What OpenAI keeps when you chat with ChatGPT is more than people assume — and less than the worst-case stories suggest. Plain breakdown.
What gets saved when you talk to ChatGPT
Every message you send: prompts, model output, attachments, custom-instruction blocks, and the conversation metadata (model used, timestamp, account). Stored on OpenAI’s servers, indexed to your account.
This is true on:
- Free tier — by default, used for training.
- Plus — by default, used for training.
- Teams + Enterprise — by default, not used for training. Workspace data isolation in place.
- Temporary chats — saved for 30 days for abuse review, then deleted, not used for training.
You can opt out of training on Free and Plus via Settings → Data Controls → Improve the model for everyone → off. After that, your conversations are still saved (so you can re-open them) but not used for training.
The “saved but not trained on” subtlety
Opting out of training does not delete past conversations. Past chats remain in your history, accessible via the sidebar. They’re “OpenAI-owned data on OpenAI servers” — which matters if you care about data sovereignty.
If you want them off OpenAI’s servers, the move is: export the conversations you care about, then delete them from your account. Settings → Data Controls → Manage → Delete all chats.
What an export tool like ChatExport AI changes
Nothing about OpenAI’s storage. The conversations stay where OpenAI puts them.
What changes is your local copy. With ChatExport AI, you have a portable file (PDF, Markdown, JSON, etc.) that lives on your disk, not in someone’s vendor account. If you delete the original conversation from ChatGPT, your local copy stays.
ChatExport AI itself doesn’t add to the surveillance footprint:
- Conversation content never uploaded to ChatExport AI servers.
- The only network call is optional Pro license validation, which sends an encrypted device fingerprint and never chat content.
- Full security model documented.
So the privacy story is: OpenAI keeps what they keep regardless of your export tool; the export tool gives you a copy you control.
Privacy moves that actually matter
In rough order of impact:
- Use Temporary chats for sensitive content. They auto-delete after 30 days and aren’t used for training.
- Opt out of training in Settings if you’re on Free or Plus. One toggle.
- Export and delete any conversation you wouldn’t want to leak. Belt-and-suspenders.
- Don’t paste secrets into ChatGPT. API keys, passwords, PII for third parties — the system prompt warns about this, and it’s correct.
- Use a separate account for sensitive work. Some of my clients have a dedicated paid account just for legal review.
What doesn’t matter (much):
- Custom Instructions — they go to the model with every prompt; OpenAI sees them. Don’t put secrets there.
- “Incognito mode” — that hides the chat from your local browser history. Doesn’t change anything server-side.
- VPN — useful for some things; not for hiding chat content from OpenAI.
What about the rest of the AI ecosystem?
- Claude (Anthropic) — by default, no training on consumer chats. Workspace data isolation similar to OpenAI Teams.
- Gemini (Google) — opt-out for training in Settings. Workspace data isolation in Google Workspace.
- Microsoft Copilot — varies by tier. M365 Copilot enterprise tier: no training on customer data.
- Perplexity, Grok, Poe — varies. Read each privacy policy.
The general pattern: paid enterprise tiers tend to have the strongest non-training defaults. Free consumer tiers tend to use chats for training unless you opt out.
TL;DR
ChatGPT keeps your chats. You can opt out of training but not opt out of storage. Export the chats you care about, delete the originals if you need to. Use Temporary chats for sensitive content. Don’t paste secrets.
Related
- /security — ChatExport AI’s privacy model in detail.
- /for-lawyers — privilege-aware AI usage.
- How to back up your entire ChatGPT history.