A Surface-Level Look at LLM Vendor Privacy

Today, I’m taking a quick look at how AI vendors handle your data. We know very little about what happens with the information you submit to various LLMs. Although many promise not to use your data for training, those claims can feel dubious. Instead of relying on marketing language, let’s examine publicly accessible details to get a clearer picture of how these companies treat your data before you share anything personal.

I only explored what’s available without logging in—using a Google login or providing your email would likely expose even more information.

Vendors

Venice AI

https://venice.ai/

• https://cdn.venice.ai: Static files/docs for Venice AI
• https://assets.basehub.com/: Asset hosting for BaseHub
• https://amped.venice.ai/: Venice AI-related service
• https://connect.facebook.net/: Facebook SDK, plugins, and tracking
• https://static.ads-twitter.com/: Twitter (X) ad serving and tracking assets
• https://analytics.tiktok.com/: TikTok tracking and analytics
• https://plausible.io/: Privacy-focused website analytics
• https://us-assets.i.posthog.com/: CDN for PostHog analytics
• https://cdn.spindl.xyz/: Spindl-hosted static assets
• https://www.google.com/: Google homepage and services
• https://googleads.g.doubleclick.net/: Google Ads delivery and tracking
• https://spindl.link/: Spindl link redirection

~ 119 requests and 7.64 MB / 3.70 MB transferred

I could not chat from here, even though the site implied I could; Trying to use the chat, I was redirected to https://venice.ai/chat which greeted me with an error: We experienced an error with Venice.ai.

The error was caused by JShelter; Disabling the JavaScript Shield and Fingerprint detector, made the site to work.

https://venice.ai/chat

• https://clerk.venice.ai/: Authentication via Clerk for Venice AI
• https://ph.venice.ai/: Venice AI analytics via PostHog
• https://pulse.walletconnect.org/: Status and ping service for WalletConnect
• https://api.web3modal.org/: API for connecting Web3 wallets
• https://js.stripe.com/: Stripe JavaScript for payment integration
• https://m.stripe.network/: Stripe networking and fraud prevention services
• https://fonts.googleapis.com/: Google Fonts CSS delivery
• https://fonts.gstatic.com/: Google Fonts font file hosting
• https://outerface.venice.ai/: Venice AI frontend interface module
• https://www.datadoghq-browser-agent.com/: Datadog browser monitoring agent code

~ 149 requests and 21.49 MB / 7.80 MB transferred

On a positive note, you can trial the application without login.

NanoGPT

https://nano-gpt.com/

• https://ik.imagekit.io/: Image CDN and optimization service
• https://video.gumlet.io/: Video delivery via Gumlet CDN
• https://longstories.ai/: Longform content generation via AI

~ 29 requests and 7.73 MB / 7.25 MB transferred

Loads more progressively:

• https://media.licdn.com/: LinkedIn media content delivery (images, videos)
• https://www.redditstatic.com/: Static assets for Reddit (JS, CSS, images)

Again, I could not chat from here and was redirected to https://nano-gpt.com/conversation/new which loaded another huge chunk of assets.

• https://nano-gpt.com/: Website for NanoGPT, a minimal GPT implementation
• https://ik.imagekit.io/: Image CDN and optimization service
• https://video.gumlet.io/: Video delivery via Gumlet CDN
• https://longstories.ai/: Longform AI-generated content and storytelling
• https://i.redd.it/: Reddit-hosted media content (images, GIFs)
• https://media.licdn.com/: LinkedIn media content delivery (images, videos)
• https://www.redditstatic.com/: Static assets for Reddit (JavaScript, CSS, icons, etc.)

~ 527 requests and 68.54 MB / 24.51 MB transferred

There’s one request I found curious: https://nano-gpt.com/landing/static-tracking.js which came back with a script that appears to feed data to Google Tag Manager and others:

const PIXEL_IDS = {
  FACEBOOK: '1225290579344930',
  TWITTER: 'orwzh',
  REDDIT: 'a2_h48k9duwsl2n',
  GTM_CONTAINER: 'GTM-NP5FVPF4'
};

Positive: You can trial the application without login.

OpenRouter

https://openrouter.ai/

• https://clerk.openrouter.ai/: Authentication via Clerk for OpenRouter
• https://t0.gstatic.com: Google static content (images/fonts) delivery
• https://static.cloudflareinsights.com/: Cloudflare browser analytics and performance

~ 124 requests and 8.80 MB / 2.26 MB transferred

It’s not possible to trial the application without login.

Claude.ai

https://claude.ai/

This page send me straight to a Cloudflare captcha.

• https://play.google.com/: Google Play Store services and app distribution
• https://challenges.cloudflare.com/: Cloudflare bot checks and security challenges
• https://a-cdn.claude.ai: Claude (Anthropic) asset delivery via CDN
• https://accounts.google.com/: Google account login and authentication
• https://statsig.anthropic.com/: Experimentation and analytics for Anthropic/Claude
• https://connect.facebook.net/: Facebook SDK, plugins, and user tracking
• https://fonts.gstatic.com/: Hosting for Google Fonts font files
• https://widget.intercom.io/: Intercom web chat and support widget
• https://js.intercomcdn.com/: Intercom frontend script loading
• https://www.gstatic.com/: Google static content delivery
• https://a-api.anthropic.com/: API for Claude (Anthropic’s language model)
• https://s-cdn.anthropic.com/: Secure/static content delivery for Anthropic services

~ 177 requests and 16.63 MB / 6.28 MB transferred

It’s not possible to trial the application without login.

OpenAI

https://openai.com/

• https://static.cloudflareinsights.com/: Cloudflare browser analytics and performance tracking
• https://cdn.openai.com/: Content delivery for OpenAI services and UIs
• https://images.ctfassets.net/: Asset hosting for Contentful-managed content
• https://chatgpt.com/: OpenAI’s ChatGPT web interface
• https://featureassets.org/: General-purpose hosting for feature assets
• https://browser-intake-datadoghq.com/: Data ingestion for Datadog browser performance monitoring
• https://prodregistryv2.org/: Likely a production registry (possibly for app/package updates)

~ 143 requests and 97.24 MB / 89.53 MB transferred

I wasn’t able to actually do anything here, even though the site implied I could. Trying to use the chat, I was redirected to https://chatgpt.com/?openaicom_referred=true&model=auto which greeted me with an error: Your browser is out of date. Update your browser to view this site properly.

Again, JShelter at work; Disabling Shield and Fingerprint detector made the site work, and I was greeted with a Cloudflare captcha.

• https://challenges.cloudflare.com/: Cloudflare bot protection and challenge verification
• https://cdn.oaistatic.com/: CDN for OpenAI static content and assets
• https://browser-intake-datadoghq.com/: Datadog browser data intake for performance monitoring

~ 144 requests and 11.91 MB / 4.16 MB transferred

Positive: You can trial the application without login.

Conclusion

OpenRouter is the least invasive vendor, with minimal third-party tracking and analytics, although it requires login to use. Venice AI is the most invasive, heavily integrating social media trackers, ad platforms, and analytics tools. The others fall in between, varying in their use of external trackers, login requirements, and data handling.

I’ll checkout more platforms in the future, but for now I’ll stick with OpenRouter on the web.

On a personal note: This really doesn’t have to be; One of my own products Formshive comes with many of the same features, including authentication, Stripe payments, analytics and so on; Here’s what this looks like:

• https://formshive.com/ (yes, just one domain)

~ 12 requests and 6.49 MB / 2 MB transferred

Admittably, I still think that’s too much, and I could probably cut it in half.