Your ChatGPT conversations are now permanently stored - including those from your company. Here's what you need to know and do.
Since June 2025, OpenAI has had a problem. A US court has required the company to keep all user data - including chats you have already deleted. This comes as a result of a lawsuit by The New York Times, alleging that ChatGPT illegally used their articles for training.
The consequence? That “deleted” chat in which you shared business strategy, personal concerns or sensitive information still exists on OpenAI's servers.
Do you prefer to work with Microsoft Copilot?
Contact us for a customised session.
Your ChatGPT Team account offers no protection
Think you're safe with a ChatGPT Team subscription? Forget it. Almost all account types are covered by this retention requirement:
- Free users ✗
- ChatGPT Plus/Pro ✗
- ChatGPT Team ✗
- API users without special agreement ✗
Some exceptions: ChatGPT Enterprise and Education accounts are excluded for now.
Europe vs America: privacy conflict
ChatGPT conversations do not have legally protected confidentiality, as with a lawyer or doctor.
A judge can demand your chat history as evidence. OpenAI must comply with legitimate requests.
For European users, this clashes with the GDPR, which mandates data minimisation and deletion, versus US court-ordered retention. Regulators are watching, as with previous ChatGPT blockades in Italy.
Company-sensitive information shared through Team accounts is now permanently on US servers, beyond your control. OpenAI promises that Team data is not used for training, but that does not mean it is completely secure.
What to do NOW
For companies:
- Immediately evaluate your current ChatGPT usage
- Take an inventory of sensitive information already shared
- Set new guidelines for AI use
- Consider upgrading to ChatGPT Enterprise (exempt from retention)
- Implement an AI privacy policy
- Ban sharing trade secrets via ChatGPT
- Train employees on these new risks
- Document what can and cannot be shared
- Find alternatives for sensitive tasks
- On-premise AI solutions for confidential assignments (offline open-source LLMs)
- European AI providers under GDPR jurisdiction (e.g. Mistral)
- Hybrid approach: public AI for general tasks, private solutions for sensitive info
For individual users:
- Think twice before typing
- No personal or financial data
- No info you don't want to see in public
- Treat every chat as potentially permanent and public
- Use pseudonyms and generic terms
- Replace “Project X at client Y” with “a marketing project”
- Avoid names, companies and locations
The wider implications
This situation exposes a fundamental problem in our digital economy. AI tools are presented as confidential assistants, but legally they have the same status as a public website.
Companies need to recognise that convenience and privacy do not always go hand in hand. The question is not whether to use AI, but how to do it securely.
What to expect
OpenAI CEO Sam Altman advocates “AI privilege” - legal protection similar to lawyer-client or doctor-patient confidentiality. But until such legislation is in place, you will remain vulnerable.
Expect more lawsuits. AI companies possess valuable data that lawyers are eager to use. Your chat history could be worth gold in court.
The gist
Your ChatGPT conversations are no longer private, full stop. Whether you have a free account or pay for Team: your data is kept and can be legally retrieved.
This is a temporary situation but also a precedent. Other AI companies will experience similar pressures.
Action is not optional, but necessary. Start rethinking what you share with AI today. Your privacy and business security depend on it.
Want more information? Subscribe to our newsletter: Proteus Effect Newsletter
