Table of Contents
Quick Answer
ChatGPT is safe for most non-sensitive use if you disable training on your data. For confidential work data, use ChatGPT Team/Enterprise or the API — both guarantee no training. Never paste passwords, PII, trade secrets, or regulated data (HIPAA/PCI) in free or Plus.
- Free/Plus: OpenAI may train on your chats unless you opt out
- Team/Enterprise/API: no training by default
- Opt-out: Settings → Data controls → Improve the model for everyone: OFF
Why This Matters
ChatGPT transmits every message to OpenAI's servers (US-based). Free and Plus tiers use chats to improve models unless opted out. Team, Enterprise, EDU, and API tiers carve out training exclusions. Enterprise also adds SOC 2, SAML SSO, and zero retention options.
Step-by-Step: Lock Down Your Privacy
Step 1: Open data controls
Settings → Data Controls.
Step 2: Turn off model improvement
Toggle "Improve the model for everyone" to OFF. Your future chats won't train OpenAI models.
Step 3: Disable chat history (extreme privacy)
Toggle "Chat history & training" off. Chats auto-delete in 30 days, no training. (You lose history too.)
Step 4: Delete existing chats
Settings → Data Controls → Delete all chats. Or delete individual chats via trash icon.
Step 5: Export your data
Settings → Data Controls → Export data. OpenAI emails a ZIP of your chats.
Step 6: Check memory settings
Settings → Personalization → Memory. Review stored facts; delete sensitive ones.
Step 7: Use temporary chats
Click the Temporary Chat icon (top-right in ChatGPT). These don't save to history or train the model.
Step 8: For work: use Team/Enterprise
Team ($25/user/mo): no training, admin controls, shared workspace. Enterprise: SAML, SOC 2, zero retention.
Step 9: For developers: use the API
API data is not used for training by default. Add Zero Data Retention (ZDR) for regulated workloads.
Step 10: Never paste these in ChatGPT
- Passwords, API keys, private keys
- Customer PII (names + SSN/card/medical)
- Trade secrets or unreleased product plans
- Regulated data under HIPAA, GDPR Art. 9, PCI-DSS
When to Contact Support
- Data export doesn't arrive after 48 hours
- You requested account deletion but data persists
- Suspicious login or data leak — [email protected]
- GDPR/CCPA request: [email protected]
Prevention Tips
- Treat ChatGPT like a public forum for worst-case thinking
- Scrub PII before pasting (replace names with [CLIENT A])
- Use Team/Enterprise for any commercial use
- Read the OpenAI DPA if your org requires one
- Check regional data residency options in Enterprise
FAQs
Does OpenAI train on my ChatGPT data? Yes on Free/Plus unless you opt out. No on Team/Enterprise/API.
Where is my data stored? OpenAI US data centers; Enterprise can select EU residency.
How long does OpenAI keep my chats? 30 days after deletion; Enterprise can configure zero retention.
Is ChatGPT HIPAA compliant? Only via Enterprise with BAA. Free/Plus: NO.
Is ChatGPT GDPR compliant? Yes — data export, deletion, and DPA available.
Can I use ChatGPT for work? Only if employer approves; use Team/Enterprise for confidentiality.
Does disabling history affect memory? Yes — memory requires history on.
Conclusion
ChatGPT is privacy-safe with the right plan and settings. For unified multi-model access with a single DPA and audit trail, try Assisters AI.
[Try Assisters AI Free →](https://assisters.dev)