AI Tool Privacy Policies Compared: Who Keeps Your Data? | Pick AI Tools

Your Client Data Is Probably Training Someone’s AI Model Right Now

Last year, I helped a 40-person financial advisory firm migrate to an AI-powered CRM. Six months in, their compliance officer discovered that every client note, every deal value, and every email summary had been used as training data for the vendor’s language model. The opt-out toggle was buried three menus deep in admin settings, and it was off by default.

This isn’t an edge case. I’ve audited privacy policies for over two dozen AI tools used in CRM workflows, and the gap between what vendors say on their marketing pages and what their Terms of Service actually allow is staggering.

Here’s what I found.

The Three Questions That Actually Matter

Forget the vague “we take your privacy seriously” language. When you’re evaluating any AI tool that touches customer data, you need answers to exactly three questions:

Does the vendor use your data to train their AI models? Not “improve the service” — specifically, do your inputs end up in model training datasets?
How long do they retain your data after you stop paying? 30 days? 90 days? Forever?
Can you actually delete your data, and will they prove it?

If a vendor can’t give you clear, written answers to all three, walk away. I’ve watched too many firms scramble when a client asks “where is my data?” and nobody has a straight answer.

How the Major CRM AI Tools Handle Your Data

I went through the current privacy policies and data processing agreements (DPAs) for seven major tools as of Q1 2026. Here’s what the fine print actually says.

HubSpot

HubSpot updated its AI data policy in late 2025 after significant pushback from enterprise customers. Here’s where things stand:

Training on your data: Opt-out by default for Enterprise plans. Free and Starter plans are opt-in to AI training unless you manually disable it in Settings > Account > AI Preferences.
Data retention: 90 days after account cancellation, with a formal deletion request process that takes up to 30 additional days.
Deletion verification: They’ll provide a written confirmation of deletion but won’t give you an audit log showing what was removed.

The catch: HubSpot’s “AI Assistants” (email drafting, content suggestions, predictive lead scoring) process data through their own models and through third-party LLM providers. Their DPA covers HubSpot’s handling, but the sub-processor list is where it gets murky. Check their sub-processor page quarterly — they’ve added three new AI sub-processors in the last six months alone.

What to do: If you’re on a Free or Starter plan, go to Settings > Account > AI Preferences right now and toggle off “Use my data to improve AI features.” Then download HubSpot’s sub-processor list and cross-reference it with your compliance requirements.

Salesforce

Salesforce has taken the most aggressive “trust” marketing approach, and to be fair, their Einstein AI data policies are among the clearest in the industry.

Training on your data: Salesforce explicitly states that customer data in Einstein is not used to train shared models. Your data trains only your org-specific models. This has been independently verified by third-party audits.
Data retention: Data is retained for the duration of your contract plus 120 days. Sandbox and development org data follows different rules — often retained longer.
Deletion verification: Available through their Data Deletion Request process, with SOC 2 Type II audit trail.

The real concern with Salesforce isn’t their first-party policy — it’s the AppExchange ecosystem. I’ve seen clients install third-party Salesforce apps that hoover up CRM data and send it to their own servers with far weaker privacy controls. One popular email enrichment app was storing full contact records on AWS instances with default encryption settings.

What to do: Audit every AppExchange app you’ve installed. Go to Setup > Connected Apps and review each app’s data access scope. If an app has “Access and manage your data” permissions and you don’t know exactly why, remove it until you’ve read their DPA.

Zoho CRM with Zia AI

Zoho CRM sits in an interesting middle ground. They’re privately held, which means they don’t face the same pressure to monetize data that publicly traded companies do.

Training on your data: Zoho’s policy states that Zia AI processes data within your account boundary and doesn’t use it for cross-account model training. However, “anonymized and aggregated” usage patterns are collected for product improvement.
Data retention: 60 days post-cancellation for paid plans, with an expedited deletion option available on request.
Deletion verification: Written confirmation provided within 15 business days.

Zoho’s biggest advantage here is that they run their own data centers rather than relying entirely on hyperscalers. This gives them more direct control over the data lifecycle. The downside: their DPA language around “anonymized and aggregated” data is vague enough that you should push for clarification in writing before signing an enterprise contract.

Pipedrive AI

Pipedrive’s AI features are newer and less extensive than the bigger players, which actually works in their favor from a privacy standpoint — there’s simply less AI surface area to worry about.

Training on your data: Their current policy allows use of “de-identified customer data” for model improvement. The definition of “de-identified” isn’t specified in their public DPA.
Data retention: 60 days post-cancellation.
Deletion verification: Available on request, no formal audit trail provided.

The concern here is the ambiguity. “De-identified” can mean a lot of things, and without a clear technical definition, you’re trusting their interpretation. For small sales teams with low-sensitivity data, this might be acceptable. For anyone handling financial, healthcare, or legal client data, push for a custom DPA.

Freshsales (Freddy AI)

Freshworks’ Freddy AI has expanded aggressively in the last year, adding generative features to email, deal summaries, and forecasting.

Training on your data: Freddy AI processes are covered under Freshworks’ standard DPA, which does allow “service improvement” usage of anonymized data. There’s no separate AI-specific data policy.
Data retention: 90 days post-cancellation.
Deletion verification: Provided on request with a 30-day SLA.

The absence of a standalone AI data policy is a red flag. Every other major vendor has separated their AI data handling terms from their general privacy policy because the data flows are fundamentally different. Freshworks hasn’t done this yet, and that makes it harder to understand exactly what happens to your data when Freddy processes it.

The Hidden Risk: Third-Party LLM Providers

Here’s what most comparison articles miss. Many CRM tools don’t run their own AI models — they route your data through OpenAI, Anthropic, Google, or other LLM providers via API.

When HubSpot generates an email draft for you, that prompt (which might include your contact’s name, company, deal size, and conversation history) gets sent to an external model provider. Most enterprise API agreements with these providers stipulate zero data retention and no training on API inputs, but you need to verify this for each tool you use.

Here’s how the data flow typically works:

You click “Generate email draft” in your CRM
Your CRM constructs a prompt using your contact data
That prompt goes to an LLM API (often OpenAI or Anthropic)
The model returns a response
Your CRM displays the result

At steps 2 and 3, your client’s data leaves your CRM vendor’s infrastructure. Even if your CRM vendor has a great privacy policy, the sub-processor’s terms also apply.

What to do: Request the full sub-processor list from every AI tool you use. Specifically ask which LLM providers handle generative AI features and whether those providers have zero-retention API agreements in place.

EU and International Compliance: Where Things Get Complicated

If you have clients or contacts in the EU, GDPR applies to how your AI tools process their data — regardless of where your company is based. I’ve seen three common compliance failures in CRM AI setups:

Problem 1: No legitimate basis for AI processing. Your privacy notice says you use a CRM for “customer relationship management.” It doesn’t say you feed contact data into generative AI models. That’s a gap, and it’s one that EU data protection authorities have started flagging.

Fix: Update your privacy notice to explicitly mention AI-assisted processing. Specify what data is processed, which AI features use it, and whether any data leaves your primary vendor’s infrastructure.

Problem 2: Cross-border data transfers without safeguards. If your CRM routes data to a US-based LLM provider and your contacts are EU-based, you need Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms in place.

Fix: Check whether your CRM vendor’s DPA includes SCCs for AI sub-processors. Salesforce and HubSpot both include these by default in their enterprise DPAs. Smaller vendors often don’t.

Problem 3: No Data Protection Impact Assessment (DPIA). Under GDPR, processing personal data through AI likely triggers DPIA requirements. Most companies I’ve worked with haven’t done one for their CRM AI tools.

Fix: Complete a DPIA for each AI feature that processes personal data. Focus on: what data goes in, where it’s processed, who has access to the output, and what happens if the AI generates incorrect information about a contact.

Practical Comparison Table

Here’s the summary across all tools I reviewed:

Feature	HubSpot	Salesforce	Zoho	Pipedrive	Freshsales
Uses data for AI training	Opt-out (varies by plan)	No (org-specific only)	Anonymized/aggregated	”De-identified"	"Service improvement”
Post-cancellation retention	90 days	120 days	60 days	60 days	90 days
Deletion verification	Written confirmation	SOC 2 audit trail	Written confirmation	On request	30-day SLA
Standalone AI data policy	Yes	Yes	Partial	No	No
LLM sub-processors disclosed	Yes (sub-processor list)	Yes (Trust site)	Partial	Limited	Limited

If data privacy is a primary concern — and if you’re handling client data in a regulated industry, it should be — here’s my honest ranking:

Tier 1: Best privacy controls. Salesforce with Einstein. The org-specific model training, SOC 2 audit trails, and comprehensive DPA set the standard. You’ll pay for it, but the compliance infrastructure is worth it for regulated industries.

Tier 2: Good with configuration. HubSpot Enterprise and Zoho CRM. Both offer adequate controls, but you need to actively configure them. Don’t assume defaults protect you.

Tier 3: Proceed with caution. Pipedrive and Freshsales. Both are building out their AI capabilities faster than their privacy documentation. Fine for small teams with low-sensitivity data. Not ready for regulated industries.

Your Next Steps

Don’t just read this and move on. Block 30 minutes this week and do these three things:

Log into every AI tool that touches your CRM data. Find the AI/data usage settings and confirm they’re configured the way you expect.
Download the sub-processor list from each vendor. If a vendor doesn’t publish one, email their DPA team and request it in writing.
Check your own privacy notice. If it doesn’t mention AI-assisted processing, update it before a client or regulator asks.

Privacy policies change constantly, and vendors often update terms without notification. Set a quarterly calendar reminder to re-check these settings. For a deeper look at how specific tools compare on features beyond privacy, check out our CRM tool comparisons and individual tool reviews to find the right fit for your workflow.

Disclosure: Some links on this page are affiliate links. We may earn a commission if you make a purchase, at no extra cost to you. This helps us keep the site running and produce quality content.