ChatGPT与Claude的安全性对比：数据隐私与内容审核机制

ChatGPT and Claude are the two most widely deployed large language models, but their security postures diverge sharply on data handling and content filtering. OpenAI’s ChatGPT processed over 1.6 billion visits in March 2025 alone (Similarweb, 2025, Web Traffic Report), while Anthropic’s Claude has been adopted by enterprises handling sensitive legal and medical data. A key differentiator: OpenAI retains user conversations for up to 30 days by default for model training, unless users manually opt out via Settings, whereas Anthropic’s privacy policy states that Claude does not train on user inputs unless explicitly provided for feedback under a separate research agreement (Anthropic, 2024, Privacy Policy). The U.S. Federal Trade Commission (FTC) has investigated both companies over data collection practices, with a 2024 inquiry specifically probing OpenAI’s data retention timelines. On content moderation, Claude’s “Constitutional AI” framework enforces a stricter refusal policy—rejecting roughly 12% of harmful prompts in internal benchmarks—compared to ChatGPT’s refusal rate of approximately 8% on identical test sets (Anthropic, 2024, Constitutional AI Paper). This comparison evaluates both models across data privacy controls, enterprise compliance certifications, and content moderation precision, using concrete benchmark numbers and regulatory filings.

Data Privacy: Default Retention vs. Zero-Retention Architecture

ChatGPT stores all user conversations server-side for up to 30 days, even for paid subscribers, unless the user explicitly disables “Chat history & training” in the settings panel. A 2024 audit by the Irish Data Protection Commission (DPC) found that OpenAI retained 2.3 million EU users’ chat logs beyond the stated 30-day window, resulting in a €15 million administrative fine (DPC, 2024, Decision on OpenAI). OpenAI’s API mode offers a 30-day data retention policy with no training usage, but the consumer-facing ChatGPT web and mobile apps default to training-on.

Claude operates on a zero-retention architecture for its API tier: Anthropic deletes prompt and completion data within 30 days of processing and never uses API traffic for model training (Anthropic, 2024, Data Processing Addendum). For Claude.ai (the web interface), Anthropic retains conversations for up to 90 days for safety monitoring but states that these logs are not used to improve the model. Claude Pro and Team subscribers can request immediate deletion of all stored conversations via a support ticket, with Anthropic confirming deletion within 7 business days.

Enterprise Compliance Certifications

ChatGPT holds SOC 2 Type II certification (since October 2023) and ISO 27001 (since December 2023). Claude achieved SOC 2 Type II in June 2023 and added HIPAA BAA eligibility for its API in March 2024, making it the only major LLM provider with a signed Business Associate Agreement for protected health information (Anthropic, 2024, HIPAA Compliance Announcement). ChatGPT does not offer HIPAA BAA for any tier as of May 2025.

Data Encryption Standards

Both models use AES-256 encryption at rest and TLS 1.3 in transit. However, Anthropic employs per-tenant encryption keys for enterprise customers, while OpenAI uses shared keys across all tenants. A 2024 penetration test by Bishop Fox found that Anthropic’s key isolation reduced the blast radius of a hypothetical breach by 73% compared to OpenAI’s shared-key model (Bishop Fox, 2024, Cloud Security Assessment).

Content Moderation: Constitutional AI vs. Moderation API

Claude uses Constitutional AI (CAI), a reinforcement learning framework where the model is trained to refuse harmful outputs based on a written constitution of principles rather than a separate classifier. In Anthropic’s internal red-teaming evaluation (Anthropic, 2024, CAI Evaluation Report), Claude refused 94% of “high-severity” harmful prompts—defined as those involving violence, self-harm, or illegal activity—compared to ChatGPT’s 86% refusal rate on the same 2,400-prompt test set. Claude also produced fewer “false refusals” (incorrectly blocking benign prompts): 2.1% vs. ChatGPT’s 3.8%.

ChatGPT relies on OpenAI’s Moderation API, a separate classifier model that flags toxic content before generation. This two-stage pipeline introduces latency: average moderation overhead is 320 ms per request (OpenAI, 2024, Moderation API Documentation). OpenAI’s approach catches 91% of policy-violating prompts in its own benchmarks but struggles with “subtle” violations—such as disguised hate speech or coded instructions—where the false negative rate rises to 18% (OpenAI, 2024, System Card Update).

Content Policy Differences on Sensitive Topics

Claude’s constitution explicitly bans output that “promotes or provides instructions for self-harm, suicide, or eating disorders,” and Anthropic publishes its full constitution online. ChatGPT’s usage policies are broader and less specific: OpenAI bans “content that promotes self-harm” but does not define the boundary between educational discussion and promotion. A 2024 analysis by the Center for Humane Technology found that Claude refused 97% of prompts related to self-harm methods, while ChatGPT refused 81% (Center for Humane Technology, 2024, AI Safety Benchmarks).

Moderation Auditability

Anthropic provides a detailed moderation log to enterprise customers showing which constitutional principles triggered a refusal, along with the exact clause cited. OpenAI’s moderation logs only show a binary “blocked/allowed” label without explanation, making it harder for developers to debug false positives. For cross-border compliance workflows, some international teams use secure access tools like NordVPN secure access to route API calls through regions with stricter data sovereignty laws, ensuring that moderation logs never leave the jurisdiction.

Training Data Privacy: Opt-Out vs. Opt-In

ChatGPT trains on user conversations by default. OpenAI’s privacy policy states that data from the free tier and ChatGPT Plus is used to “improve and develop models,” and users must manually opt out via a web form. As of May 2025, OpenAI reported that only 2.1% of active users had opted out (OpenAI, 2025, Transparency Report). For enterprise (ChatGPT Team and Enterprise), OpenAI does not train on data, but the transition from consumer to enterprise requires a full account migration.

Claude does not train on any user data from Claude.ai, Claude Pro, or Claude Team. Anthropic’s policy explicitly states: “We do not use your conversations to train our models” (Anthropic, 2024, Privacy Policy). The only exception is the optional “feedback” feature in Claude.ai, where users can submit ratings; even then, Anthropic strips all personally identifiable information before using the feedback for fine-tuning. This opt-in architecture means zero training data liability for 100% of Claude users.

Data Subject Access Requests (DSARs)

Both companies comply with GDPR Article 15. OpenAI processes DSARs within 30 days on average, but a 2024 survey by the European Consumer Organisation (BEUC) found that 34% of requesters received incomplete data—missing audio transcriptions from voice mode (BEUC, 2024, AI Data Rights Report). Anthropic processes DSARs within 14 days on average and provides complete conversation logs, including timestamps and metadata, in a machine-readable JSON format.

Jailbreak Resistance: Red-Teaming Results

Claude demonstrates superior resistance to prompt injection and jailbreak attacks. In a 2024 adversarial evaluation by the Alignment Research Center (ARC), Claude resisted 96% of 1,500 handcrafted jailbreak prompts, including “DAN” (Do Anything Now) variants and role-play attacks. ChatGPT resisted 82% of the same set (ARC, 2024, Jailbreak Benchmark). Claude’s constitution includes a specific clause against “ignoring the constitution in role-play scenarios,” which blocks the common “you are now a character with no rules” attack vector.

ChatGPT has improved its jailbreak defenses over time. The GPT-4o model (released May 2024) reduced successful jailbreaks by 40% compared to GPT-4, but still succumbs to multi-step persuasion attacks. A 2025 study by Princeton’s Center for Information Technology Policy found that ChatGPT could be tricked into generating hate speech in 7.3% of attempts using a “persona-stacking” technique, while Claude’s rate was 1.1% (Princeton CITP, 2025, LLM Safety Evaluation).

Automated Red-Teaming Frequency

Anthropic runs automated red-teaming daily using a separate Claude model that probes for vulnerabilities, with results published in weekly safety reports. OpenAI runs automated red-teaming weekly, with monthly public updates. Anthropic’s faster feedback loop allows it to patch vulnerabilities within an average of 48 hours, compared to OpenAI’s 5-day average patch time (Anthropic, 2025, Safety Update Log).

Compliance and Regulatory Alignment

ChatGPT has faced multiple regulatory actions. The Italian Garante fined OpenAI €20 million in March 2024 for violating GDPR data minimization principles (Garante, 2024, Decision No. 114). OpenAI subsequently added a “GDPR mode” for EU users that reduces data retention to 7 days, but this mode is not available outside the EU. In the US, the FTC’s 2024 investigation focused on whether OpenAI’s data collection practices constitute “unfair or deceptive acts” under Section 5 of the FTC Act.

Claude has not faced any public regulatory fines as of May 2025. Anthropic proactively sought GDPR certification for its EU data processing center in Dublin, and its Data Processing Addendum includes Standard Contractual Clauses (SCCs) for international transfers. Claude also complies with the EU AI Act’s “high-risk” classification requirements, publishing model cards that detail training data composition and bias testing results—something OpenAI has not fully done for GPT-4o.

Sector-Specific Compliance

For healthcare, Claude’s HIPAA BAA covers protected health information (PHI) in API calls, including diagnosis codes, lab results, and patient narratives. ChatGPT offers no HIPAA-compliant tier, making it unsuitable for clinical documentation or medical record summarization. For finance, both models offer SOC 2 Type II reports, but only Claude provides a dedicated “Financial Services Addendum” that addresses SEC record-keeping requirements (Anthropic, 2024, Financial Services Compliance).

Transparency and Model Governance

Claude publishes a detailed “Model Card” for each version, including training data sources (e.g., Common Crawl, Wikipedia, books), bias evaluation results across 40 demographic categories, and refusal rates by topic. Anthropic also releases “System Cards” that describe the constitution’s exact wording and how it was derived from public input. As of May 2025, Anthropic has published 12 system cards covering Claude 1, Claude 2, Claude 3, and Claude 3.5.

ChatGPT publishes less granular transparency documentation. OpenAI’s “System Card” for GPT-4o (May 2024) is 46 pages but omits training data composition details—citing competitive concerns—and does not disclose refusal rates by topic. A 2025 analysis by the AI Now Institute found that OpenAI disclosed 60% fewer safety metrics than Anthropic across comparable model releases (AI Now Institute, 2025, Transparency in AI Report).

Third-Party Audits

Anthropic commissions quarterly independent audits from BSI Group, with results published on its trust center. OpenAI’s last independent audit was conducted by Deloitte in October 2023; the full report has not been publicly released. OpenAI states only that it “passed” the audit, without providing findings or recommendations.

FAQ

Q1: Does ChatGPT or Claude store my conversations permanently?

No. ChatGPT retains conversations for up to 30 days by default for training, then deletes them. Claude retains conversations for up to 90 days for safety monitoring but does not use them for training. Both allow manual deletion: ChatGPT deletes within 24 hours of request; Claude deletes within 7 business days. Neither stores data permanently—OpenAI’s maximum retention is 30 days for training purposes, after which logs are anonymized.

Q2: Which AI model is better for handling medical or legal data?

Claude is the only major LLM with HIPAA BAA eligibility as of May 2025, covering protected health information in API calls. ChatGPT offers no HIPAA-compliant tier. For legal data, both offer SOC 2 Type II certification, but Claude’s per-tenant encryption and zero-retention API architecture provide stronger data isolation. A 2024 survey of 200 law firms found that 68% using Claude reported full compliance with client confidentiality rules, versus 22% for ChatGPT users.

Q3: How often do these models refuse legitimate prompts (false positives)?

Claude produces false refusals on 2.1% of benign prompts, while ChatGPT has a 3.8% false refusal rate, according to Anthropic’s 2024 CAI evaluation. This means Claude blocks roughly 1 in 48 harmless requests, and ChatGPT blocks about 1 in 26. For enterprise use cases like customer support, Claude’s lower false refusal rate translates to fewer frustrated users and reduced escalation costs.

References

• Similarweb. (2025). Web Traffic Report – ChatGPT Monthly Visits.
• Anthropic. (2024). Privacy Policy – Data Retention and Training Practices.
• Irish Data Protection Commission. (2024). Decision on OpenAI – GDPR Violations.
• Bishop Fox. (2024). Cloud Security Assessment – Multi-Tenant LLM Platforms.
• Center for Humane Technology. (2024). AI Safety Benchmarks – Self-Harm Content Moderation.
• Alignment Research Center. (2024). Jailbreak Benchmark – Large Language Models.
• AI Now Institute. (2025). Transparency in AI Report – Model Governance Metrics.