Direct answer
Is ChatGPT safe for confidential or business data?
What actually happens to your prompts, what changes on the enterprise tier, where the real risk lives, and what regulated organisations should use instead.
In short
Short answer: ChatGPT is acceptable for low-sensitivity content on the consumer tiers (Free, Plus, Pro), and meaningfully safer (no training reuse, contractual data handling) on ChatGPT Team, ChatGPT Enterprise, or the OpenAI API with a Data Processing Addendum in place. It is still not safe for genuinely confidential, regulated, or competitively sensitive data, because the data leaves your perimeter, sits with a US provider under the CLOUD Act, and you do not control the model. For that data, use an in-perimeter model you own.
What ChatGPT actually does with your prompts
On the consumer tiers (Free, Plus, Pro), OpenAI's own documentation states that conversations are used to improve their models by default, unless you turn this off in Settings → Data Controls → "Improve the model for everyone", or use Temporary Chat (which is not used for training and is deleted after 30 days). Inputs are also retained for a period for abuse monitoring. That is the source of the well-known incidents, most famously Samsung in 2023, where employees pasted confidential code into ChatGPT and the firm banned the tool internally.
On ChatGPT Enterprise, ChatGPT Team, and the OpenAI API, OpenAI commits in writing that customer data is not used to train their models by default, SSO/SAML and admin controls are available, and data is retained under a Data Processing Addendum. This is a real, contractual change in posture, and the right baseline for any business use.
Where the real risk still lives, even on Enterprise
- Your data still leaves your perimeter: Every prompt and document is transmitted to OpenAI's infrastructure. The contractual promise is good; the structural exposure is unchanged.
- US jurisdiction applies: OpenAI is a US company. Under the US CLOUD Act, US authorities can compel disclosure of data US providers control, regardless of where it is stored.
- Sub-processors: OpenAI uses Microsoft Azure as a sub-processor. Your data passes through parties you did not directly contract with.
- You do not own the model: The model can change or be deprecated under you. Behaviour that passed your evaluation last quarter may not pass this quarter.
- Prompt logging and human review: Even with training disabled, prompts can be retained for abuse monitoring (typically 30 days) and reviewed by humans in defined circumstances.
What "confidential" really covers
The honest test is not "would I email this externally?" but "would I be comfortable if this appeared in a regulator's request or a discovery process tomorrow?". For most regulated organisations, the following categories should not be pasted into a hosted general-purpose LLM, even an enterprise one:
- Personal data at scale: GDPR special-category data, customer records, employee files, anything where you are the data controller for someone else.
- Client-privileged material: Legal advice, M&A drafts, regulatory submissions, audit working papers.
- Source code touching core IP: Algorithms, model weights, security-relevant code, anything that is competitive advantage.
- Patient and clinical data: Even de-identified clinical data carries re-identification risk.
- Government and defence material: Anything classified or covered by export controls.
GDPR exposure in plain English
Under the UK and EU GDPR, sending personal data to ChatGPT makes OpenAI a processor and triggers transfer obligations because the data leaves the UK/EU. Italy's Garante temporarily banned ChatGPT in 2023 over data-protection concerns, and OpenAI has since added DPAs, EU data residency options, and stronger controls. These help, but they do not eliminate two facts: the data still leaves your environment, and you are still accountable as the controller for what happens to it.
The ICO's guidance is straightforward: you must document the basis for processing, ensure proportionality, and assess transfer risk. Pasting personal data into a general-purpose LLM without that work is the unsafe path, regardless of which tier you are on.
When ChatGPT is fine, and when it is not
- Fine: Public-information research, drafting non-sensitive content, ideation, code that touches no IP or secrets, learning and training.
- Acceptable with care: Internal documents on ChatGPT Enterprise/Team with training disabled, SSO enforced, retention configured, and clear staff policy, for non-regulated material.
- Not safe: Regulated personal data, privileged legal material, core IP, clinical or government-sensitive content, anything you would not want subject to a foreign legal compulsion.
What to use for confidential data instead
For confidential, regulated, or competitively sensitive data, the answer is not "use ChatGPT more carefully", it is "do not send the data to a third party at all". An owned model deployed inside your perimeter, on-prem, in your private cloud tenant, or air-gapped, removes the structural risk. Your prompts never leave, no foreign provider can be compelled, and you control the model lifecycle.
Locai Labs builds exactly this: a domain-trained model you own, deployed inside your perimeter (Locai One on-prem, your private cloud, or a UK sovereign cloud), under UK jurisdiction and built to fit GDPR and regulated-procurement standards. For most regulated organisations the practical pattern is straightforward: ChatGPT Enterprise for general productivity, an owned Locai model for everything sensitive, and the principle holds, a smaller expert model built on your data routinely outperforms a much larger generalist on the work you actually care about.
ChatGPT (consumer) vs ChatGPT Enterprise vs an owned in-perimeter model
| Owned in-perimeter model | ChatGPT Enterprise | ChatGPT (consumer) | |
|---|---|---|---|
| Data leaves your perimeter | No | Yes (to OpenAI/Azure) | Yes (to OpenAI/Azure) |
| Trained on your prompts | No | No (contractual) | Yes, unless you opt out |
| Subject to the US CLOUD Act | No | Yes | Yes |
| You own the model | Yes | No | No |
| Air-gap option | Yes | No | No |
| Trained on your domain | Yes (post-trained) | No (RAG only) | No |
| AI Act documentation | You hold it | Vendor-dependent | Vendor-dependent |
| Fit for confidential data | Yes | Conditional | No |
What this looks like with Locai
If the architecture above is the bar your enterprise has to clear, owning the model is what makes it achievable in practice.
Locai Labs believes organisations should own their intelligence. Renting access to a general-purpose model that lives on someone else's servers is fine for low-stakes work; for the AI that touches your data, your customers and your decisions, the model itself should be yours. That is the bet behind everything we build.
It is also a bet that an expert model beats a generalist on the work that actually matters to your business. A smaller model trained on your data, your language, your workflows and your edge cases routinely outperforms much larger generalists on the tasks you care about, and it does so on infrastructure you control. The goal is not the biggest model; the goal is the right model for your business.
And it is deployed sovereignly: an owned model that runs inside your perimeter, on-prem via Locai One, in your private cloud tenant, in a UK sovereign cloud, or fully air-gapped, depending on your residency and security requirements. Your prompts, your documents and your outputs stay inside your environment, under UK jurisdiction, with a data path designed to fit GDPR and the procurement standards regulated organisations are held to.
Frequently asked questions
Is it safe to put confidential information into ChatGPT?
No, not into the consumer tier and not unconditionally even on Enterprise. The data leaves your perimeter and sits with a US provider under the CLOUD Act. For genuinely confidential data, use an owned model deployed inside your perimeter.
Does ChatGPT train on my prompts?
On the consumer tiers (Free, Plus, Pro), yes by default, unless you turn it off in Settings → Data Controls or use Temporary Chat. On ChatGPT Team, ChatGPT Enterprise, and the OpenAI API, OpenAI commits contractually not to train on your data by default.
Is ChatGPT Enterprise GDPR-compliant?
It can be used in a GDPR-compliant way with a DPA, EU data residency, training opt-out, and proper internal policy, but you remain the controller. For special-category or high-risk data, an in-perimeter model is the safer architecture.
What about the Samsung leak?
In 2023 Samsung employees pasted source code into the consumer ChatGPT; the data was transmitted to OpenAI and Samsung banned the tool internally. The incident is widely cited as the canonical example of why consumer ChatGPT is unsafe for business data.
Can the US government access my ChatGPT data?
Under the US CLOUD Act, US authorities can compel US providers (including OpenAI and its sub-processor Microsoft Azure) to disclose data they control, regardless of storage location. UK or EU residency does not by itself prevent this.
What should we use for confidential data instead?
An owned model deployed inside your perimeter, on-prem, in your private cloud tenant, or air-gapped, so the data never leaves and no foreign provider can be compelled. That is what Locai Labs builds.
Sources
- OpenAI Enterprise Privacy Commitments — OpenAI
- How your data is used to improve model performance — OpenAI
- Samsung bans staff's AI use after spotting ChatGPT data leak — Bloomberg
- Italian Garante temporarily limits ChatGPT — Garante per la Protezione dei Dati Personali
- ICO guidance on AI and data protection — ICO (UK)
- Clarifying Lawful Overseas Use of Data (CLOUD) Act — US Department of Justice
Book a sovereign AI briefing
A 30-minute session on owning your model: deployment options, the data path, and a clear cost range for your use case.