Slack Linkedin Anthropic AI Training Data

Published: December 5, 2025 • AI, Demand Letters
Your Shadow Training Set: How Slack, LinkedIn, Anthropic and Others Use Your Work Data for AI | Attorney Sergei Tokmakov

Your Shadow Training Set

How Slack, LinkedIn, Anthropic and Others Use Your Work Data for AI

You configured Upwork’s AI Preferences. You banned AI on Fiverr orders. But what about Slack, where your team discusses strategy all day? Or LinkedIn, where you message prospects? Or Claude, where you paste confidential drafts? The same company that locked down marketplace AI training may be feeding work product to dozens of other tools—without realizing it.

Why Upwork Isn’t the Whole Story

Freelance platforms are just one piece of your company’s data footprint. A typical knowledge-work company also routes sensitive information through:

  • Team collaboration tools: Slack, Microsoft Teams, Zoom, Google Workspace
  • Professional networks: LinkedIn
  • AI assistants: ChatGPT, Claude, Copilot, Gemini
  • Code and documentation: GitHub, GitLab, Notion, Confluence
  • Project management: Asana, Monday, ClickUp
  • Customer support: Intercom, Zendesk with AI features

Each of these has its own AI training policy, data retention rules, and opt-in/opt-out mechanics. And they’re evolving fast—what was “safe” six months ago may have changed.

What This Article Covers

This guide maps the current landscape across platforms:

  • How major tools (Slack, LinkedIn, Anthropic Claude, OpenAI, GitHub, etc.) train on your data
  • Recent controversies and what they revealed about platform practices
  • Consumer vs enterprise tier differences in AI training policies
  • How to build a company-wide AI & SaaS policy that’s consistent across all tools
  • Sample policy matrix and implementation action items

🚨 The Shadow IT Problem

Your company pays for Slack Enterprise and Google Workspace (protected). But employees also use:

  • Personal ChatGPT accounts to draft client emails
  • Free Claude.ai to review contracts
  • LinkedIn personal messages to discuss prospects

These personal/free accounts don’t have enterprise protections. Company data is leaking into consumer-tier training sets because employees don’t realize the distinction.

Three Data-Use Models You See in the Wild

Model 1: Opt-Out ML on De-Identified Data (Traditional Analytics)

How it works: Platform uses aggregate, de-identified data to train traditional machine learning models (recommendation engines, search ranking, spam detection). Individual messages or files aren’t directly accessed by the models.

Example: Slack’s Traditional ML (Pre-AI Features)

Before generative AI features, Slack used de-identified, aggregate data for search relevance and channel recommendations. Their April 2025 clarification states:

“Machine learning models are trained on de-identified and aggregated data. They do not access the content of customer messages in DMs, private channels or public channels.”

Risk level: Low. De-identification and aggregation reduce exposure of specific confidential content. But “what gets discussed” patterns (topics, frequency, user behavior) still inform platform improvements.

Model 2: Opt-In or Toggle-Based Training on Chats (Generative AI)

How it works: Platform offers generative AI features (chatbots, code completion, writing assistants). To power these, the platform trains on actual user inputs—messages, prompts, code. Users can opt in, opt out, or toggle per-workspace.

Example: Anthropic Claude’s 2025 Policy Shift

Anthropic (maker of Claude) initially took an “opt-in” approach: by default, they would not use customer data to train models. In 2025, they shifted:

  • Consumer products (free, Pro, Max): Anthropic will train on chats and coding sessions if users opt in. After a certain date, users must affirmatively choose to opt in or opt out.
  • Retention extended: From 30 days to up to five years for safety-classifier training (detecting abuse, harmful content).
  • Commercial / API products: Remain excluded from training. Enterprise customers’ data is not used to train models.

Risk level: Medium-High for consumer users. If your team uses Claude.ai (free or Pro), be aware that opting in means conversations—including company strategy, client information, draft contracts—may train future models.

Mitigation: Use Claude’s API or Teams plan for business work, which excludes training. Or configure opt-out settings for consumer accounts.

Model 3: Ambiguous / Contested Use Leading to Litigation or Backlash

How it works: Platform’s privacy policy contains vague language (“we may use data to improve services”). Users discover (or fear) that their messages, code, or professional content is being used for AI training. Public backlash or lawsuits force clarification.

Example: LinkedIn Private Messages Controversy (2025)

In 2025, a proposed class action alleged that LinkedIn used private messages of Premium customers to train generative AI models. LinkedIn denied the allegations, produced evidence that private messages weren’t used, and the case was voluntarily dismissed.

But the complaint revealed key concerns:

  • Policy ambiguity: LinkedIn’s updated privacy policy included language suggesting data “may be used” for AI, leading users to fear retroactive training.
  • Non-retroactive opt-outs: Even where “do not train” settings exist, they often don’t apply to data collected before the setting was enabled—raising the question of whether past “confidential” messages were already in the training set.
  • Reasonable expectation of privacy: Users argued that labeling messages as “private” created an expectation that they wouldn’t be mined for AI. LinkedIn’s position was that its terms disclosed potential uses.

Risk level: Variable. When policies are unclear and litigation is ongoing, companies face uncertainty about whether their historical data has already been used for training and whether current opt-outs are effective.

Major Tools: Current AI Training Policies (2025-2026)

Tool AI Features Training on User Data? Opt-Out Available? Enterprise Carve-Out?
Slack (Salesforce) Slack AI (search, summaries, thread insights) Traditional ML: De-identified, aggregate data; does not access message content.

Generative AI: Uses third-party LLMs (no Slack-trained models on customer data); retrieval-augmented generation only.		 N/A – Slack doesn’t train generative models on customer data ✓ Yes – commercial customers protected by “no customer data used to train LLMs” policy
Anthropic Claude Claude chatbot, API, coding assistance Consumer (free/Pro/Max): Will train on chats/code sessions if user opts in. Retention up to 5 years for safety classifiers.

Commercial/API: Not used for training.		 ✓ Yes – consumer users can opt out (must choose after certain date) ✓ Yes – API and Teams plans exclude training
OpenAI ChatGPT ChatGPT, API, Codex Consumer (free/Plus): By default, conversations may be used for training. Can opt out via settings.

API / Enterprise: Not used for training unless explicitly opted in for fine-tuning.		 ✓ Yes – “Data Controls” in settings (consumer); API customers excluded by default ✓ Yes – API and Enterprise agreements exclude training
Google Workspace (Gemini) Gemini in Gmail, Docs, Sheets; admin AI Consumer (free Gmail): May use data for training and ads.

Workspace (paid): Google states Workspace data (Docs, Gmail, Drive) is not used to train Gemini or ads models.		 Partial – consumer users have limited controls; Workspace customers protected by contract ✓ Yes – Workspace terms exclude training on customer content
Microsoft 365 Copilot Copilot in Word, Excel, Teams, Outlook Enterprise: Microsoft states Copilot does not train on customer data; uses retrieval-augmented generation and enterprise-specific grounding. N/A – not trained on customer data ✓ Yes – enterprise-only feature, protected by DPA
GitHub Copilot AI code completion, chat Suggestions: Trained on public GitHub repos. Your private code is not used to train Copilot’s base models (as of 2023 policy).

Telemetry: Usage data (not code content) may inform product improvements.		 Partial – can disable telemetry sharing; code content not used for training by policy ✓ Yes – GitHub Enterprise Cloud policies exclude training on private repos
LinkedIn Feed recommendations, job matching, learning pathways Traditional ML: Profile data, connections, activity used for recommendations.

Generative AI: Disputed; 2025 lawsuit alleged private messages used for training. LinkedIn denied and case dismissed. “Do not train” setting available but non-retroactive.		 ✓ Yes – “Data for Generative AI Improvement” toggle in settings (added 2024-2025) Unclear – LinkedIn Sales Navigator and Recruiter may have different terms; check enterprise contracts
Notion AI AI writing assistant, Q&A Notion states: Customer content is not used to train AI models. AI features use third-party LLMs (OpenAI) under agreements that prohibit training on Notion user data. N/A – not trained on user data ✓ Yes – all plans (including free) protected by same policy
Zoom AI Companion Meeting summaries, chat compose Zoom states: Customer content (audio, video, chat, files) is not used to train AI models. Uses third-party LLMs with no-training agreements. N/A – not trained on user data ✓ Yes – commercial terms exclude training; admins can disable AI features if desired

Timeline: Recent AI Data Controversies

2024-2025: The Year Platforms Clarified (or Muddled) AI Training Policies

April 2024 – Slack Backlash: Community outcry over perceived Slack AI training on messages. Salesforce clarified that traditional ML uses de-identified data only and does not access message content. Slack AI (generative) uses third-party LLMs, not Slack-trained models on customer data.
Fall 2024 – Anthropic Announces Policy Shift: Anthropic (Claude) announces it will train on consumer chats and coding sessions if users opt in. Previously, default was no training. Retention period extended to up to five years for safety classifiers. Commercial/API customers remain excluded.
Early 2025 – LinkedIn Lawsuit: Proposed class action alleges LinkedIn used Premium users’ private messages to train generative AI models. LinkedIn denies, produces evidence that private messages weren’t used. Case voluntarily dismissed, but highlights user fears about retroactive training and non-retroactive opt-outs.
April 2025 – Slack Formal Clarification: Salesforce publishes updated AI privacy principles. Explicitly states: “Machine learning models… do not access message content” and “no customer data is used to train LLM models.” Third-party LLMs used via retrieval-augmented generation.
May 2025 – Salesforce Blocks Glean and Others: Reuters reports Salesforce updated Slack ToS to block third-party software (like Glean) from indexing/copying/storing Slack messages long-term, citing AI-era data safeguards.
January 2026 – Upwork AI Update: Upwork clarifies that work product and communications data will train AI “exclusively for you” from Jan 5, 2026 onward (prospective only), with double opt-in and AI Preferences controls.

Key Lessons from These Cases

Lesson 1: Non-Retroactive Opt-Outs Are the Norm

Across platforms, when you opt out of AI training, it typically applies only to future data. Content already collected and potentially already used for training stays in the models.

Implications:

  • Configure privacy settings before you share sensitive work, not after
  • Assume that anything shared before opt-out may already be in a training set
  • For truly confidential work, don’t use tools that ever had training enabled—even if you later opted out

Lesson 2: “Private” Doesn’t Mean “Unanalyzed”

LinkedIn’s “private messages” and other platforms’ messaging illustrate that “private” often means “only visible to participants,” but platforms still reserve the right to analyze them for recommendations, AI, or safety.

Takeaway: Don’t rely on labels. Read the data-use sections of privacy policies to understand what “private” actually protects against.

Lesson 3: Enterprise Contracts Are Your Best Defense

Almost every platform that offers enterprise or API tiers excludes training on customer data in those contracts.

Best practice: For any tool that handles confidential work, use the paid/enterprise version with a DPA or BAA, not the free consumer tier.

Consumer vs Enterprise: The Great Training Divide

A clear pattern emerges: most platforms treat consumer/free users as potential training sources, while enterprise customers get contractual protection.

🚨 Consumer / Free Tier

Typical terms:

  • May train on your inputs unless you opt out
  • Opt-outs often non-retroactive (past data already used)
  • Retention periods long (months to years)
  • No contractual guarantee against training
  • Privacy policy can change with notice

Examples: Free ChatGPT, Claude.ai Free/Pro, consumer Gmail, LinkedIn personal accounts

Risk: Company work done on personal/free accounts may already be in training sets

✓ Enterprise / Paid Business Tier

Typical terms:

  • Contractual promise: no training on customer data
  • Data processing agreements (DPAs)
  • Admin controls to disable AI features
  • Compliance certifications (SOC 2, ISO, GDPR)
  • Shorter retention, clearer deletion rights

Examples: Slack (all paid plans), Claude API/Teams, ChatGPT Enterprise, Google Workspace, Microsoft 365

Protection: Strong, but verify contract language and periodically audit

⚠ The “Shadow IT” Problem

Your company pays for Slack Enterprise and Google Workspace (protected). But employees also use:

  • Personal ChatGPT accounts to draft client emails
  • Free Claude.ai to review contracts
  • LinkedIn personal messages to discuss prospects

These personal/free accounts don’t have enterprise protections. Company data is leaking into consumer-tier training sets because employees don’t realize the distinction.

Solution: Educate teams, provide approved enterprise tools, and ban use of consumer AI for business work in your acceptable use policy.

Sample Cross-Platform Policy Matrix

Tool Category Approved Tools (Enterprise Tier) Required Settings / Contract Terms Prohibited for Business Use
Team Chat Slack (paid plans), Microsoft Teams • Slack: “No LLM training” per 2025 policy
• Teams: Copilot disabled or enterprise DPA in place		 Consumer messaging apps (WhatsApp, Telegram for business without enterprise accounts)
AI Assistants ChatGPT Enterprise, Claude API/Teams, Copilot (M365) • DPA excluding training on customer data
• Admin controls to audit usage		 Free ChatGPT, free Claude.ai, consumer Gemini, Perplexity (for client work)
Code Repos GitHub Enterprise, GitLab (paid) • Private repos not used for Copilot training
• Telemetry opt-out configured		 Public repos for proprietary code; free GitHub without Enterprise terms
Docs & Knowledge Google Workspace, Notion (paid), Confluence • Workspace: training excluded per terms
• Notion: “no training” policy verified		 Consumer Google Docs (free Gmail), public Notion pages for sensitive content
Freelance Platforms Upwork (with AI opt-outs configured) • AI Preferences: opt out of work product + communications
• Freelancer confirms same settings		 PeoplePerHour (messages “not confidential”), Freelancer.com (non-personal UGC) for confidential work
Professional Networks LinkedIn (with AI toggle off) • “Data for Generative AI Improvement” disabled
• Confidential client discussions banned in LI messages		 Using LinkedIn messages for strategy, client names, or deal terms

How This Should Shape Your Company’s AI & SaaS Policy

Your Upwork AI policy is just one piece. A comprehensive company policy should address:

Minimum Standards for AI & Data Use Across All Tools

  1. No training on confidential/regulated data. Any tool that handles client information, proprietary methods, PHI, attorney-client communications, or trade secrets must contractually exclude AI training. If it can’t, don’t use it for that work.
  2. Require enterprise plans or DPAs for business use. Ban employees from using consumer/free tiers of AI tools (ChatGPT Free, Claude.ai Free, etc.) for company work. Provide approved enterprise accounts instead.
  3. Ban tools that treat UGC as non-personal. If a platform’s ToS says “content you upload is non-personal information not covered by this privacy policy,” that’s a red flag. Either avoid the tool or strictly limit what you upload.
  4. Add opt-out clauses to vendor contracts. When negotiating with SaaS vendors, add: “Vendor shall not use Customer Data to train artificial intelligence, machine learning, or automated decision-making models, except as necessary to provide the contracted services exclusively to Customer.”
  5. Review policies quarterly. Assign someone (legal ops, privacy team, or IT security) to track AI policy updates for your tool stack. Set calendar reminders.
  6. Educate employees on consumer vs enterprise tier differences. Most teams don’t know that pasting company strategy into free ChatGPT is different from using ChatGPT Enterprise. Make it explicit in onboarding and acceptable-use training.
  7. Maintain a “shadow IT” watch list. Tools employees use without IT approval. Periodically survey teams: “What AI or collaboration tools are you using that aren’t on the approved list?” Then either approve (with proper contracts) or ban.
  8. Build AI-awareness into vendor due diligence. When evaluating new SaaS tools, ask: (a) Do you train AI on customer data? (b) If so, can we opt out? (c) Is the opt-out retroactive? (d) Do you share data with third-party AI vendors? (e) Can you provide a DPA excluding AI training?

Action Items: Building Your Comprehensive AI & SaaS Policy

  1. Inventory your current tool stack. List every SaaS tool teams use for communication, collaboration, AI assistance, and project management.
  2. Classify by data sensitivity. Tag each tool: Does it handle confidential client data? Proprietary code? Regulated information (HIPAA, attorney-client)? Or only public/internal non-sensitive content?
  3. Research current AI policies for each tool. Use the table in this article as a starting point. Visit each vendor’s privacy policy, AI documentation, and enterprise terms.
  4. Map consumer vs enterprise accounts. For every tool, identify: Are we using free/consumer tier or paid/enterprise? If consumer, is there an enterprise option that excludes training?
  5. Upgrade critical tools to enterprise tier. Prioritize tools handling confidential data. Budget for ChatGPT Enterprise, Claude Teams, Slack paid plans, etc.
  6. Configure opt-outs where available. For tools that offer AI training toggles (Upwork, LinkedIn, etc.), set company standard: opt out by default.
  7. Draft vendor contract addendum. Standard language requiring vendors to exclude AI training. Attach to all new SaaS agreements.
  8. Update acceptable use policy. Add section: “Employees may not use consumer/free AI tools (ChatGPT Free, Claude.ai Free, etc.) for company business. Use only approved enterprise accounts listed in [internal wiki].”
  9. Train employees. One-page guide: “Which AI tools can I use for client work? What settings do I need to configure?” Include screenshots.
  10. Schedule quarterly reviews. Every Q, re-check: (a) Have vendor policies changed? (b) Are we still using approved tools correctly? (c) Any shadow IT to address?

Connecting Back to Upwork and Freelance Marketplaces

Your “Upwork policy” should be consistent with your “Slack policy” and your “Claude policy.”

Example inconsistency to avoid:

  • You ban AI training on Upwork (configure AI Preferences to opt out)
  • But your team uses free ChatGPT to draft proposals for Upwork jobs
  • And discusses Upwork projects in personal LinkedIn messages

Result: Data you protected on one platform leaks through others.

Better approach:

  • Upwork: AI Preferences set to opt out of work product and communications training
  • ChatGPT: Enterprise account with no-training DPA, or ban use of ChatGPT for client work entirely
  • LinkedIn: “Data for Generative AI Improvement” toggled off; ban discussion of confidential client details in LinkedIn messages; use encrypted email for business development
  • Slack: Paid plan (protected by “no LLM training” policy); admin controls set to minimize data retention

This creates a consistent data perimeter.

Attorney Services: AI Data Privacy & SaaS Policy Consulting

Most companies discover their AI training exposure after they’ve already used dozens of tools with inadequate protections. By then, confidential data may already be in training sets—and retroactive opt-outs won’t remove it.

I help businesses build comprehensive, enforceable AI and SaaS data policies before exposure occurs—and remediate exposure when it’s already happened.

How I Can Help

Services for Companies:
  • AI & SaaS Policy Audit: I inventory your current tool stack, identify AI training exposure, and map consumer vs enterprise tier usage across your organization
  • Policy Development: I draft company-wide AI acceptable use policies, vendor contract addenda, and employee training materials
  • Vendor Negotiation: I negotiate DPAs and AI opt-out terms with SaaS vendors on your behalf
  • Incident Response: When you discover that confidential data was used for AI training without authorization, I advise on remediation, demand letters to vendors, and potential litigation
  • Ongoing Compliance: Quarterly policy reviews to track vendor AI policy changes and update your internal controls
Services for Individuals & Freelancers:
  • Platform Policy Analysis: I review Upwork, Fiverr, Freelancer.com, and other marketplace AI policies and configure your accounts for maximum privacy protection
  • NDA & Contract Review: I draft or review freelancer agreements with AI training opt-out clauses and intellectual property protections
  • Dispute Resolution: When platforms train on your work despite contractual prohibitions, I send demand letters and pursue remedies

Why Specialized Counsel Matters

AI data training policies are evolving monthly. Generic business attorneys often lack the specific knowledge required:

  • Platform-specific expertise: Understanding how Slack, Claude, Upwork, LinkedIn, and others actually use data—not just what their privacy policies say
  • Technical fluency: Knowing the difference between de-identified ML training, RAG (retrieval-augmented generation), and full model training on customer data
  • Cross-platform policy design: Building policies that protect data consistently across 10-20 different tools
  • Remediation strategies: What to do when data is already compromised and retroactive opt-outs don’t help

Schedule an AI Data Privacy Consultation

Whether you’re building an AI policy from scratch, responding to an exposure incident, or negotiating with vendors, I provide practical, enforceable solutions that protect your data across all platforms.

Send me your current tool stack list, any vendor contracts you have concerns about, and a summary of what types of data you need to protect. I’ll evaluate your exposure and outline a policy and remediation strategy.

Email: owner@terms.law

AI policy audits: $400-$900. Contract drafting: ~$450 (typically 2 hours @ $240/hr). Vendor negotiation: $240/hr. Incident response: hourly or contingency arrangements available.