ChatGPT (OpenAI)

Plain-English risk rating: 3 of 5

Mid-range risk. ChatGPT's free and Plus tiers train on your inputs by default unless you actively opt out. The business tiers (Business, Enterprise) contractually exclude training, but most SMB owners use the consumer tiers without changing the default settings. The Samsung incident (April 2023, three separate leaks of semiconductor IP in 20 days) and the March 2023 Redis bug that exposed billing data for 1.2% of Plus subscribers are concrete examples of what can go wrong. OpenAI has improved significantly since 2023 — the business tiers offer genuine privacy protections, the API supports zero data retention for enterprise customers, and incident disclosure is faster. The risk now sits primarily with the user, not the platform.

Recommended for

  • Sole proprietor: Yes, with the training opt-out turned on, OR pay for ChatGPT Business at $25/user/month
  • Small team (2-10 people): ChatGPT Business is the right tier. The $25/user/month buys you a contractual no-training guarantee and basic admin controls
  • Regulated industry (healthcare, legal, finance): Only ChatGPT Enterprise with a signed BAA (where applicable), or API with Zero Data Retention. The free and Plus tiers are not appropriate
  • The honest answer for most 1-10 employee businesses: ChatGPT Business is the cheapest credible tier. If you're using ChatGPT Plus for work, you're probably not protecting your data the way you think you are

Data retention default

  • Free and Plus: Conversations retained indefinitely by default, until the user deletes them. Deleted conversations are removed from OpenAI's systems within 30 days (returned to standard practice after the New York Times v. OpenAI retention order ended on September 26, 2025)
  • Business: 30-day default for abuse monitoring; admins can configure retention
  • Enterprise: Configurable; minimum 90-day retention if a custom policy is set
  • API (standard): 30 days for abuse monitoring, then deleted
  • API (Zero Data Retention): Inputs and outputs are never logged or stored

Training opt-out

  • Free and Plus: Training is ON by default. To turn it off: Settings → Data Controls → "Improve the model for everyone" toggle. This is the most important setting most ChatGPT users have never changed.
  • Business, Enterprise, API: Training is OFF by default — contractually excluded. OpenAI does not train on business customer content from these tiers.

The opt-out for free/Plus is available but takes three clicks to find, and it's framed in marketing language ("help improve the model") rather than risk language ("OpenAI may use this for training"). Most SMB owner-operators don't know it's there.

Zero Data Retention (ZDR) availability

  • API only. Not available for ChatGPT consumer or Business tiers.
  • Available for qualifying enterprise customers, by request, for eligible API endpoints (not all endpoints support it — Web Search, for example, is excluded)
  • Process: contact OpenAI sales to enable on the API account. Not a self-serve toggle.

Plan tiers and pricing (as of early 2026)

TierPrice (USD)Training on your data?Suitable for
Free$0Yes, unless opted outPersonal experimentation only
Plus$20/monthYes, unless opted outPersonal use; not appropriate for client work without opt-out
Business (renamed from Team in August 2025)$25/user/month (annual) or $30/user/monthNo — contractually excludedSmall teams, 2-99 users
EnterpriseCustom (industry reports suggest $40-60/user/month)No — contractually excludedLarger organisations, regulated industries
APIPay-per-tokenNo, by defaultDevelopers building applications

Jurisdiction

  • Primary processor: OpenAI, OpenCorp Inc., 3180 18th Street, San Francisco, California, USA
  • Sub-processors include cloud infrastructure providers (Microsoft Azure is the primary). Full sub-processor list is published in OpenAI's Trust Portal
  • Data processed in the United States by default. Enterprise customers can negotiate data residency for specific regions, but it is not automatic.
  • For EU users, OpenAI's Irish entity (OpenAI Ireland Limited) acts as the data controller for the consumer service

Breach history (public incidents)

March 20, 2023 — Redis race condition (CVE-2023-28858, CVE-2023-28859) A bug in the redis-py open source library caused a nine-hour window in which some ChatGPT users could see the titles and first messages of other users' conversations. Approximately 1.2% of ChatGPT Plus subscribers active during that window had limited billing information exposed: names, email addresses, payment addresses, credit card type, and last four digits of credit card numbers. OpenAI shut down ChatGPT to investigate and notified affected users. Source: OpenAI postmortem; Help Net Security, 2023-03-27

March-April 2023 — Samsung semiconductor leaks Not a breach of OpenAI's systems, but the canonical SMB-relevant data leakage incident. Samsung engineers in the semiconductor division pasted (1) proprietary semiconductor database source code, (2) yield and defect measurement code for chip equipment, and (3) a transcript of a confidential internal meeting (which discussed unreleased semiconductor process technology) into ChatGPT across three separate incidents in under 20 days. Reported by The Economist (South Korea) on March 30, 2023. Samsung banned generative AI on company devices and networks in May 2023 and began developing its own internal AI tool. Source: Bloomberg; The Economist (Korea); incidentdatabase.ai #768

2023 — Group-IB credential theft report Cybersecurity firm Group-IB identified 101,134 stealer-infected devices that had saved ChatGPT credentials between June 2022 and May 2023. The credentials were sold on dark web marketplaces. This was not a breach of OpenAI's systems — it was infostealer malware on user devices harvesting credentials — but it surfaced the risk that ChatGPT logins are valuable to attackers because conversation history may contain sensitive business data. Source: Group-IB report, 2023

December 2023 — Training data extraction (research disclosure) Researchers from Google DeepMind, Cornell, and four other universities demonstrated that prompting ChatGPT to repeat certain words repeatedly could cause it to leak training data, including personally identifiable information. They extracted over 10,000 unique verbatim memorized training examples for approximately $200 of API spend. OpenAI patched the specific attack quickly. The broader research significance is that some training data is memorized and recoverable. Source: Nasr et al., "Scalable Extraction of Training Data from (Production) Language Models", 2023

December 2024 — Italian Garante €15M fine The Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) fined OpenAI €15 million for processing personal data without sufficient legal basis, failing to implement adequate age verification, and inadequate transparency in its 2023 training data collection. This was one of the largest regulatory actions taken against an AI provider to that date. Source: Garante decision, December 2024

November 9, 2025 — Mixpanel third-party breach Mixpanel, a third-party analytics provider that OpenAI used to track user interactions on its API platform (platform.openai.com), suffered an SMS phishing attack that compromised data across approximately 8,000 of Mixpanel's corporate customers — OpenAI among them. Limited analytics data was exported, including names, email addresses, approximate locations, and technical details about customer systems. No chat content, API requests, passwords, credentials, API keys, or payment details were exposed. OpenAI was notified on November 25, 2025, suspended Mixpanel use, and notified affected users. Affected: API users and a limited number of ChatGPT users who had submitted help center tickets or had been logged into platform.openai.com during the exposure window. Source: OpenAI incident page, 2025-11-27

Ongoing 2024-2025 — Malicious Chrome extensions Multiple investigations during 2024 and 2025 identified malicious Chrome extensions that scraped ChatGPT (and DeepSeek) conversation content from approximately 900,000 affected users. Not a breach of OpenAI — a browser ecosystem failure — but a reminder that conversation history visible in the browser is a high-value target. Source: Cyberpress; ongoing reporting

What this means in plain English for SMB owners

Three honest takeaways:

  1. If you use ChatGPT Plus for client work without changing the training setting, you are sending client information to OpenAI's training pipeline. It is not malicious. It is the default. The setting takes 30 seconds to change.
  1. The biggest risks are not OpenAI's systems being hacked — they are (a) employees pasting things they shouldn't paste, and (b) third-party tools in the supply chain. Samsung is the canonical example of the first. Mixpanel is the canonical example of the second.
  1. If you are using ChatGPT for anything that touches client data, regulated information, or proprietary work, you should be on Business or Enterprise, not Plus. $25/user/month is cheaper than one billable hour. The contractual no-training guarantee is what you are paying for.

Sources

  • OpenAI Enterprise Privacy page: https://openai.com/enterprise-privacy/ (verified 2026-05-22)
  • OpenAI Business Data Privacy: https://openai.com/business-data/ (verified 2026-05-22)
  • OpenAI response to NYT data demands: https://openai.com/index/response-to-nyt-data-demands/ (2025-09-26)
  • OpenAI Mixpanel incident disclosure: https://openai.com/index/mixpanel-incident/ (2025-11-27)
  • OpenAI Academy data governance and compliance resource (2025-08-29)
  • Help Net Security: "A bug revealed ChatGPT users' chat history…" (2023-03-27)
  • SecurityWeek: ChatGPT data breach confirmation (2023-03-28)
  • AI Incident Database, incident 768: Samsung Data Leak (incidentdatabase.ai/cite/768/)
  • Bloomberg: Samsung ChatGPT/Bard ban (May 2023)
  • Nasr et al., "Scalable Extraction of Training Data from (Production) Language Models" (2023)
  • Garante per la Protezione dei Dati Personali decision (December 2024)
  • Information Security Media Group: OpenAI suspends Mixpanel (2025-11-28)

Related on AI Leakage