According to Tom’s Guide, a US judge has ordered OpenAI to hand over 20 million “de-identified” ChatGPT logs as part of an ongoing AI copyright lawsuit. The initial demand was for a staggering 120 million logs, showcasing the sheer volume of data collected. OpenAI’s own policies state chats are saved to your account until manually deleted, and even “deleted” chats are retained for 30 days—or longer for legal reasons. In a previous case with The New York Times, OpenAI was even forced to retain “consumer ChatGPT content indefinitely” until September 2025. Security expert Dr. Ilia Kolochenko warns this proves your AI interactions could be produced in court, potentially triggering investigations.
The Logging Reality Check
Here’s the thing: the core issue isn’t just how well these 20 million logs are de-identified. It’s that they exist at all. We’re talking about a mountain of conversational data, linked to accounts, that a company is compelled to surrender. OpenAI‘s privacy policy is a masterclass in legalese, stating it keeps your info as long as needed and can share it with affiliates. Their chat retention policy has more loopholes than a block of Swiss cheese, with exceptions for “security or legal obligations.” So much for that 30-day automatic deletion promise. When push comes to shove, your prompts are evidence.
The VPN Contrast
Now, compare this to the VPN industry, which faces court orders all the time. The best services operate on verified no-logs policies. That means they don’t collect the data that could identify you or your activity in the first place. When Greek authorities demanded user data from Windscribe in April 2025, the company had nothing to give, and the case collapsed. Providers like Private Internet Access have had their no-logs stance proven in court twice. Their transparency reports show law enforcement requests, followed by a big, fat zero in data handed over. With AI chatbots, that number is 20 million and counting. The difference couldn’t be starker.
What Can You Actually Do?
So what’s the solution? The article bluntly says the easiest fix is to just not use these cloud LLMs. But let’s be real—that’s impossible for most professionals now. The practical advice is shifting to local AI. Tools like Proton’s Lumo or Opera’s local AI features process everything on your device; your chats are never sent to a server. The trade-off? They’re often less powerful and need more maintenance. And you still have to be careful about what you type. Basically, treat every AI chat window like it’s being read aloud in a courtroom. Because it might be.
A Broader Trend of Exposure
This case, detailed in court documents, isn’t an anomaly. It’s a precedent. AI companies are data brokers in all but name, and their treasure troves are becoming legal targets. OpenAI argued in its response to the NYT that trust is core to its product. But actions speak louder. When a system is designed to log by default, “trust” is just a word in a privacy policy. As these models embed deeper into everything, from customer service to content creation, we’re going to see more of these massive data disclosures. Your words, used to train a model one day, could be Exhibit A the next. Think about that before you ask ChatGPT for anything truly sensitive.
