Inês deleted the ChatGPT conversation the moment she was done. She had just walked the model through a tricky client case, with a name, an account number and a few sensitive details, to get a clean summary faster. Done, deleted, gone. So she thought.
But the chat log outlives the chat. On screen the conversation has vanished from her history. In the systems behind it the story is different. And that is exactly the misunderstanding: we treat deleting as the same thing as erasing. With AI tools it rarely is.
Deleting is not erasing
Take the most common example. With ChatGPT a conversation disappears from your history the moment you delete it, but permanent deletion from the systems normally follows within about 30 days. Temporary Chats, the ones that never stay in your history, are also kept for up to 30 days before they go. Source: OpenAI Help Center, chat and file retention policies, accessed June 2026.
That one-month window is usually not a problem. Until it is. Because during that period the conversation still exists, somewhere, with everything in it. And the timeline is not a law of nature: a legal or regulatory obligation can stretch it.
A deleted conversation that was not allowed to go
This is not theory. In May 2025 a US magistrate judge, Ona Wang, ordered OpenAI to preserve and segregate all ChatGPT output log data, in the litigation The New York Times brought against OpenAI. The order explicitly covered conversations users had already deleted, and Temporary Chats too. That paused the usual deletion within 30 days: data that would normally be gone now had to stay.
The order hit the ordinary accounts: Free, Plus, Pro and Team, plus the standard API. It did not apply to ChatGPT Enterprise, ChatGPT Edu or API usage with Zero Data Retention, where the data is not retained in the first place. OpenAI objected, calling it at odds with the privacy commitments it had made to users. In October 2025 the preservation requirement was lifted again. Source: OpenAI, "How we're responding to The New York Times' data demands", and legal reporting on the case, May to October 2025.
The uncomfortable part of this story is not the outcome. It is what it reveals. A user who hit delete in June 2025 did everything right by the settings, and the chat stayed anyway, beyond their control, because a judge in a case they had no part in decided that deleted data had to be kept. Your delete button is not the final word.
Memory remembers what you forget
There is another route by which a detail lingers, and it sits outside your chat history. ChatGPT can store information from a conversation as a memory, and can also reference past chats to make later answers more personal. What Inês explained in one chat can therefore surface in a later one, even after she deletes the original.
This deserves its own piece, and it gets one: see the separate explainer on how AI memory works. For now the point is simple. Deleting a conversation does not automatically erase what the model retained from it.
On a work account, the admin reads along
Then there is the workspace. On the consumer version your employer cannot simply look into your conversations. On ChatGPT Business, Enterprise and Edu it is different. There, an admin can access conversations, uploaded files and metadata through the compliance and eDiscovery API, built for audits and legal requests. Source: OpenAI Help Center, compliance API and admin controls, accessed June 2026.
That is reasonable in itself, and often required in regulated sectors. But it does mean something for what an employee types into it. Who knows whether their employer's plan has this turned on? Almost no one. And the question of whether an admin can read your conversations connects to the broader one of whether an employer can monitor AI use.
What the settings do not solve
You can arrange a lot in the settings. You can stop training on your data, you can limit memory, you can use Temporary Chat. Good steps, and they do what they promise. But they all share the same gap: they do not pull a pasted detail back out of the log.
The preservation order sat above the delete button. Memory works independently of the chat history. The admin reads along outside your settings. Three different routes, one thing in common: once the detail is in the log, you have lost control of it. The settings decide what happens to the log. They do not decide what goes into it.
That is why the real control point moves earlier, to the moment the detail enters the text box. That moment belongs to the employee, not to the settings. What does not go in there does not need protecting afterwards, because it does not exist in the log. This is the same root cause behind the broader privacy risks of ChatGPT: not the tool itself, but what ends up in it.
Where BeeSensible fits
You can ask the question at the moment it counts: before the conversation begins. BeeSensible highlights sensitive data while you type, across AI tools, email and other web apps. Detection runs in a European environment, in working memory, and the text is discarded after analysis. What is in there, a name paired with an account number, a card number, a national ID, gets a highlight before it is sent. Inês sees the account number light up as she types out her case, and decides for herself whether to remove, replace or mask it before she hits send.
Here is what that looks like the moment someone pastes client data into an AI tool:
Outlook