Why we don't train on your chats (and what we do instead)
Most AI products get smarter by reading your conversations. We decided that tradeoff wasn't worth it. Here's what we do, and what we pointedly don't.
Almost every major AI product improves by reading your conversations. We decided that trade wasn't worth it — the feature isn't worth what it costs you. Here's what we do instead, and why the math works out anyway.
What we lose by not doing this
Some things. A small, useful feedback loop — the lab that trains on user conversations gets faster reads on where the model fails. Some long-tail personalization — the model could learn your style over time, if it read every message you sent.
Small things. Worth less than the privacy cost.
A tool that reads your private conversations to improve itself has, essentially, conscripted you into its R&D.
What we do instead
Four things, none of which touch your chats:
- Public benchmarks. We run quarterly evaluations against the standard academic sets and against our own 6,000- prompt refusal benchmark. If the model regresses, we see it.
- Opt-in bug reports. Users can flag a specific response as wrong or unhelpful. The flagged turn — and only the flagged turn — is reviewed by a human. Nothing else gets read.
- Synthetic training data. When we need more data for a capability gap, we generate it from scratch against our published prompt sets. Expensive but clean.
- Licensed data partnerships. For domain expansions (medicine, law) we buy commercially available text from publishers, not scrape from our own users.
The concrete guarantee
Your conversations never enter any training pipeline. There is no server-side transcript store to pull from. There is no checkbox we could flip later that would expose what we've never kept. The guarantee is an architectural fact, not a policy commitment.
Frequently asked
Could you change this policy later?
We could change the policy. We couldn't retroactively create training data from conversations we never stored. That's the whole point of architecture over policy.
What about the bug-report opt-in?
Opt-in means you click a button on a specific response. That turn is reviewed by a human; nothing adjacent is pulled. We don't train on it either — we fix the underlying issue.
How do you get better without user data?
Benchmarks, synthetic data, licensed data, and narrow human-labeled sets. It's slower than training on user chats, but it's the right kind of slow.
Isn't this the same as Anthropic/OpenAI's opt-out?
Opt-out means 'we train on your chats unless you find the setting.' Default-off with storage means 'we don't train on them and we also don't keep them.' Different guarantee, different blast radius when something goes wrong.
Ready to experience an AI without a leash?
Start chatting freeKeep reading
The alignment tax on curiosity
The cost of over-safe AI isn't paid by the lab that ships it. It's paid by everyone who walks away from a question unanswered — and by a culture that stops asking them.
Privacy isn't a policy. It's an architecture.
A privacy policy is a promise. Architecture is a constraint. Here's how we built Unrestricted so there's nothing to leak, subpoena, or regret — even if we wanted to.
Six months in: refusals, growth, and what we got wrong
An honest review: where Unrestricted is working, where it isn't, what our users tell us, and the three things we'd change about the first half of the year.