What Happens to Your ChatGPT Conversations? A Data Privacy Deep Dive

By default, OpenAI stores your ChatGPT conversations indefinitely and may use them to train future models. Your data can be reviewed by employees, shared with third-party vendors, and retained for up to 30 days even after you delete a chat. Opting out of training is possible but doesn’t stop storage.

Every time you open ChatGPT and start typing, you’re not writing in a private journal. You’re writing on a server. Understanding exactly what happens to those words — who sees them, how long they’re kept, and what they’re used for — is no longer optional information. It’s a basic requirement for using AI responsibly.

This post breaks down OpenAI’s actual data practices, distinguishes what the settings do and don’t control, and explains the structural difference between cloud AI and tools built from the ground up to keep data on your device. For a broader look at AI privacy across providers, read our AI Privacy Guide.

What OpenAI’s Privacy Policy Actually Says

OpenAI’s privacy policy is public and worth reading directly. The key facts, summarized without legalese:

Storage is the default. When you use ChatGPT, your conversations are sent to and stored on OpenAI’s servers. This applies to the free tier, ChatGPT Plus, and the API unless you’ve taken explicit steps to configure otherwise.

Training use is opt-out, not opt-in. OpenAI uses conversation data to train and improve its models. You can disable this in Settings > Data Controls > Improve the model for everyone. But this setting only affects training — it doesn’t delete your data or prevent storage.

Deletion isn’t immediate. If you delete a conversation, OpenAI retains it for up to 30 days for abuse prevention and safety monitoring before permanent deletion. Backups may persist for additional time.

Employees can review conversations. OpenAI’s policy explicitly states that staff may review conversations for safety purposes, policy enforcement, and to improve the system. This is not a security breach — it’s written policy.

According to OpenAI’s own transparency reporting, the company received over 3,000 law enforcement requests in 2023 alone. Data that lives on a server is data that can be compelled.

The Settings That Sound Protective But Aren’t

ChatGPT has added privacy controls over time, largely in response to regulatory pressure. It’s worth being precise about what each setting actually does.

“Improve the model for everyone” (off): Prevents your conversations from being used in training datasets. Does not delete your data. Does not prevent storage. Does not prevent employee review.

Temporary Chat: Conversations are not saved to your history and are not used for training. However, they are still processed on OpenAI’s servers in real time. If you close the window, OpenAI says it won’t retain the conversation — but this relies on a policy promise, not a technical architecture.

Chat History off: Stops conversations from appearing in your sidebar history. Same as Temporary Chat from a data perspective — the conversation still transits OpenAI’s infrastructure.

Data export: You can download all your stored conversations. This is a GDPR-derived feature. It confirms, incidentally, exactly how much data has been stored.

A 2023 study by researchers at the University of California found that users consistently overestimate how much privacy controls actually protect them in cloud-based AI systems. The gap between what settings appear to do and what they technically do is significant.

Third Parties, Vendors, and Disclosure

Your data doesn’t stay only with OpenAI. The privacy policy allows sharing with:

• Service providers: Infrastructure vendors (Microsoft Azure hosts much of ChatGPT’s backend), analytics providers, and business operations vendors — all under data processing agreements.
• Business transfers: In a merger, acquisition, or sale, your data is a transferable asset.
• Legal compliance: Law enforcement requests, court orders, and government agencies in applicable jurisdictions.
• Safety purposes: Disclosures OpenAI deems necessary to prevent harm.

The Microsoft connection is particularly worth noting. Microsoft’s $13 billion investment in OpenAI comes with deep infrastructure integration. When you use ChatGPT, your data moves through Azure’s systems. Microsoft has its own privacy policies governing that infrastructure layer.

This isn’t presented to alarm — it’s the standard architecture of any major cloud service. But it’s worth knowing that “talking to ChatGPT” involves more than two parties.

Enterprise and API: A Different Picture

ChatGPT Enterprise and the OpenAI API have meaningfully different data terms:

• API data is not used for training by default (as of March 2023).
• Enterprise offers zero data retention options, SSO, and audit logs.
• Team tier offers opt-out of training but still stores conversations.

If your organization uses ChatGPT Enterprise with zero data retention configured, the data practices are substantially better than the consumer product. But this requires an enterprise contract, active configuration, and ongoing compliance verification. Most individual users aren’t operating under these terms.

The Structural Alternative

The reason Cloaked takes a different approach isn’t primarily about policy. It’s about architecture.

When you run a conversation in Cloaked, the language model runs directly on your iPhone using Apple’s MLX framework. Your text goes from your keyboard to a model running on your own hardware and never leaves. There are no servers receiving your conversations, no databases storing them, no employees who could review them, and no third-party vendors processing them.

We can’t read your conversations — not because of a policy that could change, but because there’s nowhere for them to go.

This structural difference means that the entire category of risk described above — storage, training use, employee review, legal disclosure, third-party sharing — doesn’t apply. Not because of a favorable privacy policy, but because the data never leaves your device.

Cloaked supports 15+ open-source models from Meta, Google, Microsoft, Alibaba, and others, all running locally. No accounts required. No internet connection needed after download. For conversations that genuinely need to stay private, why your AI conversations are more sensitive than you might expect is worth reading before choosing your tool.

Choosing Based on What You Actually Need

Cloud AI tools like ChatGPT offer real advantages: larger models, web browsing, integrations, and multi-device sync. For many tasks — brainstorming marketing copy, debugging a code snippet, researching a topic — the privacy tradeoffs are acceptable.

But for conversations involving health concerns, legal matters, financial planning, relationship problems, therapy-adjacent reflection, or anything you’d be uncomfortable seeing on a server somewhere — the default ChatGPT architecture isn’t built for that use case.

The right tool depends on what you’re doing. The point of this post isn’t that ChatGPT is bad. It’s that you should know what you’re choosing when you use it.

If you want AI that’s genuinely private by design, Cloaked is available on the App Store. Every conversation stays on your device. No exceptions — because there’s no other option built into the architecture.