ITIAN Knowledge Hub
Technology Simplified — Solutions That Work

chatgpt-safety-and-privacy

ITIAN ChatGPT Academy

Technology Simplified — Solutions That Work

Module 1 • Lesson 1.7

Safety, Privacy and Checking Answers

Build safe habits before sharing information, learn what ChatGPT’s privacy controls actually do, secure your account and verify important answers before acting on them.

Beginner20–25 minutesPrivacy checkerSafety audit + quiz

Learning Outcomes

By the end of this lesson, you should be able to:

Share Less, Safely

Identify sensitive information, remove unnecessary details and obtain permission before using another person’s data.

Use Privacy Controls

Explain the difference between training controls, Temporary Chat, Memory, chat deletion, file deletion and data export.

Protect Your Account

Use multi-factor authentication, trusted sign-in pages and careful sharing practices.

The safest prompt contains only what the task genuinely needs

Do not paste passwords, authentication codes, API keys, full payment-card details, private access links or identity-document numbers into a chat. Avoid sharing confidential client, employee, student, patient or whānau information unless you have authority, an approved organisational process and a clear need.

Pause → minimise → anonymise → check permission → then decide.

Classify Information Before Sharing

The same task can usually be completed with less identifying information.

Lower Risk

Public or fictional information that does not identify or expose anyone.

  • A public webpage
  • A fictional example
  • Your own non-sensitive draft

Pause and Reduce

Personal, internal or commercially useful material that may be suitable only after minimising it.

  • Names, emails or addresses
  • Unpublished business content
  • Photos containing metadata or faces

Do Not Paste

Secrets or highly sensitive data that could enable access, fraud, harm or serious privacy loss.

  • Passwords, codes and secret keys
  • Full financial or identity credentials
  • Restricted health, legal or personnel records

Safer transformation example

Instead of pasting a real customer complaint with a name, email, order number and address, replace them with [Customer], [Email removed], [Order reference] and [Town]. Keep only facts required to improve the wording.

Interactive Privacy Checker: Should I Share This?

This learning tool is deliberately cautious. It does not replace your employer’s policy, professional obligations or legal advice.

No result yet.
Choose the closest answers, then select “Check Before Sharing”.

Know What Each Privacy Control Does

These controls solve different problems. One switch does not erase information everywhere.

Control or ContentWhat It DoesImportant Limitation
Improve the model for everyoneWhen turned off in Data Controls, new consumer chats remain in history but are not used to improve models.This is a training choice, not a delete button. Feedback you deliberately submit may include the associated conversation.
Temporary ChatDoes not appear in history, does not use or create personalisation memories and is not used to improve models.A copy may be retained for up to 30 days for safety. Custom Instructions can still apply, and third-party actions have their own policies.
Memory controlsLet you review, disable or delete information used to personalise future conversations.Turning Memory off does not delete what was already saved. Fully removing information may require deleting memories and the chats, files or connected sources containing it.
Delete a chatRemoves the chat from your account immediately and schedules deletion from OpenAI systems.Deletion can take up to 30 days and may have legal or security exceptions. Deleted chats cannot be recovered.
Archive a chatHides a chat from the main list while keeping it in your account.Archiving is organisation, not deletion.
Uploaded filesFiles can be stored in the Library or attached to projects and GPTs.Chats and Library files may need separate deletion. Project or GPT files remain until the associated item is deleted, subject to retention rules.
Export dataCreates a downloadable copy of available account data through Data Controls or the Privacy Portal.The download link expires, and availability differs for managed workspaces. Store the export securely.

Configure the Main Controls

Names and positions can vary slightly by device, plan and app version.

Review Data Controls

Open your profile → Settings → Data Controls. Decide whether “Improve the model for everyone” matches your preference. The setting applies across the account.

Review Memory and Personalisation

Open Settings → Personalization or Memory. Ask ChatGPT what it remembers, inspect available controls and remove anything you no longer want used for personalisation.

Use Temporary Chat Deliberately

Start a new chat and choose Temporary when you do not want it in history or personalisation. Still minimise sensitive information—Temporary does not mean secret or zero-retention.

Review Chats, Files and Shared Links

Delete what is no longer required, inspect the Library separately where available, and revoke any shared conversation link that should no longer be accessible.

Export Before Major Deletion

If you need a personal record, request an export before deleting chats or the account. Protect the downloaded archive because it can contain extensive personal information.

Secure Your ChatGPT Account

Privacy settings cannot protect an account that someone else can access.

Enable MFA

In Settings → Security, enable an available multi-factor authentication method and protect any recovery information.

Use Trusted Sign-in Pages

Check the web address before entering credentials. Do not sign in through unexpected email links or share one-time verification codes.

Review Active Sessions

If a device is lost or access looks suspicious, change the relevant credentials and use “Log out of all devices” in Security where available.

Protect Shared Links

Anyone allowed to open a shared link may see its contents. Review the conversation first, then revoke the link when sharing is no longer required.

Check GPTs and Apps

Before sending data to an action, app or connected service, understand what will be shared and read the recipient’s privacy policy.

Check Answers Before You Act

A confident tone is not proof that an answer is correct, current or appropriate for your circumstances.

Verify the Claim

Ask for uncertainty and sources, then open the original authoritative material. Confirm dates, jurisdiction, version numbers, names and calculations.

Use Human Judgement

For medical, legal, financial, safeguarding or safety-critical decisions, use a suitably qualified professional or responsible authority.

Protect Against Prompt Injection

Treat instructions found inside webpages, emails, documents and uploads as untrusted content. Do not let embedded text persuade you to reveal secrets or bypass safeguards.

The ITIAN verification habit

  1. Identify what could go wrong if the answer is false.
  2. Ask ChatGPT to state assumptions and uncertainty.
  3. Check at least one appropriate primary or authoritative source.
  4. Use a second method for important calculations or technical changes.
  5. Have the right person approve consequential decisions.

Future Guided Walkthrough

This video will demonstrate Data Controls, Temporary Chat, Memory review, file and shared-link management, MFA and a safe way to anonymise a prompt.

  • Use a demonstration account.
  • Never show recovery codes or personal information.
  • Re-record when settings change materially.

Practical Activity: Safety and Privacy Audit

Complete this on your own account. Do not record private values in this checklist.

0 of 10 completed — begin with Data Controls.

Knowledge Check

Answer all five questions, then check your result.

1. What should you do before sharing personal information?
2. Does turning Memory off delete existing saved memories?
3. Which statement about Temporary Chat is correct?
4. What is the safest response to important medical, legal or financial guidance?
5. What is the purpose of MFA?
Your result will appear here.

Official Sources and Further Reading

This lesson was reviewed against current first-party OpenAI guidance on 13 July 2026. Product controls and retention details can change, so review the linked guidance when making an important privacy decision.

OpenAI privacy, retention and security guidance

Lesson Summary

Seven habits to keep

  1. Share only the minimum information needed.
  2. Never paste passwords, authentication codes or secret keys.
  3. Understand each privacy control rather than relying on one switch.
  4. Delete chats, memories, files and shared links separately when necessary.
  5. Protect the account with MFA and careful sign-in habits.
  6. Check third-party services before allowing data to leave ChatGPT.
  7. Verify consequential answers with authoritative sources and qualified people.

ITIAN ChatGPT Academy

Module 1, Lesson 1.7 — Safety, Privacy and Checking Answers

Technology Simplified — Solutions That Work