citations, and final version somewhere durable.
  • "Open" needs nouns. Ask open weights, open code, open data information, open license, open evals, or open governance.
  • Paste inertia. The easiest workflow can become the riskiest one if every file goes through the same assistant by habit.
  • Policy drift. AI product terms, training controls, retention, and enterprise promises can change faster than ordinary software expectations.

Extra caution for companion and social AI

Companion, character, and social-platform assistants deserve a different boundary from productivity tools. They are designed around ongoing relationship, mood, identity, roleplay, or social discovery, so they can collect unusually intimate signals even when the topic feels playful.

RiskBetter boundary
emotional dependencekeep real support people, therapy, and emergency resources outside the app
identity exposureavoid full names, addresses, workplace details, school details, and third-party secrets
sexual or romantic roleplaycheck age policies, consent boundaries, moderation, and data controls
teen or family useprefer tools with clear youth policies, guardian controls, and safety documentation
social graph leakageassume platform assistants can connect chats to a wider account ecosystem unless proven otherwise
crisis momentsdo not rely on a chatbot as emergency care

This is not an argument against playful AI. It is an argument for treating intimacy as sensitive data. The warmer the interface feels, the more deliberately you should choose what belongs there.

When the right move is not to use AI

Conscious use includes refusal. Do not use an assistant when the task requires confidentiality you cannot verify, consent from people whose data appears in the file, professional accountability, or a record that must survive audit. Also pause when the assistant is making the decision rather than helping you inspect it.

SituationBetter move
credentials, API keys, private keys, recovery phrasesnever paste; rotate if exposed
someone else's health, legal, school, or workplace recorduse an approved governed route or do the work outside chat
hiring, lending, housing, discipline, grades, benefits, or eligibilityrequire policy, human review, and documented process
emotional crisis or self-harm riskcontact real emergency, crisis, clinical, or trusted human support
one-click agent action with money or public postingrequire explicit review before the action leaves the device
answer with no source for a claim that mattersverify from primary sources before relying on it

The point is not to make AI scary. It is to keep the human responsibility visible exactly where the interface tries to make everything feel effortless.

A reasonable default

Use a hosted assistant with model-improvement training turned off for ordinary work, and a local or private model for sensitive drafts, identity details, client data, unpublished work, or anything you would not paste into a search box. Prefer providers that publish meaningful safety and privacy documentation, and keep an export/delete habit for tools you rely on.

When to choose local or private deployment

Choose local, private-cloud, enterprise, or API routes when the assistant touches confidential work, regulated data, unpublished creative assets, customer records, source code, internal strategy, or anything covered by a promise you made to someone else. The tradeoff is usually convenience and raw capability versus control, auditability, and data governance. For casual brainstorming, the tradeoff can be fine. For sensitive work, make the boring governance choice before the magic demo talks you out of it.

Useful anchors: NIST AI Risk Management Framework, NIST's Generative AI Profile, the FTC warning that AI companies must uphold privacy and confidentiality commitments, the Open Source Initiative's Open Source AI Definition, OSI's explainer on open weights, and OpenAI's Data Controls FAQ.


Compare assistants on privacy, openness, safety and transparency by your own weighting in the AI-assistants explorer.

Read next
Choosing biscuits without the tea-time fog

Biscuits and cookies are small enough to look harmless and engineered enough to disappear by the sleeve. The honest question is not whether a biscuit can be a health food. Usually …

Choosing body wash without clean-beauty fog

Body wash has a modest job: clean skin without making it angry. The aisle tries to make that job feel like aromatherapy, detox, luxury, microbiome repair, active sport recovery, or…

Reading without feeding the monopoly

The book is the same almost everywhere. The difference is what happens around it: who gets paid, whether a local shop survives, whether a library can lend it, whether you actually …