Is ChatGPT Confidential? What Attorneys Need to Know

The short answer: it depends on the product and your settings

Many attorneys assume that because ChatGPT is a paid product, their conversations are private. That assumption is not accurate for the default consumer tiers. OpenAI’s consumer product — both the free and Plus plans — uses conversation data to improve its models unless you actively opt out. The opt-out lives in Settings → Data Controls → “Improve the model for everyone”. It is off by default, meaning training is on.

The practical implication for attorneys: if you paste a client memo, a set of facts, or a draft complaint into consumer ChatGPT without disabling that setting, those inputs may be used to train future versions of the model. The information leaves your control in a way your client did not authorize.

What each ChatGPT tier actually does with your data

OpenAI offers several distinct products with different data handling policies. Understanding the differences matters before you choose which to use for client work:

• Free & ChatGPT Plus

  Trains on conversations by default. Opt-out available in Data Controls. Conversation history retained unless you manually delete it. Not appropriate for confidential client data unless the opt-out is confirmed active.

• ChatGPT Team

  Does not use workspace conversations to train models by default. Data is retained within the workspace. Intended for small businesses and professional teams. A meaningful step up from the consumer tier.

• ChatGPT Enterprise

  No training on your data. Includes admin controls, SSO, and a Data Processing Agreement (DPA). Designed for organizations with compliance requirements. More appropriate for firms handling sensitive client data at scale.

• OpenAI API

  Does not train on inputs by default. OpenAI retains API inputs and outputs for up to 30 days for abuse monitoring unless you have a zero data retention (ZDR) agreement. ZDR is available to eligible enterprise API customers. Review OpenAI’s API data usage policies for current terms.

Policy details can change. Before using any tier for client work, verify the current terms directly at openai.com/policies.

What “Temporary Chat” does — and does not do

Temporary Chat, available in consumer ChatGPT, prevents the conversation from appearing in your history and is not used for model training according to OpenAI’s current documentation. This makes it a marginal improvement over a standard conversation for privacy-conscious users.

However, Temporary Chat is not encryption. The conversation still travels through and is processed by OpenAI’s infrastructure. It does not give you the same guarantees as a product tier that contractually prohibits data retention. For attorneys evaluating whether a tool meets a “reasonable measures” standard under Rule 1.6, Temporary Chat alone is unlikely to be sufficient for sensitive client data.

Why this matters under Rule 1.6

ABA Model Rule 1.6 requires attorneys to make reasonable efforts to prevent the inadvertent disclosure of client information. What qualifies as “reasonable” is contextual and has been the subject of increasing bar opinion activity as AI tools have proliferated.

In July 2024, the ABA issued Formal Opinion 512, which addressed attorney duties when using generative AI. The opinion establishes that existing competence, confidentiality, and supervision duties apply when attorneys use AI — attorneys must understand how the tools they use handle data, and must take steps commensurate with the sensitivity of the information.

Pasting a client’s facts into consumer ChatGPT without reviewing the data settings, or without understanding the platform’s retention and training practices, creates a straightforward confidentiality exposure. Most bar ethics opinions that have addressed AI-tool use reach the same conclusion: the default consumer tier is not appropriate for client-specific information without additional safeguards.

Safer patterns for attorneys using AI

You do not have to avoid AI entirely. These practices significantly reduce your exposure:

1. Anonymize before you prompt. Replace client names, case numbers, dates, and identifying details with placeholders (Client A, Matter 001) before entering any facts into an AI tool. The AI’s answer will be as useful; the risk is dramatically lower.
2. Choose a no-training tier. If your practice requires regular AI use with real client documents, use ChatGPT Enterprise, the OpenAI API with a DPA, or an alternative such as Claude for Enterprise, which similarly does not train on customer data. Confirm the current data terms before committing.
3. Verify your settings. If you use the consumer ChatGPT tier, confirm the “Improve the model” toggle is off in your account settings. Settings can reset after account changes or product updates — check periodically.
4. Document your choices. Maintain a simple internal policy that identifies which AI tools you use, under which terms, and for which categories of work. This provides evidence of reasonable measures if your practices are ever reviewed.
5. Get a technical audit. If you are unsure whether your current AI workflow creates Rule 1.6 exposure, a CyberFrad audit maps your tools against current data practices and identifies specific risks.

The bottom line

Consumer ChatGPT is not confidential by default. The opt-out exists, but relying on a setting you may not have confirmed is not a reasonable confidentiality practice for client data. Enterprise and API tiers provide meaningfully stronger protections, but they require deliberate selection and — for the most sensitive work — a data processing agreement.

The practical standard under Rule 1.6 is “reasonable efforts,” not perfection. But “reasonable” requires you to actually understand how the tool handles your data. If you are unsure whether your current AI use meets that standard, we can help you find out.

Frequently asked questions