The nuance of this is fairly complicated, but important.
Claude
Claude Pro uses AES-256 encryption at rest and TLS 1.2+ in transit, and holds SOC 2 Type II and ISO 27001:2022 certifications. Conversations are not used for AI training by default — you must explicitly opt in. However, the key limitation is that consumer accounts (Free, Pro, and Max) are not HIPAA compliant. There are also no enterprise-grade admin controls, audit logs, or data governance tools at the Pro tier.