Claude KYC vs ChatGPT & Gemini: Privacy Compared
I'm Anna. I write about living with AI — the small moments, the things that make you pause, the ones you're not sure what to make of. I'm not here to tell you which chatbot is best. I'm here because something happened in April 2026 that made me stop and actually read the fine print, and I think you might want to know what I found.
When Anthropic quietly added identity verification to Claude, I did what I usually do: I sat with the question longer than it probably deserved. If you're a Claude user trying to decide whether this changes anything — whether to stay, switch, or just update your expectations — this is what the picture looks like when you compare all three.
One thing first: AI privacy policies change quickly. Some retention details at Anthropic remain partially undisclosed as of this writing. I'll flag where the picture is incomplete, because pretending otherwise isn't honest.
What Each AI Actually Requires in April 2026
Claude: Government ID + Live Selfie via Persona
On April 14, 2026, Anthropic updated a help center page — no announcement email, no blog post — to say that some Claude users would need to complete identity verification before accessing certain features. Two days later, the internet found out through screenshots on X.
The verification is handled by Persona Identities, a San Francisco-based KYC vendor used widely in fintech. What they require: a physical, undamaged passport, driver's license, or national ID card, plus a live selfie. Photocopies, mobile IDs, and student credentials don't qualify.
This isn't a blanket requirement. Anthropic says it applies to "a few use cases" — certain advanced capabilities, routine platform integrity checks, and safety and compliance situations. Some users saw the Persona prompt when signing up for the Max subscription tier. The trigger categories are broad enough that a meaningful portion of the user base could encounter it, but many regular Claude users went through the rollout without seeing the verification modal at all.
The data flow matters here: your ID images and selfie live on Persona's servers, not Anthropic's. Anthropic acts as the data controller. According to Persona's privacy policy, they destroy ID and selfie scan data "within three years of your last interaction with Persona" — subject to customer-specific instructions and legal requirements. So three years is the ceiling, but the actual period depends on what Anthropic has configured. That specific number isn't published anywhere users are likely to find it.
What Anthropic does say: this data won't be used to train models, and Persona is contractually limited to fraud detection and verification uses.
ChatGPT: Login, Age Checks, No Passport
There is no standing ChatGPT ID requirement for standard consumer subscriptions. What OpenAI deployed in January 2026 is a behavioral age prediction system that estimates account-holder age from usage patterns. If a account is flagged as potentially under-18, it is placed in a restricted experience until the user verifies their age through Persona or an equivalent vendor.
In Italy and parts of the EU, age verification is mandatory under emerging digital safety regulations, with a 60-day grace period before feature restrictions apply.
For the vast majority of adult users in most regions: no ID is ever requested. OpenAI doesn't receive your document — only an age result. Persona deletes the ID and selfie within 7 days. This is a more bounded and publicly documented data ask than Claude's current setup.
Gemini: Google Account, No Passport
Google Gemini requires a Google account. That's the gate for consumer access. No passport, no selfie — no KYC in the traditional sense.
This doesn't mean Gemini collects less data. It means the collection works differently. Most Gemini usage happens while signed into Google, which links activity to your broader profile, browsing history, and the full ecosystem. The identity that matters here isn't a separate KYC step; it's the Google account you already have, which may carry years of behavioral and identity signals from other contexts.
For Gemini Advanced and enterprise Workspace users, the data handling is governed by separate terms with stronger protections. For everyday personal use, you're trading a passport scan for a platform that already knows quite a lot about you from other directions.
What They Collect vs. What They Store
Claude / Persona Data Handling
Persona holds ID images and biometric selfie data. Anthropic holds the verification result plus your conversation data.
For conversations: Anthropic shifted to an opt-out training model in August 2025. Users who did not disable training before the September 28 deadline may have had conversations included. Training-eligible conversations are retained for up to 5 years in de-identified form; opted-out conversations are retained in back-end systems for up to 30 days post-deletion before permanent removal.
For identity verification data: no retention period has been disclosed. Per Anthropic's GDPR documentation, EU users retain standard GDPR rights (access, deletion, portability) through the Privacy Center — but consumer accounts do not automatically come with a Data Processing Addendum.
OpenAI's Current Privacy Posture
ChatGPT trains on consumer conversations by default. The opt-out is in Settings → Data Controls, and it's not front-and-center. Even when you opt out or turn off history, OpenAI retains copies for up to 30 days for abuse monitoring. The OpenAI enterprise privacy page makes clear what protections enterprise customers get — which is notably stronger than what free and Plus users receive by default.
One wrinkle worth flagging: a 2026 court order in the New York Times lawsuit requires OpenAI to retain data it would otherwise delete. Sensitive conversations on a free or Plus account may exist outside the standard deletion window for legal compliance reasons.
Google's Current Posture
For consumer Gemini use, conversations are saved to your account when "Gemini Apps Activity" is on — linked to your Google profile. Turn it off and you lose conversation history, but you get a shorter-retention, non-training posture. Google Vertex AI (enterprise access) contractually excludes your data from training foundation models, but that's a different product than what most people using the Gemini app are on.
Where Each Sits on Training Data and Retention
Public Statements vs. What's Actually Disclosed
Any honest AI privacy comparison has to start here: all three providers publicly state they give users control over training data. The statements are real. The mechanics differ significantly.
Claude's opt-out: Settings → Privacy → disable "Improve Claude for everyone." OpenAI's opt-out: Settings → Data Controls. Gemini's opt-out: turn off Gemini Apps Activity — which also removes conversation history.
None make opt-out obvious. All three default toward training until you act. And once data has been incorporated into a trained model, no provider currently offers a mechanism to remove its influence. Opting out stops future use. It doesn't unwind past data.
Retention Periods: Disclosed, Partial, or Absent
ChatGPT is the most specific on verification data retention. Claude is the least. Gemini collects the most ambient data but requires no biometric submission.
Decision Criteria — Which Friction Matters to You
If Privacy Posture Matters Most
Honest answer: the comparative position has shifted. Claude was the "privacy-first" choice before late 2025. It's still more transparent about its policies than the other two, but the opt-in deadline and the new ai chatbot kyc requirement have changed the calculus.
If your primary concern is who holds biometric data, Claude's KYC flow is the new variable. Your government ID goes to Persona. The specific retention period Anthropic has configured with Persona isn't published. That's a real unknown.
If your concern is conversation data and training use, Claude's opted-out posture (30-day retention, no training use) remains competitive — but you need to actively verify your settings. Check: claude.ai → Settings → Privacy → "Improve Claude for everyone." If that toggle is on, you're in the five-year pool.
If Frictionless Access Matters Most
ChatGPT wins here for most users. No passport, no selfie, no proactive KYC prompt unless your account is flagged as potentially underage or you're an API developer. The trade-off: training is on by default and the opt-out is buried.
Gemini is similarly low-friction for consumer access. The Google account requirement doesn't feel like additional friction because it's already there.
If You're in a Region Outside Official Support
This is where Claude's verification hits hardest. One of the trigger categories is users in regions where Claude isn't officially supported. If that's you and you've been using Claude anyway, you may now face a verification prompt — and potentially a block if you can't complete it.
ChatGPT and Gemini have their own regional restrictions, but neither currently gates standard access behind a passport scan for unsupported-region users specifically.
When Claude's KYC Will Trigger for You (and When It Likely Won't)
Based on what Anthropic has disclosed, the claude identity verification prompt is most likely to appear if you're:
- Signing up for or upgrading to the Max subscription tier
- Accessing certain advanced capabilities (the exact feature list isn't published)
- Located in a region outside Anthropic's official support area
- Flagged by routine platform integrity checks — the vague catch-all category
It's least likely to appear if you've been a stable, regular user on a Free or Pro plan, using Claude for everyday tasks from a supported region. Many Claude users went through April 2026 without ever seeing the Persona modal.
That said, this is new infrastructure. The White House published a national AI legislative framework in March 2026. Anthropic may be building this now to stay ahead of what becomes mandatory later — and trigger categories can expand.
FAQ
Does ChatGPT require ID verification in 2026?
Not as a general subscription requirement. The behavioral age prediction handles most adult users without an ID prompt. Verification only triggers when the system flags a possible underage account, or when regional regulations require it (Italy, parts of the EU).
Does Gemini require a selfie?
No. Google's Gemini AI requires only a Google account. The "Gemini KYC" results in search engines refer to the crypto exchange Gemini — a completely separate company with no connection to Google's AI products.
Should I switch AI tools because of Claude's KYC?
Depends what's actually bothering you. If the biometric ask itself is the issue, ChatGPT and Gemini currently don't require it. But if your underlying concern is data privacy more broadly, switching doesn't necessarily improve the situation — all three providers default to training on your data unless you opt out. Check your current settings first, before making any switching decision.
Which AI has the strongest privacy guarantees today?
None offer strong default privacy for consumer accounts. The more meaningful question is which trade-offs you're most comfortable with. For sensitive professional work, all three providers' enterprise or team tiers offer substantially better protections. The tier you're on likely matters more than which company you're with.
I still haven't submitted my passport. Not because I've decided the risk is unacceptable — I genuinely don't know enough about what Persona retains, and for how long. That's the honest answer. The data gap isn't a conspiracy theory. It's just a gap.
That's not an argument for switching. It's just where I'm sitting with it.
Privacy policies at all three providers change frequently. Verify current terms before making decisions based on this article. The claude kyc vs chatgpt comparison above reflects public disclosures as of May 2026.
Previous Posts:
