ChatGPT privacy concerns spark Reddit debate

This is less a "ChatGPT breach" than a predictable exposure-risk problem: once someone pastes a private message into a consumer chatbot, the vendor becomes part of the data path.

• –OpenAI says consumer ChatGPT content may be used to improve model performance depending on settings, while business products default to no training; cleared chats are deleted within 30 days (https://help.openai.com/en/articles/7039943-data-usage-, https://openai.com/business-data/).
• –OpenAI also says a limited number of authorized staff or trusted providers can access content for abuse review, support, legal, or model-improvement reasons, so "private" does not mean "unseen" (https://help.openai.com/en/articles/7039943-data-usage-).
• –Anthropic's consumer Claude policy is similar: model-improvement is opt-in, deleted chats leave history immediately and backend storage within 30 days, and zero data retention is limited to eligible commercial API use (https://privacy.claude.com/en/articles/10023548-how-long-do-you-store-my-data, https://privacy.claude.com/en/articles/8956058-i-have-a-zero-data-retention-agreement-with-anthropic-what-products-does-it-apply-to).
• –That means the practical guardrail is product segmentation and user education, not a perfect automated filter that can detect every third-party sensitive disclosure.
• –For developers, the takeaway is simple: treat consumer chatbots like semi-public processing systems and route medical, legal, or HR text through enterprise or zero-retention products instead.