Skip to content
Back to Blog

What Happens to Your Data When You Use ChatGPT?

·Metrovolo HQ

Where Does Your Data Actually Go?

When someone at your firm pastes a client document into ChatGPT, where does that data actually go? The answer matters more than most people realize — and for professional services firms handling sensitive client information, it is the difference between a productivity tool and a liability.

The short version: your data is sent to OpenAI's servers, processed by their models, stored in their systems, and depending on your account type and settings, potentially used to train future versions of their AI. Even the controls that exist to limit this are narrower than most users assume.

Here is what happens at each stage — and what it means for firms in law, finance, healthcare, and other regulated industries.

How ChatGPT Processes Your Data

When you type or paste something into ChatGPT, the following happens in sequence.

Your input — whether it is a question, a document, or a conversation thread — is transmitted over the internet to OpenAI's servers. It is processed by their AI models, which generate a response. The conversation, including both your inputs and the model's outputs, is stored in OpenAI's systems. And depending on your account type, that data may be used to improve future versions of OpenAI's models.

OpenAI does provide a setting on consumer accounts to opt out of having your conversations used for model training. But this opt-out is narrower than most users understand. When you toggle "don't train on my data," you are affecting one specific use of your data — training. The data still transits OpenAI's infrastructure. It is still processed on OpenAI's servers. And it is still stored in OpenAI's systems.

The toggle affects training, not storage or processing. For a professional services firm, this distinction is critical. Opting out of training does not mean your client data stays in your environment. It means OpenAI has agreed not to use it for one specific purpose while retaining it for others.

Data Retention and Storage

What OpenAI keeps, and for how long, matters for any firm with data security obligations.

Conversations with ChatGPT are stored on OpenAI's infrastructure. Users can delete conversations from their interface, but deletion from the user-facing product does not necessarily mean deletion from OpenAI's systems. Data may persist in backups, system logs, and internal records even after a user clicks "delete."

OpenAI's data retention policies govern how long they keep this information, and those policies can change. For a professional services firm, the practical implication is this: client information entered into ChatGPT could exist on OpenAI's infrastructure for an indeterminate period. It is outside your firm's control, subject to OpenAI's security practices — including any future breaches — and potentially accessible through legal process.

This is not an abstract risk. It is a direct consequence of how the system works. Every query, every pasted document, every conversation creates a record on infrastructure your firm does not control.

The Discovery and Subpoena Risk

For professional services firms, one of the most consequential risks of ChatGPT data storage is legal discoverability.

Federal courts have addressed whether conversations with AI tools are discoverable in litigation. The trajectory is clear: if your firm is involved in litigation and opposing counsel requests records of AI tool usage, courts can compel their production. ChatGPT conversations are not protected by any privilege simply because they involve an AI system.

For law firms, this creates a specific and acute risk. Attorney-client privilege protects confidential communications between attorney and client made for the purpose of legal advice. But privilege can be waived when confidential information is disclosed to a third party. When an attorney enters client information into ChatGPT — a tool operated by OpenAI — they are sharing that information with a third party. The privilege analysis becomes complicated at best, and adverse at worst. For a detailed examination of how this interacts with attorneys' ethical obligations, see our post on whether lawyers can use ChatGPT under ABA Rule 1.6.

For any professional services firm, the discoverability risk means that confidential client information processed through ChatGPT is potentially one subpoena away from disclosure to opposing parties, regulators, or other third parties.

What About Enterprise Plans?

This is the most common objection: "We use ChatGPT Enterprise" or "We use Microsoft Copilot." These enterprise products offer meaningful improvements — SOC 2 compliance, data processing opt-outs, encryption, admin controls, and contractual commitments about data handling.

But the architecture is fundamentally the same. Your data travels to the provider's infrastructure, is processed on the provider's servers, and is stored in the provider's environment. Enterprise features add controls around who can access your data on their servers. They do not change the fact that your data is on their servers.

For firms with regulatory obligations, this distinction often matters. HIPAA requires that healthcare practices maintain control over protected health information. ABA Rule 1.6 requires that law firms make reasonable efforts to prevent unauthorized disclosure of client information. SEC and FINRA regulations impose data handling requirements on financial advisory firms. In each case, the question is not whether the vendor has good security. It is whether your firm can demonstrate that client data was handled within an environment the firm controls.

Enterprise plans give you a stronger answer than consumer plans. But "on our vendor's enterprise platform" is still a fundamentally different answer than "within our own infrastructure."

What Professional Services Firms Should Do Instead

The alternative is not to avoid AI. The productivity gains are real and significant. Associates who can draft documents in minutes instead of hours. Analysts who can process financial data in seconds instead of days. Clinicians who can generate notes during a patient encounter instead of after. Firms that do not adopt AI will fall behind those that do.

The alternative is private AI: models running on infrastructure the firm controls, where data never leaves the firm's environment.

With private AI, the firm gets the same capabilities that make ChatGPT valuable — conversational AI, document analysis, research assistance, drafting, summarization — without sending client data to a third party. Every query is processed within the firm's security perimeter. Every document stays on the firm's infrastructure. Every conversation is logged in an audit trail the firm owns.

No data transiting third-party servers. No retention policies you do not control. No training contributions you cannot verify. No discoverability exposure from records stored on someone else's infrastructure.

The capabilities are the same. The data architecture is fundamentally different.

The Shadow AI Problem

Even if your firm has not officially adopted AI, your people are using it. This is the reality that firm leadership needs to confront directly.

Associates, analysts, advisors, agents, clinicians — they have discovered that ChatGPT makes them significantly more productive, and they are not going to stop. The associate who can draft a brief in 20 minutes instead of three hours will not go back to manual work because of a policy memo they read months ago. The analyst who can build a comp set in seconds will not pretend the tool does not exist.

This is shadow AI: unauthorized use of consumer AI tools with client data, happening on personal devices and consumer accounts, with no oversight, no audit trail, and full liability exposure for the firm.

A ban without an alternative does not eliminate AI use. It eliminates visibility. The firm still bears the risk — the difference is that now it cannot see, monitor, or control how client data is being processed.

The question for firm leadership is not whether AI is being used with client data. It is almost certainly already happening. The question is whether you know about it and whether you have given your team a safe alternative.

Moving Forward

Understanding where your data goes when you use ChatGPT is the first step. The data is sent to OpenAI's servers, processed by their models, stored in their systems, and subject to their policies and security posture. Enterprise plans add controls but do not change the fundamental architecture. And deletion from the user interface does not guarantee deletion from the underlying systems.

For professional services firms — where client confidentiality is not a preference but a regulatory and ethical obligation — this data flow creates exposure that policies alone cannot address.

Providing your team with a private alternative is the second step. Private AI gives your people the productivity gains they are already chasing, on infrastructure that keeps client data where it belongs: in your environment, under your control.

Learn how Metrovolo deploys private AI for professional services firms, or book a demo to see how it works for your team.

Ready to see private AI in action?

Book a Demo