factually

What is OpenAI's policy on data retention after account deletion?

Checked on December 1, 2025
Disclaimer: Factually can make mistakes. Please verify important information or breaking news. Learn more.
OpenAI
Microsoft Learn
Medium
PYMNTS
Searched for:
"OpenAI data retention policy December 2025"
Found 14 sources

Executive summary

OpenAI’s stated baseline: deleted conversations for most business and consumer accounts are removed within 30 days, and API inputs are typically retained up to 30 days for abuse monitoring; enterprise and Zero Data Retention customers get stronger guarantees (ZDR or configurable retention) [1] [2] [3]. That baseline was disrupted by a U.S. court preservation order in mid‑2025 that forced OpenAI to retain and segregate certain consumer ChatGPT and API data indefinitely; OpenAI has appealed and says the order does not apply to enterprise ZDR agreements [4] [5] [6].

1. How OpenAI describes deletion in normal operations

OpenAI’s public enterprise documentation says deleted conversations “are removed from our systems within 30 days, unless we are legally required to retain them,” and that enterprises can set retention policies—implying a standard 30‑day removal window for deletions outside legal holds [1]. Community and technical summaries of OpenAI’s API practice have long echoed the same 30‑day retention period for inputs/outputs used for abuse monitoring, with the option for customers to request Zero Data Retention (ZDR) on eligible endpoints [2] [7].

2. The court order that changed the landscape

In May 2025 a federal magistrate issued an order requiring OpenAI to “retain and segregate all output log data that would otherwise be deleted,” a mandate the company says forced it to preserve consumer ChatGPT and standard API data indefinitely and to store deleted chats in a secure legal‑hold system [8] [5]. OpenAI told users the preservation obligation ended for new data on September 26, 2025, but that it would continue to “securely store limited historical April–September 2025 user data” for certain regions while it resumed standard practices where possible [4].

3. What “Zero Data Retention” and enterprise contracts mean in practice

Multiple sources note that enterprise customers and those with ZDR contracts get different promises: ZDR endpoints are described as not retaining inputs/outputs and not subject to the same ongoing retention used for abuse monitoring, and OpenAI has said the court order did not affect business customers using ZDR [3] [5]. OpenAI materials for enterprise customers emphasize configurable retention, data isolation, and that by default enterprise data is not used for model training [1] [9].

4. User controls, product features and the “deleted = gone” expectation

Independent coverage and product‑oriented writeups show that consumer interfaces evolved in 2025 to give users controls—such as disabling chat history or Temporary Chats—but several explainers warn that prior “deleted” expectations clash with legal holds or with default retention that keeps chats until users delete them [10] [11] [9]. In short: product controls reduce exposure for some workflows, but deletion does not guarantee immediate erasure when legal or security obligations apply [1] [4].

5. Conflicting narratives and where reporting diverges

Journalistic and vendor commentaries converge on the 30‑day industry baseline and on the availability of ZDR, but they diverge on scope and permanence: independent analysts and security vendors warned that the court order made some deleted consumer conversations effectively persistent and that this applied broadly to free/Plus/standard API usage [6] [8]. OpenAI’s own posts emphasize an appeal and efforts to return to standard practices, and stress that enterprise/ZDR customers were excluded from the preservation in practice [4] [5].

6. Practical implications for users and organizations

For individual consumers: deleted chats are typically removed within 30 days in ordinary operation, but a court preservation order can override that for specified historical or ongoing data, so “deleted” may not equal immediate, permanent erasure in all circumstances [1] [4]. For businesses and regulated organizations: contract terms matter—enterprise accounts can set retention minima (some docs note minimums like 90 days for workspaces) and can request ZDR to avoid retention for compliance or PHI handling [9] [3].

7. Limitations in the available reporting

Available sources document OpenAI’s public positions, the court order, and product claims about ZDR and enterprise controls, but they do not provide granular technical verification of how every storage layer treats deleted data or post‑appeal status beyond September 2025; detailed forensic proofs or internal logs are not published in these sources [4] [8]. Where sources disagree—on how broadly the preservation applied or how quickly OpenAI restored standard retention—the discrepancy reflects differing emphases between OpenAI’s corporate posts [4] [1] and independent/security writeups [8] [6].

Bottom line: OpenAI’s nominal policy has been that deleted conversations are removed within roughly 30 days and that enterprises can arrange ZDR or custom retention, but a mid‑2025 court preservation order created an important exception that kept certain consumer and API data—otherwise deletable—under legal hold until the company’s appeals and policy adjustments were resolved [1] [5] [4].

Want to dive deeper?
How long does OpenAI retain user data after an account is deleted?
What types of data does OpenAI keep or delete when a user cancels their account?
Can users request immediate deletion of their training data and how to submit such a request to OpenAI?
How does OpenAI handle backups and log retention after account deletion?
What legal or regulatory reasons might require OpenAI to retain data after account deletion?
About
Blog
Contact
FAQ
Terms
Privacy
Manage data