Is your PM tool training AI on your data?
Maybe. The honest answer is that you can’t tell from the marketing page — you have to read the contract. Most PM tools now put a model vendor (often OpenAI) behind an “AI” button, and whether your customer data trains anything depends on that vendor’s terms, the tool’s retention policy, and the opt-out defaults. “We don’t train on your data” is a claim to verify, not assume.

This matters more than it used to because the buyer now does the checking. Gartner found 67% of B2B buyers prefer to buy without a sales rep, and 45% research vendors with generative AI like ChatGPT (Gartner). You are pouring your roadmap, your customer feedback, and sometimes your revenue numbers into these tools. Before that data leaves your building, you’re entitled to know exactly where it goes and whether it feeds a training run.
How to verify it — the checklist
Vendor marketing pages assert; contracts commit. When a page says “we never train on your data,” that sentence is worth exactly as much as the DPA behind it. Here is what to actually check, and where to find it.
| What to check | Where to find it | Green flag / Red flag |
|---|---|---|
| Which model vendor powers the AI | Sub-processor list, docs, or DPA schedule | Green: named vendor + link to its API terms. Red: “AI” with no named provider |
| Training exclusion in writing | DPA, AI addendum, or terms of service | Green: explicit “no training on customer data” clause. Red: only a blog/marketing claim |
| Prompt & output retention | Data-retention policy | Green: stated retention window, deletion on request. Red: silence, or “indefinite” |
| Opt-out defaults | Account/AI settings + DPA | Green: training off by default, opt-in only. Red: opted in by default, buried toggle |
| Data residency | Trust/security page or DPA | Green: EU or US region you can pin. Red: “global infrastructure,” no choice |
| Sub-processor change notice | DPA | Green: advance notice + right to object. Red: “we may change sub-processors at any time” |
| GDPR export & deletion | Trust page or product docs | Green: self-serve full export on your tier. Red: export gated to Enterprise or manual-only |
A few of these deserve emphasis. The model vendor is the one most buyers skip. A PM tool can honestly say it doesn’t train on your data while the model vendor behind its AI button retains your prompts under its own default terms. So trace the chain: name the vendor, then read that vendor’s API terms, not just the PM tool’s page.
The retention window is the sharper question than training, and we’ll come back to why. And opt-out defaults decide what happens before you ever open the settings — if AI features are opted in on day one, the default is the policy for most teams that never touch the toggle.
If a vendor can’t produce a DPA and a sub-processor list on request, you have your answer. Those documents exist for every serious B2B tool. Their absence isn’t a paperwork gap — it’s the finding.
When “trains on your data” isn’t the real risk
Here’s the part the fear-mongering posts leave out: not all model use is training, and the training bogeyman is often the wrong thing to fixate on.
Enterprise and API agreements with the major model vendors already contractually exclude training on submitted data. When a PM tool calls OpenAI’s or Anthropic’s API under a business agreement, that data is, by contract, not used to train the foundation model. So the blanket fear — “my feedback is becoming GPT’s next training set” — is frequently already handled at the contract layer, and a vendor pointing you to that clause is giving you a real answer, not a dodge.
The questions that actually carry risk are quieter:
- Retention. Not “do you train on it,” but “how long do you keep it, where, and who can read it while you do?” A 30-day retention buffer for abuse monitoring is a different exposure than indefinite storage.
- Sub-processors. Every vendor the tool hands your data to is a link in the chain, and each one has its own terms and its own breach surface. The list should be published and change with notice.
- Residency. For EU teams under GDPR, where the processing happens can matter as much as whether it trains. Data crossing regions is its own compliance question.
Frame your due diligence around retention, sub-processors, and residency and you’ll learn more than any “do you train on my data — yes/no” ever tells you. Atlassian’s own move is instructive on how fast this layer is shifting: it bundled Rovo, its AI assistant, straight into paid tiers (our teardown), which changes who’s touching your data by default. The full pillar breakdown walks the specifics.
Where AIOProductOS stands
We’ll state our posture plainly, and only what we can back.
No AI training on customer data. Your data isn’t used to train models — ours or a vendor’s. Where the AIOInsights copilot answers a question, it answers with citations back to your own records. And a large class of questions — revenue, demand, work status — computes deterministically against your data with no model call at all, which means no prompt leaves for a model to see in the first place. That path is checked by a 200-case eval in CI.
BYOK envelope encryption. Each org gets its own key, AES-256-GCM, so your data is encrypted under a key scoped to you.
Residency enforced at ingest. You pick EU or US, and that choice is enforced where data enters the system — not offered as a best-effort preference. Every plan includes it; most competitors gate residency to Enterprise.
Roles enforced in the database. Row-level security means permissions live in the data layer, not just the UI. A misconfigured screen can’t hand someone data their role doesn’t allow.
Full-org GDPR export on every tier. Not an Enterprise upsell. You can take your whole org’s data out, on any plan.
Now the honest limit, because a trust piece that overclaims is worse than useless. Our compliance posture is readiness, not certification: 159 controls mapped across 18 frameworks including SOC 2, ISO 27001, GDPR, and HIPAA — but readiness is self-assessed until an external audit completes. We don’t claim a certification we don’t yet hold. Enterprise plans add a signed DPA/BAA and region pinning. If certification is a hard gate for your procurement today, that’s a fair reason to wait for the audit — and we’d rather you know that now than discover it in a security review.
Run the same checklist against us that you’d run against anyone. The Trust page lays out the residency, RLS, and export specifics, and the MCP docs show exactly what the spine exposes to any AI agent you connect. That’s the point of publishing all of it: you shouldn’t have to take our word for it any more than anyone else’s.
The tool that earns your data is the one that can show you where it goes. Start with the full comparison of how AI-data posture differs across PM tools.