ModelCharter

Consumer vs business AI tiers: why the tier changes everything

Ask 'is ChatGPT safe for sensitive data' and you are asking the wrong-shaped question. ChatGPT Free, ChatGPT Plus, ChatGPT Business, ChatGPT Enterprise and the API are five different products wearing one name, with meaningfully different data policies. This pattern repeats across nearly every major AI vendor, and the tier is frequently a bigger factor in your actual risk than the brand's general reputation for security.

The pattern, in plain terms

Consumer and free tiers exist to drive adoption at scale, with cheap or free access, fast sign-up, and terms written for individuals rather than organisations. Business and enterprise tiers exist to win procurement decisions, and procurement teams ask about training, retention, BAAs and DPAs, so vendors build those protections into the paid tier's contract, not the free one. The free tier isn't necessarily less secure technically; it is built for a different legal relationship with a different set of commitments attached.

Concrete examples of the split

The splits are concrete. With ChatGPT, Business, Enterprise and API data is excluded from training by default, while the free and Plus tier trains on conversations unless you opt out yourself. With Gemini, Workspace and Vertex AI exclude your content from training and inherit Google Cloud's HIPAA BAA, while the consumer Gemini app has a different default and no BAA coverage. GitHub Copilot Business and Enterprise do not retain or train on prompts and suggestions, whereas individual accounts have an opt-out that isn't the default. Perplexity Enterprise Pro excludes customer data from training and adds SSO, while the consumer product may use queries to improve the service unless you change a setting.

Why this trips teams up

Vendor evaluations tend to happen at the brand level: someone researches 'is ChatGPT secure', reads good things about Enterprise, and assumes the answer covers whatever plan the team ends up on. In practice, teams frequently start on a free or individual tier during evaluation (or an employee already has a personal account) and never formally migrate to the vetted business tier, so the actual usage sits on a different, unvetted set of terms than the one that got approved. Every tool profile in ModelCharter's AI Tool Risk Directory states the specific safe tier required for its sourced protections to apply, so check that field before assuming a whole-brand answer covers your team's actual plan.

What to actually do about it

So make the tier explicit. When approving a tool, name the specific tier in the approval, not just the product: 'ChatGPT Business or Enterprise', not 'ChatGPT'. Check whether anyone is already using a personal or free account for work, and migrate them to the approved tier rather than assuming everyone already is. Re-verify the tier's specific protections periodically, since vendors do shift what is included in each plan over time. And when a vendor's marketing says 'enterprise-grade', confirm that language actually describes your plan, not just their highest available one.

The single highest-leverage sentence you can add to any AI usage policy is often just: 'use the Business or Enterprise plan of this tool, never the free one.' It doesn't require banning anything, and it closes most of the gap between a tool's advertised security posture and what a given employee is actually using. You can check the specific safe tier for any AI tool in ModelCharter's AI Tool Risk Directory, sourced from the vendor's own documentation, and if you are not sure which tier your team is on, the free AI vendor risk assessment at /ai-vendor-risk-assessment walks you through it.

Put this into practice

Generate a free AI usage policy for your team, then see which of your tools are safe to use.

Open the generator