Here is our independent evaluation of Gemini 2.5 Flash by Google, at the heart of the Web3 revolution and the quest for a sovereign and privacy-respecting AI. Based on an exclusive framework and a rigorous audit of publicly available data, this analysis reflects our vision of a future where privacy is a fundamental right.
The scoring system is based on a comprehensive guide created specifically for this project, accessible here. This ranking is dynamic, evolving with innovations and feedback from the decentralized community.
Our mission: to enlighten and inform, without filter or influence, to build together a fairer and more transparent AI ecosystem.
update : 25/08/09
Model
Gemini 2.5 Flash / 2.5 Pro / AI Pro
Data Collection
Prompts stored: User prompts and interactions are stored by default if the user is 18 or older, with retention configurable (default 18 months, options for 3 or 36 months). If activity is disabled, data is kept up to 72 hours. Conversations reviewed by humans are retained up to 3 years. Data is dissociated from the account before human review. C
Use for training: Use for training: User prompts are used for model improvement and training, including with human reviewers, but anonymization measures are applied, and users can opt out of most data use by disabling activity (though comments may still be used). This offers above-average control compared to similar models. B
Account required: A Google account is required to use Gemini apps, and standard personal data is collected. No anonymous or accountless use described. C
Data retention duration: Data retention defaults to 18 months (user-configurable to 3 or 36 months). If activity is off, data is kept for 72 hours; reviewed conversations are kept up to 3 years. C
User Control
Deletion possible: Deletion possible: Users can delete past conversations from their account, offering significant control, though data reviewed by humans is retained up to 3 years and not deleted when clearing activity. This is above average but not fully comprehensive. B
Export possible: Export possible: Users can export their data upon request, likely via Google Takeout, but details on formats (e.g., JSON, CSV) and completeness are not specified in the privacy guide. B
Granularity control: Users can configure the retention period (3, 18, 36 months) and enable/disable specific activity collection, but not fine-grained controls for all data types. B
Explicit user consent: Consent is obtained for certain features (e.g., Voice Match), and users are informed about data use, but some consents are implicit or tied to general Google account terms. B
Transparency
Clear policy: A detailed and regularly updated privacy policy is available, with explicit explanations for most data processing. A
Change notification: The policy states that users will be clearly notified if data use for ads changes, but does not specify proactive, advance notifications for all changes. B
Model documentation: Limited information on model usage and legal bases is provided, with no public technical documentation on architecture, data, or security, which is below industry standards for transparency. D
Privacy by Design
Encryption (core & advanced): Standard encryption in transit and at rest is implemented, meeting industry expectations, though advanced encryption or public audits/certifications are not mentioned. B
Privacy-Enhancing Technologies: Some anonymization and dissociation measures are described, but there is no mention of advanced privacy tech like differential privacy (e.g., as used by Apple) or federated learning. C
Auditability & Certification: No mention of third-party audits or certifications in the provided text. D
Transparency & Technical Documentation: Privacy policy is detailed, but technical documentation is not described. C
User-Configurable Privacy Features: Some user controls for privacy (activity on/off, retention, deletion, audio opt-in), but not deeply configurable features (e.g., encryption levels, anonymization settings). C
Hosting & Sovereignty
Sovereignty: Data is hosted in Ireland (EU) for EEA and Switzerland, and in the USA elsewhere; no self-hosting or local deployment option mentioned. C
Legal jurisdiction: EU users are protected under EU law; other users are under US law. B
Local option: No local or self-hosted option; Gemini is only available as a cloud service. D
Big Tech dependency: Fully dependent on Google Cloud and infrastructure, with no alternatives. D
Open Source
Publicly available model: Gemini is fully proprietary; model and training data are not publicly available. D
Clear open source license: No open source license; the system is proprietary. D
Inference code available: No access to inference code; only API or web interfaces are offered. D
Remarks
Privacy and Data Review: Overall Score
38/100
- Data Collection: 5 + 15 + 5 + 5 = 30
- User Control: 15 + 15 + 15 + 15 = 60
- Transparency: 20 + 15 + 0 = 35
- Privacy by Design: 15 + 5 + 0 + 5 + 5 = 30
- Hosting & Sovereignty: 5 + 15 + 0 + 0 = 20
- Open Source: 0 + 0 + 0 = 0
Total: 30 + 60 + 35 + 30 + 20 + 0 = 175
23 × 20 = 460
175 / 460 × 100 = 38
This evaluation is provided for informational purposes only and reflects a subjective analysis based on publicly available data at the time of publication. We do not guarantee absolute accuracy and disclaim all liability for errors or misinterpretations. Any disputes must be submitted in writing to futurofintenet@proton.me
For full methodology, see our complete scoring guide here: LLM Privacy Rating Guide
