If your product sends user data to an AI provider, that provider is almost certainly a subprocessor — and "we use third parties to improve our services" no longer satisfies CCPA, GDPR, or the EU AI Act. Worse, when your privacy policy and your terms of service disagree on this, the inconsistency itself is the liability. Answer a few questions and get starter disclosure language for both.
Regulators and enterprise buyers now read the AI section of your privacy policy closely. The four things they look for: that you name the provider rather than hiding behind "third parties," that you say plainly whether inputs train the model, that your policy and terms agree, and — if you have EU users — that you've stated a lawful basis and transfer mechanism. Generic "to improve our services" language is the tell that none of this was thought through, and it's increasingly treated as inadequate disclosure on its own.
The generator above gives you defensible starting language, not a finished policy. Two documents that contradict each other create liability even when each is individually fine, so the real work is making your privacy policy, your terms, your DPA, and your subprocessor list all say the same thing — and that's a review, not a template.