AI chatbots are great for quick answers. But they often come with privacy trade-offs. You don’t always control your data, what you share may be used to train the large language models (LLMs) that power them, and they will certainly share all your chats with authorities when required. 

Even worse, you can’t always tell if your data is actually deleted after you remove your chat history. ChatGPT, for instance, can take up to 30 days to fully delete your chat history, even after you’ve removed it.

To serve its privacy-conscious users, Proton recently launched an AI assistant, Lumo. The company is known for privacy-first tools like ProtonVPN, Proton Mail, and more.

But Lumo isn’t the first. A few months earlier, US-based DuckDuckGo launched Duck AI, another AI chatbot built with privacy in mind.

I tested both Lumo and Duck AI to see which one better protects your data. Read on for what I found.

How I Tested Lumo and Duck AI

To decide which one is better for myself, I reviewed both AI assistants’ privacy policies, explored their privacy-focused features, and analyzed usability and response quality. I also examined logging behavior, encryption, training data usage, and data-sharing practices.

Lumo offers both free and paid plans, while Duck AI is entirely free. For testing, I purchased the one-month Lumo Plus plan.

Duck AI Privacy Features

Duck AI lets you privately converse with third-party AI chatbots, including:

• OpenAI’s GPT-4o mini
• Meta’s Llama 4 Scout
• Anthropic’s Claude 3.5 Haiku
• Mistral AI’s Mistral Small 3 24B

Its features depend on the LLM you use. For example, only OpenAI’s GPT-4o mini lets you upload images and search the web. And other models allow you to just generate responses.

Built-in moderation also varies. OpenAI’s GPT-4o mini, Anthropic’s Claude 3.5 Haiku come with high moderation. 

Duck AI is free to use, but it has a daily usage limit. However, the company hasn’t disclosed what that limit actually is.

Here is how Duck AI protects your privacy when you interact with either of these bots. 

Private Chat Anonymized by DuckDuckGo

For one thing, you can use Duck AI without creating an account. It also removes all metadata, including personal information (for example, your IP address) from your prompts before they reach the LLM you’re using. 

As a result, what you say to a chatbot can’t be linked to you. 

However, to serve you localized results in its responses, Duck AI uses GEO::IP lookup to guess the city nearest to your location.

When it sends your prompts to an LLM, it removes your IP address and only uses city-level location data. Then, it deletes both your IP address and the guessed location. This feature, which is turned on by default, is known as “Use Approximate Location.”

To test how this function works, I asked the following questions to Duck AI using OpenAI’s GPT-4o mini model:

• Who is the current president of the United States?
• What time is it right now?
• Which is the best movie theater within 500 meters of me?

As you can see in the screenshot below, it gave the correct answer to my first question. For the second question, it revealed the exact name of the city I’m living in these days, which I didn’t expect. 

I believe Duck AI should mention in its privacy policy that it can reveal which city you’re in. I hope they will update it.  

For the question about the best movie theater within 500 meters, Duck AI provided me with the name of the theater within 1.5 km. To be fair, it is the nearest theater to my current location. 

So, I don’t find the claim that Duck AI uses only city-level instructions to offer localized results entirely accurate. I believe it might be using locality-level instructions to deliver localized results, but could these be as accurate as within 500 meters?

Otherwise, how is it possible to tell the exact theater that is nearest to my location? There are other better movie theaters within a 4km range, but it didn’t include any of those in its response. 

Even so, Duck AI’s chat is anonymized. So, LLMs can’t link chats back to your device. And it won’t reveal your IP address, even if you ask for it.

To further test Duck AI, I turned off Use Approximate Location by clicking the gear icon at the bottom right of the left sidebar and then deselecting the option. 

I also disabled the Enable Recent Chats option there.

After disabling “Use Approximate Location” and “Enable Recent Chats”, I asked the following questions:

• Where is the Howrah Bridge?
• Which is the best movie theater within 500 meters of me?

The first question sets the context. The second one tests if the chatbot can respond accurately.

For the first question, it accurately gave me the city name (Kolkata) where the bridge is located. 

For the question ‘best movie theater within 500 meters of me,’ it didn’t provide me with any answer. This is expected since I turned off the “Use Approximate Location.”

When I asked Duck AI if it had any context about me based on the two questions I asked. It replied that it had no context about me, including any personal information or preferences.

However, when I asked, “What’s the best theater within 500 meters of me in Kolkata?” it provided me with options all within a 10 km radius of me, which was surprising.

Kolkata covers an area of over 206 square kilometers. I don’t understand how Duck AI provided these results without using my local IP, especially since I had turned off “Use Approximate Location.”

No Training on Your Conversations

Duck AI itself doesn’t save your conversations on its server, but it lets you save up to 30 recent conversations locally on your device. You can opt out of recent chats at any time in Duck AI settings, or delete recent chats instantly by clicking on the fire button.

Agreements with LLM Providers

Duck AI has also partnered with all LLM providers to protect users’ privacy.

Duck AI states,  

We have agreements in place with all model providers that further limit how they can use data from these anonymous chats, including the requirement that they delete all information received once it is no longer necessary to provide responses (at most within 30 days with limited exceptions for safety and legal compliance).

The agreement seems reasonable, but it relies on model providers to honor it. 

At a time when top AI companies face accusations of training on copyrighted materials, this privacy safeguard could read somewhat hollow.

In a nutshell, Duck AI removes all personal metadata before forwarding your prompts to the AI model you’re using. It doesn’t store chats on its servers. You have the flexibility to delete chats and disable the approximate location feature. Finally, its agreements with LLM providers prevent them from using your data for training AI models.

Next, I’ll explore Lumo and see how it stacks up against Duck AI.

Lumo Privacy Features

Lumo utilizes open-source LLMs that Proton has optimized for privacy and performance. 

It currently employs Nemo, OpenHands 32B, OLMO 2 32B, and Mistral Small 3. 

To offer you private interactions, Lumo runs all these models on its own servers and keeps no logs of your conversation. 

As Lumo’s code is open source, anyone can see and review it to verify its claims. 

Lumo is available on Android, iOS, and as a web app, and you can use Lumo (free version) without creating an account. This means you don’t need to hand over your personal information.

Lumo Plus offers unlimited daily chats, a full chat history with search capabilities, the ability to upload and query multiple large files, and access to advanced AI models. 

However, I didn’t find any option to select advanced models in my Lumo Plus plan. It appears to work in the background without user control. 

In my testing, I didn’t notice any difference between the outputs from the Lumo Free and Lumo Plus versions.

When it comes to privacy, Lumo takes a stricter approach by keeping no logs and ensuring your data never leaves Proton’s secure environment.

Here are Lumo’s privacy features. 

No Logs & Zero-Knowledge Encryption

When you ask Lumo a question, your prompt is protected on route to their servers through TLS encryption. After processing and responding, Lumo erases the data.

If you choose to save your chats, they’re stored in your Proton account using zero-knowledge encryption. This means only your device can decrypt them, and only you can access them.

Additionally, Lumo’s European presence offers better privacy protection than the US jurisdiction, where most leading AI chatbots are based.  

No LLM Training

Lumo runs optimized open-source models on its own servers and doesn’t log conversations, so it can’t use your data to train LLMs.

This feels like a stronger privacy safeguard than Duck AI’s setup, which depends on third-party AI providers to delete your data as promised in contracts.

To test Lumo, I asked the following questions to both Lumo Free and Lumo Plus.  

• Who is the current president of the United States?
• What time is it right now?
• Which is the best movie theater within 500 meters of me?

As you can see in the screenshot below, Lumo didn’t answer my second question about the time.  

It also didn’t answer my third question. Lumo clearly stated that it can’t determine my location. What are the odds it’s hard-coded to say this in response to location questions?

Next, I provided the context of my city and asked, ‘What’s the best movie theater within 500 meters of me in Kolkata?’ Again, it didn’t provide me with an answer. 

I believe Lumo is not using my IP address to provide localized results, but it’s also not providing me with any results when I’m asking such queries. In contrast, Duck AI uses GEO::IP to estimate your location and deliver localized results. Even after I turned off this feature, it still seemed to use some form of locality data. While it’s useful, and Duck AI does anonymize chat interactions, privacy-focused users might still find it off-putting.

When you’re logged in, Lumo encrypts and saves your chats. But in Ghost Mode, your chat disappears forever once you close it.

Which Protects Your Privacy More: Lumo or Duck AI

Both Duck AI and Lumo aim to offer privacy-first AI chat experiences, but they take different routes to achieve this.

Duck AI anonymizes your chats and strips IP addresses before sending them to third-party models. However, it still uses approximate location data to serve localized results, which can reveal more info than some might be comfortable with

Lumo, on the other hand, runs open-source LLMs on its own servers. It doesn’t use your IP address to serve results and saves chats using zero-knowledge encryption. Ghost Mode adds an extra layer of privacy by ensuring nothing is saved.

If privacy is your top concern, all in, Lumo offers stronger safeguards. However, Duck AI provides the flexibility to select from leading AI models, such as those from OpenAI and Anthropic.