Every time you open ChatGPT, Claude, or Gemini and type a message, you are handing that company a piece of your life. A medical question. A salary negotiation script. A message to a difficult family member. You get an answer, close the tab, and move on. But the data does not always move on with you.
Understanding what AI chatbots retain about you — and what they can infer — has become one of the more pressing digital literacy questions of the decade. This post covers how AI memory actually works, what has gone wrong in recent incidents, and what you can do about it.
What Does ChatGPT Actually Remember?
The short answer is: more than most users expect, but less than the term "memory" implies.
OpenAI's ChatGPT operates across two distinct layers. The first is context memory — the contents of your current conversation window. Everything you type in a session is held in the model's active context and used to generate responses. This is not stored permanently by default, but it is transmitted to OpenAI's servers with every message.
The second layer is persistent memory, a feature OpenAI began rolling out in 2024. When enabled, ChatGPT explicitly stores facts it learns about you — your name, your job, your preferences, even your health concerns — and recalls them across sessions. You can view and delete these memory entries, but most users never do.
Beyond those two layers, there is a third consideration: training data. OpenAI's terms of service historically allowed user conversations to be used for model training unless users opted out. The opt-out exists, but it requires deliberate action and was not surfaced prominently until privacy advocates raised alarms.
Other platforms behave similarly. Google's Gemini stores conversations by default. Anthropic's Claude does not currently offer persistent cross-session memory, but conversation data is retained for safety and abuse monitoring. The privacy policies across all major providers include provisions for human review of conversations in some circumstances.
How AI Memory and Context Work
To understand the risk, it helps to understand the mechanics.
A large language model like GPT-4 does not "remember" the way a human does. It does not have a persistent internal state that accumulates knowledge from your conversations. Instead, memory in AI systems is engineered through additional infrastructure layered on top of the model.
Context windows are the active working memory of a conversation. Modern models support context windows of 128,000 tokens or more — enough to hold the entirety of a long novel. Within a session, the model has access to everything you have typed. When you close the session, that context is discarded from the model's active state, but the conversation data may still be retained in server logs or databases depending on the provider's policies.
Retrieval-augmented memory is how persistent memory features work. When you start a new session, a retrieval system fetches relevant stored facts about you and injects them into the model's context. This is why ChatGPT can say "I remember you mentioned you're a freelance designer" — it pulled that from a stored record, not from the model itself.
Embeddings and semantic indexes add another dimension. Providers can convert your conversations into numerical vector representations and store them in vector databases. These embeddings can be used to surface relevant past content, even without exact keyword matches. They are difficult to audit or delete, and users typically have no visibility into them.
The net effect is that your conversations, even if you delete them from the chat interface, may persist in ways that are not exposed to you.
Recent AI Data Retention Incidents
The privacy concerns around AI memory are not theoretical. Several documented incidents illustrate what can go wrong.
In 2023, Samsung engineers inadvertently leaked proprietary chip design data by pasting confidential code into ChatGPT for debugging assistance. The data was transmitted to OpenAI's servers and could have been used for model training. Samsung responded by banning the use of generative AI tools on internal networks.
Also in 2023, OpenAI disclosed a bug that exposed ChatGPT users' conversation titles and, in some cases, the first message of active conversations to other users. The company described the incident as a Redis client library vulnerability. It was a narrow exposure, but it demonstrated that data believed to be private was accessible at the infrastructure level.
MIT Technology Review and other outlets have covered the broader structural tension at play: AI companies have a financial incentive to retain as much data as possible, both for model improvement and for understanding user behaviour, while users have a privacy interest in the opposite direction. The regulatory frameworks — GDPR in Europe, an emerging patchwork in the United States — have not yet resolved this tension.
More recently, the rollout of persistent memory features across major platforms has renewed scrutiny. Security researchers have demonstrated prompt injection attacks in which malicious content embedded in a document or webpage can trick a memory-enabled AI into storing false or harmful information about a user — or exfiltrating real information.
How to Protect Your Privacy from AI Memory
There are practical steps you can take today, even without switching to a privacy-first AI tool.
Audit and disable persistent memory. In ChatGPT, go to Settings > Personalization > Memory and review what has been stored. You can delete individual memories or turn the feature off entirely. Do this regularly.
Opt out of training data collection. Most major providers offer this option in privacy settings. It does not guarantee your data will never be used — historical conversations may already have been included in past training runs — but it limits future exposure.
Use temporary or incognito sessions. ChatGPT offers a temporary chat mode that does not save conversation history to your account. Similar options exist on other platforms. Use these modes when discussing sensitive topics.
Avoid pasting sensitive data directly. Names, addresses, account numbers, medical records, and business-confidential information should not be entered verbatim into a cloud AI. Paraphrase or anonymise where possible.
Read the privacy policy before trusting a feature. Memory, document upload, and browsing tools often have distinct data handling rules that differ from the base chat experience. The details matter.
These steps reduce risk but do not eliminate it. Every message you type still crosses the network to a third-party server. The fundamental architecture of cloud AI places your data outside your control.
The MyYaad Approach: Shadow Data That AI Forgets
MyYaad was built around a single constraint: your real data never leaves your device.
When you store a vault entry in MyYaad — your home address, your job title, your medical condition — that data stays encrypted on your local machine. When you use an AI chatbot with the MyYaad browser extension active, the extension intercepts your message before it is transmitted and replaces your real values with shadow values: plausible-looking substitutes that are cryptographically derived from your real data but carry no actual meaning to the AI or to anyone who intercepts the request.
The AI responds to the shadow. MyYaad translates the response back using your real data locally. The AI never saw your real information. The provider's servers never received it. There is nothing to retain, because there was nothing to transmit.
Different AI providers receive different shadow values for the same input, derived using provider-specific cryptographic salts. Even in a scenario where two providers compare their data, they cannot correlate your activity across them.
This is not a workaround or a setting toggle. It is a structural solution to a structural problem.
If you work with sensitive information and use AI regularly, download MyYaad and see how shadow data changes the calculus. You get the full capability of the AI tools you already use, without the data exposure that currently comes with them.