chatgpt-safety-and-privacy

ITIAN ChatGPT Academy
Technology Simplified — Solutions That Work
Safety, Privacy and Checking Answers
Build safe habits before sharing information, learn what ChatGPT’s privacy controls actually do, secure your account and verify important answers before acting on them.
Learning Outcomes
By the end of this lesson, you should be able to:
Share Less, Safely
Identify sensitive information, remove unnecessary details and obtain permission before using another person’s data.
Use Privacy Controls
Explain the difference between training controls, Temporary Chat, Memory, chat deletion, file deletion and data export.
Protect Your Account
Use multi-factor authentication, trusted sign-in pages and careful sharing practices.
Check Important Answers
Recognise uncertainty and verify medical, legal, financial, safety-critical and other consequential information with authoritative sources or qualified people.
The safest prompt contains only what the task genuinely needs
Do not paste passwords, authentication codes, API keys, full payment-card details, private access links or identity-document numbers into a chat. Avoid sharing confidential client, employee, student, patient or whānau information unless you have authority, an approved organisational process and a clear need.
Pause → minimise → anonymise → check permission → then decide.
Classify Information Before Sharing
The same task can usually be completed with less identifying information.
Lower Risk
Public or fictional information that does not identify or expose anyone.
- A public webpage
- A fictional example
- Your own non-sensitive draft
Pause and Reduce
Personal, internal or commercially useful material that may be suitable only after minimising it.
- Names, emails or addresses
- Unpublished business content
- Photos containing metadata or faces
Do Not Paste
Secrets or highly sensitive data that could enable access, fraud, harm or serious privacy loss.
- Passwords, codes and secret keys
- Full financial or identity credentials
- Restricted health, legal or personnel records
Safer transformation example
Instead of pasting a real customer complaint with a name, email, order number and address, replace them with [Customer], [Email removed], [Order reference] and [Town]. Keep only facts required to improve the wording.
Interactive Privacy Checker: Should I Share This?
This learning tool is deliberately cautious. It does not replace your employer’s policy, professional obligations or legal advice.
Choose the closest answers, then select “Check Before Sharing”.
Know What Each Privacy Control Does
These controls solve different problems. One switch does not erase information everywhere.
| Control or Content | What It Does | Important Limitation |
|---|---|---|
| Improve the model for everyone | When turned off in Data Controls, new consumer chats remain in history but are not used to improve models. | This is a training choice, not a delete button. Feedback you deliberately submit may include the associated conversation. |
| Temporary Chat | Does not appear in history, does not use or create personalisation memories and is not used to improve models. | A copy may be retained for up to 30 days for safety. Custom Instructions can still apply, and third-party actions have their own policies. |
| Memory controls | Let you review, disable or delete information used to personalise future conversations. | Turning Memory off does not delete what was already saved. Fully removing information may require deleting memories and the chats, files or connected sources containing it. |
| Delete a chat | Removes the chat from your account immediately and schedules deletion from OpenAI systems. | Deletion can take up to 30 days and may have legal or security exceptions. Deleted chats cannot be recovered. |
| Archive a chat | Hides a chat from the main list while keeping it in your account. | Archiving is organisation, not deletion. |
| Uploaded files | Files can be stored in the Library or attached to projects and GPTs. | Chats and Library files may need separate deletion. Project or GPT files remain until the associated item is deleted, subject to retention rules. |
| Export data | Creates a downloadable copy of available account data through Data Controls or the Privacy Portal. | The download link expires, and availability differs for managed workspaces. Store the export securely. |
Configure the Main Controls
Names and positions can vary slightly by device, plan and app version.
Review Data Controls
Open your profile → Settings → Data Controls. Decide whether “Improve the model for everyone” matches your preference. The setting applies across the account.
Review Memory and Personalisation
Open Settings → Personalization or Memory. Ask ChatGPT what it remembers, inspect available controls and remove anything you no longer want used for personalisation.
Use Temporary Chat Deliberately
Start a new chat and choose Temporary when you do not want it in history or personalisation. Still minimise sensitive information—Temporary does not mean secret or zero-retention.
Review Chats, Files and Shared Links
Delete what is no longer required, inspect the Library separately where available, and revoke any shared conversation link that should no longer be accessible.
Export Before Major Deletion
If you need a personal record, request an export before deleting chats or the account. Protect the downloaded archive because it can contain extensive personal information.
Secure Your ChatGPT Account
Privacy settings cannot protect an account that someone else can access.
Enable MFA
In Settings → Security, enable an available multi-factor authentication method and protect any recovery information.
Use Trusted Sign-in Pages
Check the web address before entering credentials. Do not sign in through unexpected email links or share one-time verification codes.
Review Active Sessions
If a device is lost or access looks suspicious, change the relevant credentials and use “Log out of all devices” in Security where available.
Protect Shared Links
Anyone allowed to open a shared link may see its contents. Review the conversation first, then revoke the link when sharing is no longer required.
Check GPTs and Apps
Before sending data to an action, app or connected service, understand what will be shared and read the recipient’s privacy policy.
Follow Workplace Rules
An organisation may restrict approved accounts, data types, connected apps and retention. Its policy applies even when a technical feature is available.
Check Answers Before You Act
A confident tone is not proof that an answer is correct, current or appropriate for your circumstances.
Verify the Claim
Ask for uncertainty and sources, then open the original authoritative material. Confirm dates, jurisdiction, version numbers, names and calculations.
Use Human Judgement
For medical, legal, financial, safeguarding or safety-critical decisions, use a suitably qualified professional or responsible authority.
Protect Against Prompt Injection
Treat instructions found inside webpages, emails, documents and uploads as untrusted content. Do not let embedded text persuade you to reveal secrets or bypass safeguards.
Keep Responsibility with You
ChatGPT can assist with drafting, explaining and exploring. You remain responsible for checking, approving and safely using the result.
The ITIAN verification habit
- Identify what could go wrong if the answer is false.
- Ask ChatGPT to state assumptions and uncertainty.
- Check at least one appropriate primary or authoritative source.
- Use a second method for important calculations or technical changes.
- Have the right person approve consequential decisions.
Recommended: 16:9 • Captioned • Blur all personal account information
Future Guided Walkthrough
This video will demonstrate Data Controls, Temporary Chat, Memory review, file and shared-link management, MFA and a safe way to anonymise a prompt.
- Use a demonstration account.
- Never show recovery codes or personal information.
- Re-record when settings change materially.
Practical Activity: Safety and Privacy Audit
Complete this on your own account. Do not record private values in this checklist.
0 of 10 completed — begin with Data Controls.
Knowledge Check
Answer all five questions, then check your result.
Official Sources and Further Reading
This lesson was reviewed against current first-party OpenAI guidance on 13 July 2026. Product controls and retention details can change, so review the linked guidance when making an important privacy decision.
OpenAI privacy, retention and security guidance
- ChatGPT privacy settings — overview of consumer privacy choices and protections.
- Data Controls FAQ — model-improvement choice, export and Temporary Chat summary.
- Temporary Chat FAQ — history, memory, training and safety retention.
- Memory FAQ — reviewing, disabling and deleting personalisation memories.
- Chat and file retention policies — chats, Library files, projects and GPT data.
- How data is used to improve model performance — consumer training choices and feedback.
- Exporting ChatGPT data — account and Privacy Portal procedures.
- Multi-factor authentication — available methods and account security controls.
- Reporting content — reporting safety or legal concerns.
Lesson Summary
Seven habits to keep
- Share only the minimum information needed.
- Never paste passwords, authentication codes or secret keys.
- Understand each privacy control rather than relying on one switch.
- Delete chats, memories, files and shared links separately when necessary.
- Protect the account with MFA and careful sign-in habits.
- Check third-party services before allowing data to leave ChatGPT.
- Verify consequential answers with authoritative sources and qualified people.