Stanford just analyzed the privacy policies of the six biggest AI companies in America.

Amazon. Anthropic. Google. Meta. Microsoft. OpenAI.

All six use your conversations to train their models. By default. Without meaningfully asking.

Here’s what the paper actually found.

The researchers at Stanford HAI examined 28 privacy documents across these six companies  not just the main privacy policy, but every linked subpolicy, FAQ, and guidance page accessible from the chat interfaces.

They evaluated all of them against the California Consumer Privacy Act, the most comprehensive privacy law in the United States.

The results are worse than you think.

Every single company collects your chat data and feeds it back into model training by default. Some retain your conversations indefinitely. There is no expiration. No auto-delete. Your data just sits there, forever, feeding future versions of the model.

Some of these companies let human employees read your chat transcripts as part of the training process. Not anonymized summaries. Your actual conversations.

But here’s where it gets genuinely dangerous.

 

For companies like Google, Meta, Microsoft, and Amazon companies that also run search engines, social media platforms, e-commerce sites, and cloud services  your AI conversations don’t stay inside the chatbot.

They get merged with everything else those companies already know about you.

Your search history. Your purchase data. Your social media activity. Your uploaded files.

The researchers describe a realistic scenario that should make you pause: You ask an AI chatbot for heart-healthy dinner recipes. The model infers you may have a cardiovascular condition. That classification flows through the company’s broader ecosystem. You start seeing ads for medications. The information reaches insurance databases. The effects compound over time.

You shared a dinner question. The system built a health profile.

It gets worse when you look at children’s data.

Four of the six companies appear to include children’s chat data in their model training. Google announced it would train on teenager data with opt-in consent. Anthropic says it doesn’t collect children’s data but doesn’t verify ages. Microsoft says it collects data from users under 18 but claims not to use it for training.

Children cannot legally consent to this. Most parents don’t know it’s happening.

The opt-out mechanisms are a maze.

Some companies offer opt-outs. Some don’t. The ones that do bury the option deep inside settings pages that most users will never find. The privacy policies themselves are written in dense legal language that researchers  people whose job is reading these documents  found difficult to interpret.

And here’s the structural problem nobody is addressing.

There is no comprehensive federal privacy law in the United States governing how AI companies handle chat data. The patchwork of state laws leaves massive gaps. The researchers specifically call for three things: mandatory federal regulation, affirmative opt-in (not opt-out) for model training, and automatic filtering of personal information from chat inputs before they ever reach a training pipeline.

None of those exist today.

The uncomfortable truth is this: every time you type something into ChatGPT, Gemini, Claude, Meta AI, Copilot, or Alexa, you are contributing to a training dataset. Your medical questions. Your relationship problems. Your financial details. Your uploaded documents.

You are not the customer. You are the curriculum.

And the companies doing this have made it as hard as possible for you to stop.