- VetoShield scores AI tools on a 1–5 scale across five privacy dimensions to make risk comparison objective
- The five dimensions are: training policy, data retention, staff access, third-party data sharing, and data jurisdiction
- A tool can be excellent on training (opt-out by default) but poor on jurisdiction (servers outside EU adequacy framework)
- Scores are based on published privacy policies, terms of service, and DPA documentation — not vendor claims
- Organizations can use these scores to categorize tools as Approved, Warn, or Blocked in their AI usage policy
An AI privacy score is a structured rating that measures how a given AI tool handles user data across multiple dimensions — independently of whether the tool is useful or accurate. Privacy scoring allows organizations to compare tools consistently and make policy decisions based on objective criteria rather than brand reputation.
Why a structured scoring approach matters
Without a consistent framework, organizations make ad-hoc judgments about AI tools. A typical pattern: a manager says “ChatGPT seems fine” because a trusted colleague uses it, or a vendor promises their product is “enterprise-grade” in a sales deck. Neither of these is a reliable basis for a compliance decision.
The problem compounds quickly. Employees typically use dozens of AI tools — writing assistants, code helpers, summarization tools, image generators — each with different privacy defaults, data retention policies, and contractual terms. Evaluating them one-by-one using unstructured judgment creates inconsistency and leaves organizations unable to demonstrate to regulators that they applied a repeatable process.
A structured privacy score solves this by:
- Making comparisons objective. When every tool is evaluated against the same five dimensions, you can directly compare ChatGPT Free against Microsoft Copilot against a niche internal tool using the same criteria.
- Creating an audit trail. A scored evaluation, based on documented sources, can be presented to a data protection officer, auditor, or regulator. “We assessed this tool” is a defensible position. “It seemed fine” is not.
- Enabling automation. Once you have a scoring framework, you can automate policy enforcement. Tools below a threshold are automatically blocked; tools above it are approved. VetoShield does exactly this.
The five dimensions VetoShield scores
VetoShield evaluates every AI tool against the same five dimensions. Each dimension is weighted by its typical impact on data sovereignty and regulatory exposure.
- Training policy Weight: High
Does the tool use your inputs to train its models? Are business tiers excluded from training by default? Can organizations opt out at the org level — not just per user? Training data use is weighted heavily because it represents a permanent, irrevocable transfer of your data into a model that may be used for purposes outside your control. A single employee pasting confidential content into a free-tier tool may inadvertently contribute that content to a model used by competitors.
- Data retention Weight: High
How long is conversation data stored? Is there a zero-retention option for organizations? What happens to data after account deletion — is there a safety hold period, and how long is it? Data retention is weighted highly because it determines your exposure window. A tool that retains conversations indefinitely by default creates long-term risk even for a single inadvertent disclosure.
- Staff access Weight: Medium
Can employees of the AI provider read your conversations? Under what circumstances — routine quality review, safety monitoring, or only under court order? Is there a published policy on human review, and is there an audit log available to enterprise customers? Staff access matters because it determines whether your data is truly private or whether it is routinely visible to third-party humans.
- Third-party sharing Weight: Medium
Does the platform share data with subprocessors, advertising networks, analytics providers, or research partners? Is the complete subprocessor list published and kept up to date? Can customers be notified of subprocessor changes before they take effect? Third-party sharing affects how many parties your data ultimately reaches. A tool that looks privacy-respecting may share data with dozens of downstream vendors.
- Data jurisdiction Weight: Medium
Where are servers located? Is data processed outside the EU/EEA? Is there an EU adequacy decision covering the destination country, or are Standard Contractual Clauses (SCCs) in place? Does the tool offer EU data residency as an option for enterprise customers? Jurisdiction determines the legal framework governing your data. Processing in a country without an EU adequacy decision or SCCs creates a GDPR transfer violation, regardless of the tool’s other privacy practices.
How major tools score across dimensions
The following comparison shows how common AI tools fare across the five dimensions, based on their published privacy policies, terms of service, and DPA documentation as of April 2026. Scores reflect the default configuration — enterprise plans with custom contractual terms may score differently.
| Tool | Training | Retention | Staff Access | 3rd-Party Sharing | Jurisdiction | Notes |
|---|---|---|---|---|---|---|
| ChatGPT Free | High Risk | High Risk | Medium Risk | Medium Risk | Medium Risk | Opt-in to training by default; no DPA; US servers; 30-day safety hold after deletion |
| ChatGPT Enterprise | Low Risk | Low Risk | Low Risk | Medium Risk | Medium Risk | Training off by default; zero-retention option; DPA available; EU SCCs in place; subprocessor list published |
| Google Gemini (free) | High Risk | High Risk | High Risk | Medium Risk | Medium Risk | Human reviewers can access conversations; conversations used for product improvement; no DPA on free tier |
| Microsoft 365 Copilot | Low Risk | Low Risk | Low Risk | Low Risk | Low Risk | Training off by default; EU data residency available; DPA included in enterprise agreements; comprehensive subprocessor list |
| Claude API | Low Risk | Low Risk | Low Risk | Low Risk | Medium Risk | No training on API inputs/outputs by default; DPA available; EU SCCs in place; EU data residency not yet available |
The pattern is consistent: free consumer tiers carry the highest risk, enterprise plans with contractual commitments score better, and jurisdiction remains a moderate concern for most US-headquartered vendors regardless of tier.
EU AI Act context: Organizations subject to the EU AI Act are expected to assess the AI systems they deploy — including tools adopted independently by employees. Privacy scores are one input into that assessment, but the Act also requires documentation of intended use, risk classification, and human oversight measures.
How to use scores in your AI policy
Privacy scores become actionable when they are mapped to policy outcomes. VetoShield uses a three-tier model:
| Score tier | Policy outcome | Typical conditions |
|---|---|---|
| Low risk across all dimensions | Approved | Tool can be used freely within standard acceptable-use guidelines. No additional controls required. |
| Medium risk on 1–2 dimensions | Approved with restrictions | Tool may be used for general tasks, but personal data, client information, and sensitive business content may not be entered. Employees are shown a warning at the point of use. |
| High risk on any critical dimension | Warn or Block | Tool requires explicit manager approval before use (Warn), or is blocked entirely. Free tiers of consumer tools typically fall here. |
In practice, most organizations end up with a short approved list (enterprise-tier tools with DPAs), a conditional list (free-tier tools for non-sensitive work only), and a blocked list (free consumer tools for any business use).
VetoShield automates this mapping. Once you configure your thresholds, the system automatically enforces them: when an employee tries to access a blocked tool, VetoShield displays your policy rationale and directs them to an approved alternative. When a tool’s privacy policy changes, the score is updated and the policy enforcement adjusts accordingly.
Limitations of privacy scores
Privacy scores are a structured, evidence-based tool — but they have limits that organizations should understand.
- Scores reflect published documentation, not actual practice. A privacy policy describes what a vendor commits to do. It does not guarantee that those commitments are implemented correctly or consistently. Scores cannot substitute for vendor due diligence in high-stakes contexts.
- Privacy policies change. A tool that scores well today may change its terms next quarter. Organizations should re-evaluate tools periodically — at minimum annually, and immediately when a vendor announces material policy changes. VetoShield monitors for policy changes and triggers re-evaluation automatically.
- A high privacy score does not mean a tool is safe for all use cases. HIPAA compliance, for example, requires a Business Associate Agreement and specific technical controls beyond general privacy scores. Similarly, some regulated industries have requirements that go beyond what privacy scoring captures.
- Scores do not assess security. A tool can have excellent privacy practices (data used only as documented, no third-party sharing) and still have poor security controls that expose your data to breaches. Privacy scores and security certifications (SOC 2, ISO 27001) address different risks and should both be considered.