Join
1
0 Comments

What AI Companies Do With Your Data When You Delete It

by Haider

You pressed delete. The conversation disappeared from your screen. But here's what most people don't know: that data almost certainly hasn't gone anywhere. In May 2025, a federal judge ordered OpenAI to preserve every ChatGPT conversation on its servers including ones users had already deleted.
Millions of people had no idea this was happening. That single case exposed something the AI industry had quietly relied on for years: the delete button doesn't mean what you think it means.

The Gap Between "Deleted" and Actually Gone

When you remove a conversation from an AI chatbot, you're not erasing data. You're removing your view of it. What happens behind the scenes is a different story entirely.
ChatGPT holds your deleted conversations on its servers for 30 days under standard policy — and that's before any legal hold applies. Google Gemini stores conversations for 18 months by default, though users can adjust this window.
More concerning: if a Google human reviewer has looked at your conversation, that chat is retained for up to three years, disconnected from your account, and cannot be deleted by the user.The gap between "deleted" and "gone" isn't a bug.
It's deliberate. AI companies need time windows for safety monitoring, abuse detection, and litigation preparedness. From a user's perspective, however, it means that data you intended to remove can persist in systems you no longer have any visibility into.

When Memory Features Complicate Deletion Further

If you've ever used ChatGPT's Memory feature, the problem goes deeper. Deleting a conversation does not erase the memories extracted from it. Those persist separately in your settings until you manually clear them, a step most users don't know exists.
This layered data architecture is not unique to OpenAI. It reflects a broader pattern across AI platforms: data gets stored in multiple locations simultaneously, and deleting from one place doesn't cascade to the others.
What you share with an AI assistant can travel further than you intended, through training pipelines, memory systems, and legal storage, all with different retention clocks running independently.

What Happens to Your Data Before You Even Hit Delete

The more uncomfortable question isn't about deletion windows. It's about ## what happens to your data the moment you type it.
By default, most major AI platforms use your conversations to improve their models. You can opt out, but there's a critical limitation: disabling model training doesn't reach backward. Any data already used for training stays in the training set. The opt-out only affects future conversations.
This matters because people share far more than they realize during AI interactions. Roughly 15% of employees paste sensitive company information into public AI chatbots, according to research from 2025. That's proprietary code, client names, financial figures, and internal strategy. Once that data is used in training, there's no technical mechanism to remove it from the model itself.

The Court Order Nobody Told Users About

The New York Times v. OpenAI lawsuit made this problem visible in a way it had never been before. In May 2025, a federal judge ordered OpenAI to retain all output log data indefinitely — including conversations users had explicitly deleted. The order applied to consumer ChatGPT users on free, Plus, Pro, and Team plans.
OpenAI's CEO publicly described the ruling as an overreach and argued that AI conversations should carry something close to attorney-client confidentiality. The preservation order was eventually lifted in late September 2025, and OpenAI returned to standard 30-day deletion practices. But conversations from the April to September 2025 window remain in secure storage, pending the ongoing litigation.
The case set a precedent worth understanding: court orders can override your deletion requests, and the legal infrastructure to compel data retention from AI companies already exists. One lawsuit changed data practices for millions of users overnight, without any notification to those users at all.

Why This Matters More Than People Think

Public concern about AI data practices has climbed sharply. A 2025 survey found that 91% of Americans are concerned about social media platforms using their data to train AI models, and one in three has already stopped using certain platforms because of it.
Meanwhile, 70% of people in the US say they have little or no trust in companies to use AI-collected data responsibly.
That gap between what users expect and what actually happens is where real risk lives. People type things into AI assistants they'd never say in a public forum: health questions, financial worries, relationship problems, business decisions. The assumption of a private conversation is baked into how these tools feel to use. The reality of data retention makes that assumption fragile.

The ISP Layer Most Users Forget

Your conversations with AI tools don't just pass through the AI company's servers. They also pass through your internet service provider. ISPs can log the domains you visit, the volume of traffic you send, and often more. Without an encrypted connection shielding that traffic, your AI usage patterns are part of the data trail your ISP holds, separate from anything the AI platform retains.
For users who want their browsing activity decoupled from their identity, a reliable PureVPN encrypts traffic at the network level, which means your ISP sees encrypted data rather than readable requests to AI platforms. It doesn't change how AI companies handle data internally, but it does close one significant exposure point that most people don't think about until it's relevant.

What You Can Actually Do About It

Understanding the problem is the first step. Here's what you can control.
Turn off model training in your settings, on every platform you use, not just one. Check for separate memory or personalization features and clear them manually. Read the data retention terms before sharing anything sensitive in a chat window, because most people only skim them once, if ever.
For users who work with sensitive data professionally, Windows VPN tools are one of the few privacy layers that work at the network level, keeping your activity private from ISPs regardless of how AI platforms handle their backend retention policies.
Understand that enterprise-grade privacy controls look different from consumer ones. Enterprise tiers at OpenAI, Google, and Anthropic typically offer stronger contractual protections, including no model training on your data by default and shorter or admin-controlled retention windows. If your work involves genuinely sensitive information, those tiers exist for a reason.

The Bigger Picture

The delete button was designed for a world where data lived in one place and removing it meant removing it. That world doesn't describe how AI platforms are built. Data branches into training sets, memory systems, legal holds, and ISP logs before you ever click anything.
This isn't an argument against using AI tools. It's an argument for using them with clear eyes. The companies building these systems are not necessarily acting in bad faith but their incentives around data retention don't always align with user expectations around privacy. Closing that gap starts with knowing it's there.

Avatar for Haider Haider
on June 1, 2026
Say something nice to egal…
Post Comment
Trending on Indie Hackers
Priorities for launching a SaaS solo, with no budget User Avatar 204 comments I built a tool directory that doesn't pretend every founder has the same needs User Avatar 35 comments Why founder-led outbound breaks the moment you try to delegate it User Avatar 7 comments I built a browser-based photo geotagging tool. What should I lead with? User Avatar 6 comments How we built a Hindi + English kids learning app in Unnao with zero budget User Avatar 3 comments Launched on Product Hunt today: budget hosting where the whole pitch is honesty User Avatar 2 comments