| Provider | Free | Pro / Plus | Team | Enterprise |
|---|---|---|---|---|
| Data Used for Training | ||||
| ChatGPT | Yes | Yes | No | No |
| Claude | No | No | No | No |
| Gemini | Yes | Yes | No | No |
| Copilot | Yes | Yes | No | No |
| Compliance & Security | ||||
| ChatGPT | BAA/HIPAA Enterprise only | SOC 2 Yes | SSO/SCIM Team+ | Admin Panel Team+ |
| Claude | BAA/HIPAA Not yet | SOC 2 Yes (SOC 2 Type II) | SSO/SCIM Enterprise | Admin Panel Team+ |
| Gemini | BAA/HIPAA Via Google Workspace | SOC 2 Yes | SSO/SCIM Business+ | Admin Panel Business+ |
| Copilot | BAA/HIPAA Via M365 | SOC 2 Yes | SSO/SCIM M365+ | Admin Panel M365+ |
| Pricing (per user/month) | ||||
| ChatGPT | Free | Plus ($20/mo) | Team ($25/user/mo) | Enterprise (custom) |
| Claude | Free | Pro ($20/mo) | Team ($25/user/mo) | Enterprise (custom) |
| Gemini | Free | Advanced ($20/mo) | Business ($14/user/mo) | Enterprise (custom) |
| Copilot | Free | Pro ($20/mo) | M365 ($30/user/mo) | Enterprise (custom) |
Understanding the Tiers
Every major AI provider follows a similar pattern: free and low-cost tiers that may use your data for training, and paid business tiers that don't. The dividing line isn't always where you'd expect it.
The dividing line between 'your data trains AI models' and 'your data is off-limits' isn't always where you'd expect it. Some $20/month plans still train on your data by default.
The general structure across providers:
Free & Plus Tiers
$0-20/user/month
- ✗ Data may be used for model training
- ✗ No admin controls or user management
- ✗ No compliance certifications
- ✗ Individual opt-out settings (if available)
- ✗ Fine for personal use with non-sensitive data
Team & Enterprise Tiers
$25+/user/month
- ✓ Data excluded from training across all providers
- ✓ Admin consoles with user management
- ✓ SOC 2 compliance (Team+)
- ✓ SSO/SCIM, BAA, custom retention (Enterprise)
- ✓ Required for any business data
The $5 Decision That Changes Everything
The difference between "your data might be training an AI model" and "your data is completely off-limits" is often just $5 more per user per month.
ChatGPT Plus costs $20/month. ChatGPT Team costs $25/user/month. That $5 gap buys you:
- A guaranteed opt-out from data training (no relying on individual employee settings)
- An admin console so you can manage every user from one place
- SOC 2 compliance documentation for your auditors
- A shared workspace so your team can collaborate on prompts
$5
Per user/month difference between Plus and Team
$50
Total monthly cost increase for a 10-person team
100%
Of business data excluded from training at Team tier
BOTTOM LINE
For a 10-person team, upgrading from Plus to Team costs $50/month total. For the peace of mind that no client data, financial records, or proprietary information is being fed into a training pipeline, that's the easiest technology decision you'll make this year.
What "No Training" Actually Means
This is the most common misunderstanding we run into. When a provider says "we don't train on your data," that does not mean your data is never processed or temporarily stored.
When a provider says 'we don't train on your data,' that does not mean your data is never processed or temporarily stored. There are four distinct levels of data handling.
No Training
Your conversations are not used to improve future versions of the AI model. This is what Team and Enterprise tiers guarantee.
Temporary Processing
Your data is still sent to the provider's servers, processed, and a response is generated. During this window (typically seconds to minutes), your data exists on their infrastructure.
Conversation Storage
Most providers store conversations for some period, even on Team plans, so you can access your history. This data sits on their servers, encrypted, but it exists.
Zero-Data Retention (ZDR)
The highest level of protection. Your data is processed and immediately discarded. No logs, no history, no storage. Available on some Enterprise plans and API tiers (like Azure OpenAI and Claude API).
KEY TAKEAWAY
For most businesses, "no training" at the Team tier is sufficient. If you're in healthcare, legal, or financial services, ask about zero-data retention options. See our HIPAA-Compliant AI guide for specifics.
Compliance Certifications Explained
The matrix above references several certifications. Here's what they actually mean in plain English:
SOC 2
An independent audit that verifies a company handles your data securely. There are two types: Type I (point-in-time snapshot) and Type II (sustained over 6-12 months). Type II is more meaningful. Most AI providers at the Team tier and above have SOC 2 Type II certification.
BAA (Business Associate Agreement)
Required under HIPAA for any vendor that handles Protected Health Information (PHI). If you're a healthcare provider, dental practice, or any business that touches patient data, you need a BAA with your AI vendor before using their tools with any health-related data. Only Enterprise tiers and specialized platforms offer BAAs. See HIPAA-Compliant AI for the full list.
DPA (Data Processing Agreement)
Required under GDPR for processing EU residents' data. If you have European clients, employees, or website visitors whose data you're putting into AI tools, you need a DPA. Most providers offer these at Team tier and above.
SSO/SCIM
Single Sign-On lets employees log in with your company's identity provider (like Azure AD or Okta). SCIM automatically provisions and de-provisions user accounts when people join or leave your company. These are operational security features, not certifications, but they're critical for managing AI access at scale. Typically Enterprise-only.
WARNING
If you're in healthcare, legal, or financial services and handling regulated data, you likely need a BAA and possibly zero-data retention. Don't deploy AI tools without checking your compliance requirements first.
Our Recommendation
After helping dozens of businesses through this decision, here's what we recommend most often:
Small businesses (5-50 employees, no regulatory requirements)
Start with a Team tier on one provider. ChatGPT Team or Claude Team are both solid choices at $25/user/month. That eliminates data training risk, gives you admin control, and gets you SOC 2 compliance. Pick the provider whose strengths match your primary use case: ChatGPT for broad general use, Claude for long-document work and writing.
Healthcare practices and legal firms
You need Enterprise tier with a BAA. No exceptions. The options today are ChatGPT Enterprise, Azure OpenAI Service, Google Vertex AI, and Amazon Bedrock. Microsoft 365 Copilot also works if you're already in the Microsoft ecosystem. Budget $50-100+ per user per month and work with a consultant to get the implementation right.
Not sure where to start?
Take our free AI Readiness Assessment. It takes about 5 minutes and will tell you exactly which tier and provider fits your business. Or schedule a discovery call and we'll walk through it together.