How we research vendors, how we rate risk, what we mean by each section of a vendor profile, and how we handle our own conflicts of interest — including the commercial relationships that exist on this site and the ones we won’t accept.

Editorial principles

Three principles govern every vendor profile on this site:

1. Independence of verdicts. No vendor pays for a favourable rating. No advertising spend, no affiliate relationship, no sponsorship can change how a vendor profile rates or recommends. Where we have a commercial relationship with a vendor (affiliate or sponsorship), it is disclosed on the affected page, and the rating remains the rating we would have given anyway. If you cannot trust the verdicts, the site has no value.
2. Every factual claim is sourced. Vendor profiles cite specific URLs (verified on the date shown at the top of each profile), specific CVE numbers, specific incident reports. If we cannot source a claim, we do not make it.
3. If our recommendation is uncomfortable, we make it anyway. Several vendors in our database are rated lower than their marketing implies. Several SMB-popular tools receive recommendations to upgrade tiers or switch vendors. We optimise for the reader, not for vendor relationships.

The commercial model — what we will and won’t accept

AI Leakage is operated commercially. Independence from vendor influence on verdicts is non-negotiable; the absence of any commercial activity is not the same thing and we don’t pretend it is. Here is exactly what we do and don’t accept, with the reasoning.

What we will accept

• Affiliate commissions on vendors that pass our evaluation. Where a vendor we have rated favourably offers an affiliate programme, we may participate. The rating is set before any commercial relationship is considered. Where an affiliate relationship exists, the vendor’s profile carries a clear disclosure at the top of the page. See our Affiliate Disclosure page for the full list of vendors we have current affiliate relationships with.
• Paid product sales. We sell our own digital products (policy templates, industry packs, vendor database subscriptions, audit kits). These are independent of any vendor relationship.
• Sponsored independent evaluations under transparent disclosure. A vendor may pay for an independent evaluation of their product. The evaluation methodology and verdict are unchanged from our standard process; the sponsorship covers the research time. Any sponsored evaluation carries a prominent disclosure at the top of the page, names the sponsor, and discloses the financial arrangement. The verdict is the verdict regardless of who paid for the research time. We retain the right to publish an unfavourable verdict on a sponsored evaluation; vendors who do not accept this term do not get sponsored evaluations from us.
• White-label licensing of our research to MSPs and consultancies. Managed service providers and IT consultancies who want to use our vendor database, policy templates, or audit methodology with their own SMB clients can license that material. See For MSPs.

What we won’t accept

• Paid placements that influence verdicts. A vendor cannot pay us to receive a higher risk rating, a more favourable recommendation, or removal of an unfavourable disclosure. Sponsored evaluations remain editorially independent.
• Paid placements that suppress information. A vendor cannot pay us to remove a documented breach incident, an unflattering training-default, a litigation reference, or any other factual disclosure.
• Sponsored content that pretends to be editorial. Any commercial relationship is disclosed at the top of the affected page, prominently. We do not publish content that reads as independent analysis when it is paid promotion.
• Press release re-distribution. We are not a wire service for vendor announcements.
• Affiliate links to vendors that fail our evaluation. Even if a poor-rated vendor offers an attractive affiliate programme, we do not link to them. Rating drives linking, not the other way around.

Risk rating scale

Every vendor receives a plain-English risk rating from 1 (lowest) to 5 (highest). Many vendors receive split ratings because their consumer and enterprise tiers differ materially — a vendor can be 1 of 5 at the Enterprise tier and 4 of 5 at the consumer tier. We rate every tier honestly rather than averaging.

• Risk 1 of 5 (Lowest): Genuinely strong privacy posture. Contractual no-training default. No documented serious incidents. Examples in our database: Workspace Gemini, Notion AI Enterprise, Adobe Firefly Enterprise, Cursor Business, Canva Teams+ permanent no-training.
• Risk 2 of 5 (Low): Strong privacy posture with some structural caveats. Examples include inheriting customer permissions in a complicated way, theoretical vulnerability to indirect prompt injection, or incomplete data-residency options. Most enterprise-grade Embedded Productivity AI and Vertical SaaS sits here.
• Risk 3 of 5 (Moderate): Industry-typical. Training on by default for the consumer tier with opt-out available. Some breach history but no pattern of cover-up or material misrepresentation. ChatGPT, Claude, Gemini consumer, and most paid-consumer tiers sit here.
• Risk 4 of 5 (High): Above-typical concerns. Pending material litigation, recent policy regression, or a documented pattern of weak disclosure. Perplexity consumer, GitHub Copilot Free/Pro/Pro+, Midjourney non-Stealth, ElevenLabs consumer.
• Risk 5 of 5 (Highest): Structurally incompatible with privacy-conscious business use without significant configuration, or actively defending material litigation that goes to the heart of the product’s operation. Grok consumer (trains on all public X posts by default). Replit AI agents in production environments. Otter.ai Free/Pro (pending the In re Otter.AI Privacy Litigation outcome).

The 12-section profile schema

Every vendor profile covers the same twelve sections in the same order. This consistency is deliberate — it makes vendors comparable and makes it harder for us to omit inconvenient sections.

1. Note on independence (when applicable). Disclosed conflicts and the corrections we apply. Where an affiliate relationship exists, the disclosure is in this section.
2. Plain-English risk rating. 1 of 5 to 5 of 5, with split ratings where tiers differ materially.
3. Recommended for. Sole proprietor, small team, regulated industry, and “the honest answer” sections.
4. Critical pre-deployment warning (when applicable). The single most important thing to know before deploying the tool.
5. Data retention default. What the vendor retains, for how long, per tier.
6. Training opt-out. Whether training is on or off by default, and how to change it.
7. Zero Data Retention (ZDR) availability. Whether the vendor offers true ZDR and at which tier.
8. Plan tiers and pricing. Current pricing, what each tier includes, training defaults per tier.
9. Jurisdiction. Where the vendor is incorporated, where data is processed, which laws apply.
10. Breach history. Public incidents, with specific dates, CVE numbers, and CVSS scores where applicable.
11. What this means in plain English. Three honest takeaways for SMB owners.
12. Sources. Verified URLs with verification dates.

How we verify sources

Every source in a vendor profile is visited on the verification date shown at the top of the profile. Vendor self-published security documentation (trust centres, privacy policies, terms of service) is treated as primary for vendor commitments but cross-referenced against independent reporting wherever possible.

For incident reports, we prioritise in this order: (1) the vendor’s own public disclosure, (2) the original security researcher’s published technical writeup, (3) the CVE entry in the National Vulnerability Database, (4) reputable independent security journalism. We avoid summary aggregators and prefer to cite the source the aggregator was citing.

For legal proceedings, we cite the case number and court rather than press summaries where possible, and we note when proceedings are unresolved.

Verification cadence

Each vendor profile shows a “Last verified” date at the top. We aim to re-verify every profile at least every 90 days, and immediately when:

• A vendor announces a material policy change (training defaults, retention windows, pricing tier restructuring)
• A new breach or vulnerability is disclosed
• A new significant feature is launched (particularly agentic features that expand the attack surface)
• A reader flags a discrepancy via the contact page

If a profile has not been re-verified within 120 days, we add a notice at the top of the profile explaining the staleness.

Our own conflicts of interest

We disclose the following conflicts:

• We use Claude (Anthropic) in our content workflow. The Claude vendor profile on this site applies a deliberate counter-correction — where the evidence on Anthropic is unflattering, we report it with the same specificity we apply to OpenAI, Google, and Microsoft. Readers should treat the Claude profile as more skeptical of Anthropic than it would otherwise be, not less. Full disclosure on the How This Site Uses AI page.
• Current affiliate relationships are listed and dated on the Affiliate Disclosure page. Where a vendor profile is affected, the profile carries a disclosure at the top.
• Sponsored evaluations, where any exist, are disclosed at the top of the affected page with the sponsor named and the financial arrangement described.
• The site operator is a New Zealand-based independent researcher with no advisory or board relationships to any vendor profiled. If that changes (we accept a consulting engagement, become an investor in an AI vendor, take a board seat), we will disclose the change before publishing any affected profile.

Corrections policy

We respond to factual corrections promptly. Email the operator (contact page) with the specific claim you believe is incorrect, your evidence, and we will respond within five business days. Confirmed corrections are made inline with a “Corrected on [date]” note at the bottom of the relevant section. We do not silently edit content after publication.

If you are a vendor profiled on this site and you believe a claim about your product is inaccurate, please cite the specific section, what you believe is incorrect, and what the accurate statement would be. We will engage with the substance of the disagreement rather than the framing.

---

How this was written: this page was researched and drafted with AI assistance (primarily Claude on a no-training tier) and reviewed against primary sources before publication. We hold ourselves to the same standard we rate other tools against — see How This Site Uses AI for the full disclosure.