Privacy 101: what ChatGPT remembers, sees, and shares
An honest look at what AI assistants actually do with your data — what is stored, what is used for training, what the privacy settings really mean, and the three changes worth making today.
Outcome: Decide what work data is safe to share with AI tools and what requires stricter controls.
Most discussion about AI privacy is either alarmist ("they're recording everything you say!") or dismissive ("just don't paste in anything important"). Neither is useful. This article is the calm middle: what these systems actually do with your data, what the privacy settings really mean, and the three changes worth making today.
We will focus on ChatGPT specifically, because it is the most used. The patterns apply almost identically to Claude, Gemini, and Copilot.
What gets stored
When you use ChatGPT (or any major AI assistant), the following are saved by default:
- The text of every message you send and every response.
- Any files you upload (PDFs, images, spreadsheets, etc.).
- Voice recordings if you use voice mode.
- Some technical metadata — IP address, device, time, model used.
- Anything you tell ChatGPT to remember about you, if memory is on.
This is not unique to AI. Almost every cloud service stores your interactions in some form. The question is what happens with that storage.
Treat storage, training, memory, and chat history as four separate questions. Turning off training does not mean the text was never stored. Turning off memory does not delete old chats.
What gets used for training
Here is the part most people get wrong. Whether your conversations are used to train future AI models depends on the tier you are on and the settings you have chosen.
Free and Plus tiers (default): Your conversations may be used to improve future models unless you opt out. Specifically, OpenAI may have human reviewers look at a sample of conversations to evaluate model quality, and aggregated data may inform future training.
Free and Plus tiers (opt-out): You can turn this off in Settings → Data Controls → "Improve the model for everyone." With this off, your conversations are not used to train models. They are still stored (so you can find them in chat history) but they are not pumped back into training.
ChatGPT Team and Enterprise: Conversations are not used for training, full stop. This is a contractual guarantee, not a setting. If your employer pays for Team or Enterprise, your work conversations are private to your organisation.
API usage: Same as Enterprise — API traffic is not used for training by default.
The same rough pattern applies to Claude (Anthropic) and Gemini (Google), with slight differences in defaults. Always check the specific provider's data policy.
What memory does
Memory is a separate feature from training. When memory is on, ChatGPT remembers certain facts about you across conversations — your name, your job, your preferences, anything you have told it to remember. It uses these facts to personalise replies without you having to re-explain yourself.
You can:
- Turn memory on or off (Settings → Personalisation → Memory).
- See exactly what it has remembered ("Manage memory").
- Delete specific memories or clear them all.
- Tell it to remember or forget specific things in any conversation ("Remember that I work at a bank in Estonia.")
Memory is convenient. It is also the easiest way to leak personal information into an AI's storage. If you tell ChatGPT something private to make it personalise its response, that fact now lives in your memory bank until you delete it. If you share your account with someone, they can see your memories. If you switch accounts, your memories do not transfer.
For work, the safest default is narrower: do not store customer names, confidential project names, internal financials, or private employee details in memory. Put reusable preferences in custom instructions; put sensitive context into the specific approved work conversation where it is needed.
What "chat history" does
Chat history is exactly what it sounds like — every conversation you have had is saved in the sidebar and searchable. This is separate from training and memory. It is useful: you can come back to a draft from three weeks ago and continue it. It is also a data trail. If someone gets into your account, they can read every conversation you have ever had.
You can:
- Delete individual conversations from the sidebar.
- Turn off chat history entirely (Settings → Data Controls). With this off, conversations are not saved and do not appear in the sidebar — they vanish when you close the window. Useful for sensitive one-off questions.
- Export all your data (Settings → Data Controls → Export) — a downloadable archive of everything.
The three settings worth changing today
You do not need to read OpenAI's full privacy policy. The three changes that materially improve your privacy posture, in order of impact:
1. Turn off "improve the model for everyone." Settings → Data Controls. This stops your conversations from being used to train future models. Costs nothing. Recommended for anyone who occasionally pastes in work content, personal questions, or anything they would not want a stranger to read.
2. Decide whether you want memory on or off. Settings → Personalisation → Memory. If you use ChatGPT casually and like the personalisation, leave it on but periodically review what it has remembered. If you are privacy-cautious or use the same account across personal and professional contexts, turn it off — you can always tell the model the relevant facts in a single prompt.
3. Periodically prune chat history. Open the sidebar and delete conversations you no longer need, especially anything sensitive. Or, for really sensitive one-off conversations, use Temporary Chat (the eye-with-line-through icon near the model selector), which is not saved and not used for training.
That is the whole privacy setup, for personal use. Two minutes total.
Personal account vs work account
The main mistake is mixing the two. A personal account can be fine for learning, public information, personal drafting, and harmless examples. A work-approved account is required when the content belongs to your employer, customers, employees, partners, or a regulated process.
| Data type | Personal account | Work-approved account | | --- | --- | --- | | Public blog post, public website text | Usually fine | Fine | | Your private journal, medical notes, family details | Avoid unless temporary and necessary | Usually not a work use case | | Customer names, emails, support history | No | Only if approved for that data | | Source code, contracts, financials, strategy docs | No | Only if approved by company policy | | Anonymized example data | Usually fine | Fine |
The companion checklist linked from this article turns this into a 30-second decision flow.
What still falls through the cracks
Even with all three settings configured, there are categories of risk you cannot fully eliminate from a consumer account:
Subpoenas and legal requests. Like any cloud service, AI providers can be compelled to hand over user data under court orders. This is rare for individual users but real.
Internal access. Some authorized provider employees can access user data for support or safety workflows. Major providers have access controls and auditing, but the right answer is "some people, sometimes, with logging," not "nobody, ever."
Future policy changes. What is stored, retained, or used for training can change. Read the email when a provider updates its policy.
Account compromise. If someone gets into your account, they can read every conversation, see your memories, and impersonate you to the AI. Use a strong, unique password and two-factor authentication.
For work data — customer information, source code, financial details, medical records, anything covered by GDPR or your employer's policy — none of the consumer-tier settings are sufficient guarantees. Use the enterprise tier your company has approved, or do not paste it in. The temptation of a quick ChatGPT favour is not worth a data breach.
A simple mental model
A useful way to think about each thing you paste into AI:
"Would I be embarrassed (or in trouble) if this exact text appeared in a leaked database next year?"
If the answer is yes — it is private, identifying, confidential, or sensitive — pause. Either redact it before pasting (replace names with placeholders, replace specific numbers with rough ones), or use a tier with stronger data-handling guarantees, or just do not include it.
This is not a counsel of paranoia. The base rate of consumer-AI privacy incidents is low. But the cost of the question is approximately zero, and the categories of content where the question matters are obvious.
A specific note for European users
If you are in the EU, GDPR applies to your data when AI providers handle it. You have the right to request what data is held about you, ask for it to be deleted, and (in some cases) restrict its processing. OpenAI, Anthropic, and Google have GDPR-compliance pages with the relevant request forms. The main practical implication: if you ever want your account fully wiped, you can request it — and they have to comply.
The takeaway
AI privacy is not "they are spying on you," and it is not "it is fine, do not worry." It is: you control three meaningful settings (training, memory, history), you have one mental model (would I mind if this leaked), and you have one rule for work data (use the enterprise tier or do not paste it).
Take five minutes today and make those three changes. Then go back to using AI well, knowing you have done the basic hygiene.