What ChatGPT's TOS really says about your prompts
What ChatGPT's TOS really says about your prompts
Before your next ChatGPT prompt, take three minutes. We read OpenAI's Terms of Use and Privacy Policy in full. Here is what they say about the consumer versions, Free, Plus, and Pro. Three things stand out, plainly: your prompts are used by default to improve the model, conversations are kept for at least thirty days, and the so-called Temporary Chat does not erase everything. The rest of this article documents each point against OpenAI's own sources.
We use ChatGPT as the example because it is the most-used. What we document here applies, with minor variations, to Claude and to Gemini. It is the standard economic model of consumer LLMs. The point is not a specific vendor. The point is the default architecture of a tool that learns from its users and that has to moderate what passes through it. Our goal is to make these clauses readable, not to single anyone out.
What does OpenAI do with your prompts?
By default, OpenAI uses your prompts and the model's responses to improve its systems. The "Improve the model for everyone" toggle is on when you create an account. You can switch it off in Settings, Data Controls, but most users do not, and no one walked them through it at signup.
This is confirmed by OpenAI's Privacy Policy and its Help Center page on data use for training. The rule is the inverse of what many users assume. It is not opt-in, it is opt-out, and you need to know where to look.
By default, ChatGPT uses your prompts to improve its models, and the opt-out is enabled at signup, not visible to most users. This default only applies to the consumer tier. ChatGPT Team, ChatGPT Enterprise, and API calls are not used for training by default, as OpenAI states explicitly. But the version most professionals reach for during the day is the consumer version.
For context, Anthropic updated its policy in late September 2025 and now also uses Claude consumer conversations to train models by default, unless the user opts out. Google does the same with Gemini, configurable through "Gemini Apps Activity." The pattern is consistent across the industry. The free or consumer tier funds the next version of the model.
Concretely, if a lawyer pastes a draft contract into ChatGPT Plus without changing the settings, that contract may feed the next training run. The same contract in Claude or Gemini follows a comparable path.
How long does OpenAI keep your conversations?
OpenAI retains conversations for at least thirty days. Beyond that, retention can extend "for legal, regulatory, or safety reasons." That language, which appears in the Privacy Policy, covers essentially any motive in practice.
A concrete example of what this clause allows: between May and September 2025, OpenAI was compelled by a court order in the New York Times litigation to retain all conversations indefinitely, including those deleted by users and Temporary Chats. The standard practice resumed on September 26, 2025. The interesting point is not that OpenAI did anything wrong. It is the reminder that retention is not a contract with you. It is a balance between vendor policy and the legal obligations the vendor is subject to.
Conversations are retained for at least 30 days, and longer for legal or safety reasons, a clause that covers nearly anything in practice. When you delete a conversation in the interface, it is purged within thirty days per the documentation. That purge applies to standard backups only, not to exceptional retention compelled by legal process. Claude and Gemini follow comparable patterns: thirty days for Claude under opt-out, up to eighteen months by default for Gemini.
Is ChatGPT's Temporary Chat actually private?
Temporary Chat is the option offered for a conversation that does not appear in your history. On paper, it is the equivalent of a browser's incognito mode. In practice, the coverage is narrower than the name suggests.
What Temporary Chat does: it keeps the conversation out of your history, and it prevents that conversation from being used to train the model. What it does not do: it does not erase the conversation immediately. OpenAI states that these exchanges are retained for up to thirty days for abuse moderation, in line with its Terms of Use.
Temporary Chat turns off history and training, but OpenAI keeps the conversation for up to 30 days for abuse moderation. Private does not mean invisible. If an employee pastes client data into a Temporary Chat believing it disappears, that data sits somewhere in the vendor's systems for a month, in theory accessible to human review or to a lawful request. The moderation logic is universal: every consumer LLM vendor maintains a moderation window over "private" conversations.
Who can read your ChatGPT conversations?
OpenAI's Privacy Policy is explicit on this point. Humans can review conversations, in three main cases.
For content moderation, internal teams or subcontractors review conversations flagged as potentially abusive, dangerous, or in violation of the terms. For model improvement, annotators read samples of conversations to evaluate response quality and correct flaws. For legal requests, OpenAI can produce conversations in response to subpoenas, civil discovery, or valid administrative requests.
None of these three cases is exceptional. All online service providers operate this way, and Anthropic and Google apply comparable arrangements. What these clauses imply for professional use is, however, worth stating plainly: a system where third-party humans can access conversations under criteria defined by the vendor is not designed to receive data whose confidentiality is governed by attorney-client privilege, a client contract, or sector-specific regulation.
For a lawyer, attorney-client privilege is placed under tension the moment the first client data is sent. For a doctor or nurse, HIPAA in the United States and GDPR Article 9 in Europe are in play with every clinical note pasted for rewriting. For a consultant or executive, the NDA signed with the client becomes difficult to honor. For HR, candidate and employee data leave the perimeter defined in the company's data processing register. The point is not about ChatGPT. It is about the act of pasting sensitive data into any consumer LLM.
Not a scandal, but still a problem
Nothing above is hidden. It is all written, plainly, in public documents. Sources are listed at the bottom of this article. OpenAI documents its practices better than the sector average and offers controls that did not exist two years ago. Anthropic has made similar choices, so has Google. This is the state of the art today.
The issue is therefore not a vendor. The issue is that the confidentiality of professional data should not depend on a checkbox no one reads, or on a subscription tier, or on a jurisdiction that can change tomorrow. A lawyer, a nurse, a consultant, or an HR manager should not have to choose between productivity and confidentiality every time they paste a text into a prompt. And a privacy policy, however carefully drafted, can be amended, or overridden by a court order, as the summer 2025 episode showed.
The protection of confidential data cannot rest entirely on the goodwill of a third-party vendor, however serious. It is a simple principle, but it is the conclusion that the consumer-LLM terms of use, read in full, impose.
What you can actually do
Three immediate actions if you use ChatGPT, Claude, or Gemini in a professional context.
Turn off the training option in settings. For ChatGPT, it is "Improve the model for everyone" in Data Controls. For Claude, it is the option to use conversations for training, under Privacy. For Gemini, it is "Gemini Apps Activity." The direct link to the ChatGPT procedure is in the sources at the bottom of this article. This stops your prompts being used for training, but it does not affect moderation retention or human-review access.
If your organization can afford it, switch to Team or Enterprise tiers across vendors. These exclude prompt-based training by default, offer stronger contractual guarantees, shorter retention commitments, and sometimes data-residency options. They still do not resolve moderation retention, nor data production in response to a lawful request.
Most importantly, anonymize before you send. The only reliable way to prevent sensitive data from being processed by a third-party vendor is to make sure it never leaves your machine in the clear. Replacing names, project codes, financial figures, dates, and identifiers with placeholders before the data reaches the LLM does not depend on account settings, contract terms, or jurisdiction. This is the local-first approach, also called client-side anonymization: confidentiality by construction, not by trust.
Quieta applies exactly this principle. Anonymization happens locally on the device, before the prompt leaves the machine. It works with ChatGPT, Claude, Gemini, and other LLMs. Free for individual use, seven dollars per month for professional use. The site is quieta.ai.
Local anonymization, before the data leaves your machine, is the only answer that does not depend on settings, on a vendor, or on a jurisdiction.