factually

How can I request complete removal of my chat data under GDPR or CCPA from OpenAI?

Checked on November 26, 2025
Disclaimer: Factually can make mistakes. Please verify important information or breaking news. Learn more.
Openai
Hacker News
TechCrunch
Brian Lovin
Searched for:
"OpenAI GDPR data removal"
"CCPA OpenAI chat data deletion November 2025"
Found 23 sources

Executive summary

OpenAI provides self‑service privacy tools (download, opt‑out of training, delete account, and a Personal Data Removal Request form) and an email contact (dsar@openai.com) for GDPR/CCPA requests [1] [2]. However, recent U.S. court preservation orders may limit OpenAI’s ability to delete some chat logs — courts have ordered retention of large samples of ChatGPT conversations and OpenAI has said it is preserving data in response to litigation [3] [4] [5].

1. How to make a deletion or erasure request: use OpenAI’s privacy hub and DSAR email

For routine requests, OpenAI points users to its privacy portal and to an email address for data subject access requests (DSARs): privacy.openai.com/policies and dsar@openai.com; the privacy policy explicitly says you can submit removal or correction requests via that portal or that email and that OpenAI will consider them under applicable law and technical limitations [2] [1].

2. What tools you can use yourself right now

OpenAI’s user controls include options to download your data, opt out of having new conversations used for model training, delete your OpenAI account, and remove personal data from model outputs — all surfaced on the privacy.openai.com page and highlighted by community posts describing those capabilities [1] [6]. The Help Center notes chats are saved until you delete them and that deleting removes them from visible history and from the system after retention windows [7].

3. Evidence and verification requirements you should expect when filing a request

Reporting about OpenAI’s Personal Data Removal Request process notes that the form asks for contact details, the country whose laws apply, evidence of processing (prompts or screenshots), and sometimes sworn statements about accuracy — a process designed to let OpenAI locate the data and verify requests [8]. Past user accounts of CCPA requests show verification steps (phone or ID) are commonly requested by companies and OpenAI has asked for verification in prior exchanges [9].

4. Limited guarantees: litigation preservation orders can constrain deletion

Several legal reports say a U.S. court ordered OpenAI to preserve certain output logs for litigation, including randomly sampled conversations covering specific date ranges, which has forced OpenAI to retain some data it would otherwise delete [3] [4] [5]. Legal analyses flag a cross‑border conflict: preservation for U.S. discovery can clash with GDPR erasure rights in Europe [10] [11]. OpenAI has disclosed it is preserving data in response to court orders and is appealing or seeking reconsideration in parts [5] [12].

5. Enterprise vs. personal account differences — contract language matters

For API and enterprise customers, OpenAI’s Data Processing Addendum and enterprise privacy pages promise specific retention behaviors (API inputs/outputs retained up to 30 days by default; enterprise data retained per contract) and the ability to execute DPAs that address GDPR/CCPA obligations [13] [14] [15]. Legal and compliance specialists advise negotiating DPAs and ensuring the contract allows you to meet deletion obligations for your own regulatory compliance [16].

6. Practical step‑by‑step you can follow now

1) Use the privacy portal to download your data and toggle training opt‑out if available (privacy.openai.com) [1]. 2) Manually delete chats in your account and consult the retention policy in the Help Center about system deletion windows [7]. 3) Submit a Personal Data Removal Request via the privacy page or email dsar@openai.com, supplying clear identifiers, jurisdiction (GDPR/CCPA), examples/screenshots, and verification materials as requested [2] [8]. 4) If you’re an enterprise user, talk to your OpenAI account rep to sign or update a DPA and confirm retention/deletion commitments in writing [13] [14].

7. What the sources do not settle — and what that means for claimants

Available sources do not provide a guaranteed, uniform timeline or outcome for every erasure request; OpenAI’s privacy policy says requests will be considered based on applicable law and technical capabilities [2]. They also do not state that all deletions are impossible — rather, reporting shows deletion may be limited by court preservation orders for specific datasets or date ranges [3] [4]. If a court order applies to the data you ask to delete, OpenAI may be unable to comply fully until the preservation requirement lifts [5] [12].

8. Competing perspectives and likely next steps

Privacy advocates and EU regulators emphasize GDPR erasure rights and transparency [8], while U.S. litigants and some courts have emphasized the evidentiary needs of discovery, producing preservation orders that constrain deletions [4] [5]. The tension suggests that, for now, individuals should file DSARs and preserve evidence of their requests while closely tracking litigation developments and any contractual protections available to enterprise customers [2] [16].

If you want, I can draft a template DSAR email for dsar@openai.com tailored to GDPR or CCPA with the evidence items reporters say OpenAI may request.

Want to dive deeper?
What is the difference between a GDPR right to erasure request and a CCPA/CPRA deletion request to OpenAI?
Which personal data does OpenAI retain after deletion requests and how can I verify removal?
What documentation and identity verification does OpenAI require to process GDPR or CCPA deletion requests?
How long does OpenAI have to respond to deletion requests under GDPR and under CCPA/CPRA, and what are my appeal options?
Can I request deletion of conversation data from third-party services or backups that may have been shared by OpenAI?
About
Blog
Contact
FAQ
Terms
Privacy
Manage data