How can I request deletion of my chat history and API data from OpenAI under privacy laws?
Executive summary
OpenAI provides several formal routes to request deletion of personal data, including a Privacy Portal, designated emails, and in‑product controls for ChatGPT and API users, but those deletion rights are subject to verification, contractual tiers (Enterprise/ZDR), and possible legal preservation orders that can compel retention despite user requests [1] [2] [3] [4]. The practical path is to use OpenAI’s Privacy Portal or the specific DSAR email, follow their verification steps, and be aware that litigation or lawful disclosures may limit or delay deletion [1] [2] [5] [4].
1. What “deletion” OpenAI says it offers and where to start
OpenAI’s published privacy policy and help center direct individuals to submit deletion requests through the Privacy Portal at privacy.openai.com or by emailing dsar@openai.com, and they explicitly list “the right to request deletion of your Personal Data” as an exercisable privacy right in many jurisdictions [1] [6] [5]. For ChatGPT users the Help Center adds an in‑product path: sign into ChatGPT, go to Settings → Account → Delete account, or click “Make a Privacy Request” in the portal and choose “Delete my ChatGPT account,” which stops access and initiates data removal processes [2].
2. What to include in a deletion request and verification steps
Requests should identify the account or the data to be deleted and comply with OpenAI’s verification process because the company may require credential checks “to protect your Personal Data from unauthorized access, change, or deletion,” which means expect to prove control of the account or identity before deletion proceeds [1]. OpenAI’s California reporting likewise confirms users may exercise rights by email or portal and that the company records requests received, completed, and denied—so keeping copies of correspondence and any DSAR case number is prudent [5].
3. Special pathways: EU opt‑outs, training‑data objections, and API/enterprise distinctions
Individuals in “certain jurisdictions” such as the EU have additional mechanisms to object to processing and to request opt‑outs for use of their data in model training via a form OpenAI has referenced; OpenAI warns such rights are not absolute and may be balanced against freedom of expression and other legal limits [7]. For business customers and API users, contractual instruments matter: the Data Processing Addendum and Zero Data Retention (ZDR) options change retention and deletion behavior—Enterprise and ZDR contracts typically prevent OpenAI from using customer data to train models and limit retention timelines [3] [2] [8].
4. Legal limits and recent court actions that can override deletions
A high‑profile litigation development has shown that court orders can compel OpenAI to preserve data that would otherwise be deleted; OpenAI has publicly said it is appealing orders that would force indefinite preservation and argues such orders conflict with its 30‑day deletion commitments for consumer chats, but those appeals mean a period of legal uncertainty and possible exceptions where lawful process requires retention [4] [9] [10]. Public reporting and commentary indicate deleted chats may be subject to legal holds in some lawsuits, and OpenAI has cautioned users that litigation demands are a risk to deletion promises [4] [9].
5. Practical checklist and next steps for users seeking deletion
Begin with the Privacy Portal (privacy.openai.com) or email dsar@openai.com to submit a deletion; if the issue concerns a minor, email privacy@openai.com as instructed [6] [1]. If using ChatGPT, use the in‑app “Delete account” or “Delete all” chat/memory controls for chat history and follow up with the portal for confirmation [2]. Business/API customers should review their DPA and consider ZDR or Enterprise plans if stronger deletion guarantees are required, and retain copies of all requests and any DSAR reference numbers in case legal preservation or disputes arise [3] [8].
6. Caveats, competing viewpoints and what to expect after filing
OpenAI’s public stance is that it honors deletion requests within stated policies and timelines — typically a 30‑day window for consumer chats — but it also states rights are not absolute and that legal obligations can require retention; independent reporting and commentary warn that court orders can and have complicated deletion promises, creating a tension between privacy commitments and discovery in lawsuits [2] [4] [9]. Therefore, expect verification steps, possible partial denials, or delays when legal holds are in play, and consider contractual protections (Enterprise/ZDR) or alternative providers if strict deletion is essential [3] [10].