ChatGPT Data Privacy: What OpenAI Collects & Trains On (2026)
ChatGPT data privacy explained — what OpenAI collects, how long it retains conversations, when it trains on your data, how Free/Plus/Team/Enterprise differ, and how to stop sensitive data reaching it.
The tier is everything. On Free and Plus, OpenAI may use your conversations to improve its models unless you opt out. On Team, Enterprise, and the API, your business data is not used for training by default.
Even where training is off, conversations are still transmitted, processed, and retained for a period (abuse monitoring), so "not trained on" is not the same as "not stored."
The privacy risk most companies actually have isn't OpenAI's policy — it's what employees paste: customer records, source code, credentials, and PHI typed into a prompt no policy can retract.
The only reliable control is technical: detect and redact sensitive data before it reaches the model, or warn/block the employee at submission. That's what Strac's AI DLP does.
What Data Does ChatGPT Collect?
Three categories, and it's worth separating them because they carry different risk:
Prompt content — everything you type or paste, plus uploaded files and images. This is the sensitive category: it's whatever your employee decided to include.
Generated output — the model's responses, stored alongside the conversation.
Account and usage metadata — email, device, IP, usage patterns, and (in ChatGPT's memory features) persisted facts about you across sessions.
The uncomfortable part for security teams is #1. A DLP policy can govern files leaving via email; a prompt is a novel egress path that traditional tooling never watched.
Does ChatGPT Train on Your Data?
It depends entirely on which ChatGPT you're using:
Tier
Used to train models?
Notes
Free / Plus
Yes, by default
You can opt out in data controls, but the default is on
Team
No
Business data excluded from training
Enterprise
No
Excluded by default; admin controls
API / Platform
No
Not trained on by default
This is the single most important fact in ChatGPT data privacy, and the one most employees get wrong: the consumer app they use at home behaves differently from the enterprise tier their company pays for — and many employees use the consumer app at work, on a personal account, entirely outside IT's view. That's shadow AI, and it's where the privacy exposure actually lives.
Retention: "Not Trained On" ≠ "Not Stored"
Even on business tiers where training is off, conversations are typically retained for a period to support abuse monitoring and the product's own features (history, memory). Deleted conversations are generally removed on a defined schedule rather than instantly.
The practical implication: once a customer's SSN is in a prompt, it has left your control. You cannot un-send it, and your breach-notification obligations don't care whose model it landed in. That's why prevention beats policy here.
✨ The Real ChatGPT Privacy Risk: What Your Employees Paste
In our experience across customer deployments, the pattern is remarkably consistent — the data that ends up in ChatGPT prompts is:
Customer PII — names, emails, SSNs, addresses, pasted from a support ticket or CRM to draft a reply
Source code and secrets — API keys, .env contents, tokens pasted with a stack trace for debugging
PHI — clinical notes and patient details pasted by healthcare staff (a HIPAA problem, since consumer tiers carry no BAA — see is ChatGPT HIPAA compliant)
Financial and card data — PANs pasted while reconciling a transaction
None of this is malicious. It's people trying to work faster. And "please don't paste sensitive data into AI" is a policy, not a control.
The privacy control that actually works: the sensitive value is redacted inside the prompt, before it ever reaches OpenAI.
✨ How to Protect Data Privacy in ChatGPT (Without Banning It)
Blanket bans fail — employees switch to their phone or a personal account, and you lose visibility entirely. The workable approach is enforcement at the point of use:
Redact — sensitive values (SSNs, cards, keys, PHI) are stripped from the prompt inline; the prompt still works, the data never leaves.
Warn — the employee sees exactly what was detected and decides, which builds awareness without breaking workflows.
Block — for data classes you never allow (PHI to a consumer tier, secrets anywhere), the submission stops.
Prove — every detection and action is logged as compliance evidence for SOC 2, HIPAA, GDPR, and PCI.
Strac does this in the browser across Chrome, Edge, Firefox, and Safari, covering ChatGPT alongside Claude, Gemini, Copilot, and Perplexity — plus MCP connectors when AI agents pull data from your SaaS directly.
Warn or block before submission — the moment where ChatGPT data privacy is actually decided.
🌶️ Spicy FAQs for ChatGPT Data Privacy
Does ChatGPT train on my data?
On Free and Plus, yes by default — OpenAI may use those conversations to improve its models unless you opt out in data controls. On Team, Enterprise, and the API, business data is not used for training by default. The catch is that employees frequently use personal consumer accounts for work, which puts company data on the training-by-default tier without IT knowing.
Is ChatGPT private?
Not in the way most people assume. Conversations are transmitted to OpenAI, processed, and retained for a period even on business tiers where training is disabled. "Private" is a function of tier plus what you type — and no tier lets you retract a customer's SSN once it's been submitted.
How long does ChatGPT keep my data?
Conversations are retained to power features like history and memory, and for a period to support abuse monitoring, with deletion on a defined schedule rather than instantly. For the current specifics, check OpenAI's data controls and retention documentation for your tier — and see our deeper dive on whether ChatGPT saves your data.
Is ChatGPT Enterprise actually private enough for regulated data?
Enterprise removes the training concern and adds admin controls, which is necessary but not sufficient. It doesn't stop an employee from pasting a patient record or a production key into a prompt, and it doesn't redact what they send. For regulated data, pair the enterprise tier with a control that inspects prompts and removes sensitive data before submission.
How do I stop employees from pasting sensitive data into ChatGPT?
Enforce it technically rather than by policy: detect sensitive data in the prompt as it's typed, then redact it, warn the employee, or block the submission based on your rules. That keeps ChatGPT usable — which is the point — while making sure regulated data never leaves. Every event doubles as audit evidence.
The Bottom Line
ChatGPT data privacy comes down to two variables you control: which tier your people use, and what they're allowed to type into it. The first is a licensing decision. The second is the one that actually causes breaches — and it can't be solved with an acceptable-use policy. Put a control in the prompt path, and ChatGPT becomes a productivity tool instead of an exfiltration channel.
Book a demo to see sensitive data redacted from ChatGPT prompts in real time.
On Free and Plus, yes by default — OpenAI may use those conversations to improve its models unless you opt out in data controls. On Team, Enterprise, and the API, business data is not used for training by default. The catch is that employees frequently use personal consumer accounts for work, which puts company data on the training-by-default tier without IT knowing.
Is ChatGPT private?
Not in the way most people assume. Conversations are transmitted to OpenAI, processed, and retained for a period even on business tiers where training is disabled. "Private" is a function of tier plus what you type — and no tier lets you retract a customer's SSN once it's been submitted.
How long does ChatGPT keep my data?
Conversations are retained to power features like history and memory, and for a period to support abuse monitoring, with deletion on a defined schedule rather than instantly. For the current specifics, check OpenAI's data controls and retention documentation for your tier — and see our deeper dive on whether ChatGPT saves your data.
Is ChatGPT Enterprise actually private enough for regulated data?
Enterprise removes the training concern and adds admin controls, which is necessary but not sufficient. It doesn't stop an employee from pasting a patient record or a production key into a prompt, and it doesn't redact what they send. For regulated data, pair the enterprise tier with a control that inspects prompts and removes sensitive data before submission.
How do I stop employees from pasting sensitive data into ChatGPT?
Enforce it technically rather than by policy: detect sensitive data in the prompt as it's typed, then redact it, warn the employee, or block the submission based on your rules. That keeps ChatGPT usable — which is the point — while making sure regulated data never leaves. Every event doubles as audit evidence.
Discover & Protect Data on SaaS, Cloud, Generative AI
Strac provides end-to-end data loss prevention for all SaaS and Cloud apps. Integrate in under 10 minutes and experience the benefits of live DLP scanning, live redaction, and a fortified SaaS environment.