Your ChatGPT logs are evidence. Keep data off shared AI.
A court fight over 78M ChatGPT conversations shows AI prompts are retained and discoverable. What operators should route off shared endpoints — and where.
The New York Times just asked a federal judge to sanction OpenAI, and buried in the filing is a number every business piping data into ChatGPT should sit with: 78 million. That's how many de-identified ChatGPT conversations OpenAI had allegedly assembled into an internal database — the kind of retention most users assume doesn't happen. Your prompts don't evaporate when you close the tab. They're stored, searched, and — when a lawsuit lands — discoverable.
What actually happened
Per TechCrunch, the Times and The New York Daily News filed a sanctions motion on July 9, 2026, alleging OpenAI withheld and destroyed evidence in the copyright suit over ChatGPT training on their journalism. The details surfaced in an April court-ordered deposition of OpenAI privacy engineer Vinnie Monaco: OpenAI had built a database of roughly 78 million de-identified conversations to internally gauge how much it was infringing — despite earlier claims it couldn't search its own corpus.
The plaintiffs originally asked for 120 million chat logs, negotiated down to 20 million, and say the sample came back so heavily redacted the court called it "unusable." They further allege OpenAI deleted billions of ChatGPT outputs after a preservation order. OpenAI denies wrongdoing; spokesperson Drew Pusateri said the Times is trying to "invade the privacy of people who have nothing to do with this case" (Al Jazeera). These are allegations a judge still has to rule on.
Why it matters for your business
Set aside who wins. The mechanism is the point: anything your team types into a shared consumer endpoint becomes data the vendor holds, retains, and may be compelled to produce — sometimes in a fight you're not even party to. Customer PII, signed contracts, unreleased pricing, health or financial records — if it went through a shared ChatGPT account, assume a copy lives somewhere you don't control.
The fix isn't banning AI. It's routing sensitive work through endpoints with real data terms: enterprise or API tiers with zero-retention and no-training commitments in writing, or self-hosted and open-weight models where the logs sit on your own infrastructure. The convenience of pasting a customer list into a chatbot is exactly the convenience that turns your operating data into someone else's evidence locker. Know what leaves your walls, and put a boundary where it counts.
Key takeaways
- NYT and NY Daily News asked a court to sanction OpenAI on July 9, alleging withheld and destroyed evidence
- A deposition surfaced a database of ~78M de-identified ChatGPT conversations OpenAI assembled internally
- Prompts sent to a shared consumer endpoint are retained and can become discoverable — even in a suit you're not part of
- Route sensitive work to zero-retention enterprise tiers or self-hosted models; keep regulated data off shared accounts
Not sure what your AI tools are keeping? We design AI stacks with data boundaries you control — zero-retention endpoints, self-hosted open-weight models, and scoped logging that lives on your infrastructure. See what we build or book a data-boundary review.
Sources: TechCrunch, Al Jazeera.
- #openai
- #data-governance
- #ai-privacy
- #chatgpt
- #compliance
Tommy Rush — Founder, Rush Commerce
Operator turned builder. 15+ years running operations — now shipping the systems businesses run on. More
Get The Rush Report weekly — one email, zero fluff.
Keep reading
PeopleSoft zero-day CVE-2026-35273: the attack came first
A CVSS 9.8 PeopleSoft flaw was exploited two weeks before Oracle's patch existed. When the exploit predates the fix, patch cadence alone won't save you.
Read itA $2B fund is buying accounting firms to rewire them with AI
Thrive Holdings raised ~$2B, backed by OpenAI, to roll up accounting and IT services firms and install AI in their workflows. What it means if you run a small services business.
Read it