ChatGPT's New Privacy Policy: What the Ads Update Means for Your Data

If you use ChatGPT, you probably got an email recently from OpenAI with the subject line "Updates to OpenAI's Privacy Policy." It's written in that familiar corporate reassurance tone: more transparency, more control, here's what's changing. The kind of email most people skim and archive.

Worth reading this one more carefully.

Buried between a new "find friends" feature and some boilerplate about teen safety, the email confirms that ads are now part of ChatGPT. OpenAI began testing advertisements on February 9, 2026, showing them to free and Go-tier users in the U.S. The ads appear at the bottom of responses, clearly labeled as sponsored. Paid subscribers on Plus, Pro, Business, Enterprise, and Education plans won't see them.

That's the surface story. The deeper one is about what happens to your conversations when the company hosting them has a financial incentive to analyze their contents.

What the Privacy Policy Actually Says

OpenAI's email emphasizes what advertisers don't get. Advertisers don't see your chats, your chat history, your memories, your name, your email, or your precise location. They receive only aggregate performance data like total views and clicks. The email reads like a series of guardrails.

Here's what the email doesn't emphasize: OpenAI's own systems now process your conversation content to decide which ads to show you. According to OpenAI's ad testing announcement, the company matches ads to "the topic of your conversation, your past chats, and past interactions with ads." If you have ChatGPT's memory feature turned on, those memories can also inform ad selection.

The distinction matters. "Advertisers don't see your conversations" and "your conversations aren't being used commercially" are two very different statements. The first is true. The second is no longer accurate.

And ad personalization is turned on by default. If you haven't gone into Settings and toggled it off, your past conversations and memories are already informing the ad-targeting system. Turning it off limits targeting to the current conversation only, which still means your active chat is being analyzed for ad relevance.

The Economics Behind the Shift

To understand why this is happening now, look at the numbers.

ChatGPT has roughly 800 million weekly active users. Only about 20 million subscribe to paid plans, a conversion rate below 3%. OpenAI is spending aggressively on infrastructure and preparing for an IPO, reportedly planned for Q4 2026. Internal projections estimate advertising could generate $1 billion in 2026 alone, potentially reaching $25 billion by 2029.

This context is worth sitting with. Less than two years ago, Sam Altman described advertising as "a last resort" for OpenAI's business model and admitted that "ads plus AI is sort of uniquely unsettling" to him personally. The speed of that reversal tells you something about the financial pressures involved.

On February 11, Zoë Hitzig, an OpenAI researcher who spent two years shaping how the company's models were built and priced, resigned and published an op-ed in The New York Times titled "OpenAI Is Making the Mistakes Facebook Made. I Quit." Her central concern: OpenAI "is building an economic engine that creates strong incentives to override its own rules."

Hitzig draws a direct comparison to Facebook's early years. Facebook also promised users would control their data. Facebook also said it wouldn't optimize for engagement at the expense of user wellbeing. Those commitments eroded under advertising pressure, eventually drawing Federal Trade Commission action and billions in settlements. Hitzig's argument is that the same structural incentives are now in play at OpenAI, amplified by the intimacy of conversational AI.

She's careful to note that she believes the first iteration of ads will probably follow OpenAI's stated principles. Her worry is about what comes next.

Why This Matters More for AI Than It Did for Social Media

There's a qualitative difference between advertising on a social media feed and advertising inside a conversational AI. Hitzig articulates it well: ChatGPT users have "generated an archive of human candor that has no precedent," in part because people believed they were interacting with something that had no ulterior agenda.

Think about what people actually type into ChatGPT. Medical symptoms they haven't told their doctor about. Relationship problems they're working through. Financial anxieties. Career doubts. Legal questions they'd rather not ask a lawyer yet. The Cyberhaven research that found 11% of data employees paste into ChatGPT is confidential only captures the corporate side. The personal side is arguably more revealing.

A search engine knows what you asked. A conversational AI knows why you asked, what you've already tried, what you're afraid of, and what you're hoping to hear. That depth of context is what makes AI assistants so useful. It's also what makes advertising on top of them fundamentally different from a banner ad on a website.

OpenAI's own ad documentation states that ads won't appear near sensitive topics like health, mental health, or politics. That's a reasonable starting guardrail. But the classification of what counts as "sensitive" is made by OpenAI's systems, and the boundary will be tested constantly as advertisers push for broader reach and the company faces quarterly earnings pressure post-IPO.

What This Means for Professionals Handling Confidential Data

If you're a lawyer, consultant, financial advisor, or healthcare professional who's been using ChatGPT (or thinking about it), the ad rollout changes the risk calculus in a specific way.

The confidentiality concern with AI tools has always been about data exposure: if you paste a client's financial model or a patient's case notes into ChatGPT, that data hits OpenAI's servers. For enterprise customers on Business or Enterprise plans, contractual protections limit how that data gets used. For individual professionals on free or even Plus plans, the protections are thinner and governed entirely by the privacy policy you just got emailed about.

Now add an ad-targeting layer to that pipeline. Even if you're on a paid plan and won't see ads, the broader infrastructure is evolving. OpenAI is building systems designed to extract commercial value from conversational context. The privacy policy that governs your data is the same one that now includes advertising provisions. And privacy policies, as any lawyer will tell you, are updated at the company's discretion.

Consider a concrete scenario. You're a management consultant, and you paste a client's quarterly revenue figures into ChatGPT to help build a presentation. On a paid plan, you won't see ads. But your data still flows through OpenAI's infrastructure, which is now architected to serve dual purposes: providing you helpful responses and running an advertising business built on understanding what users are talking about. The same systems that analyze conversation topics for ad matching could, in theory, be extended or repurposed as the company's revenue needs evolve.

This is the structural problem. You're trusting the same company to both safeguard your confidential data and commercially exploit conversational context. Today those functions are separated by internal policies. Whether that separation holds through an IPO, quarterly earnings calls, and the relentless pressure to grow ad revenue is the open question that prompted an insider to resign.

How to Actually Protect Yourself

The practical reality is that ChatGPT remains a powerful tool, and telling professionals to stop using AI entirely is about as useful as telling them to stop using email. The goal is reducing exposure while preserving access. Here's what that looks like in practice.

Understand the tier structure. OpenAI's paid plans (Plus, Pro, Business, Enterprise, Education) are ad-free, and Business/Enterprise plans offer stronger contractual data protections including the option to opt out of model training. If your firm is going to use ChatGPT, paying for a Business or Enterprise plan with explicit data processing agreements is the minimum. The free and Go tiers now have a dual purpose: serving you and serving advertisers.

Turn off ad personalization if you're on a free or Go plan. Go to Settings and disable the toggle. This limits ad targeting to the current conversation only. It doesn't eliminate targeting entirely, but it prevents your chat history and memories from feeding the ad system.

Audit what you're actually pasting. This sounds obvious, but the Cyberhaven research showing that 4.7% of employees paste confidential data into ChatGPT suggests most people don't think carefully about it in the moment. Client names, dollar amounts, case numbers, patient identifiers, internal project names: these details are easy to include without noticing.

Strip sensitive data before it leaves your device. This is the approach we built TrustPrompt around. The tool runs entirely in your browser, scanning your prompts for personally identifiable information and replacing it with realistic placeholders before anything reaches ChatGPT (or Claude, or any other LLM). Your original data never leaves your machine. The AI gets a sanitized version that preserves the structure and meaning of your question without exposing the confidential details.

For the consultant scenario above, TrustPrompt would replace "Acme Corp" with a placeholder company name and swap out the actual revenue figures with synthetic numbers in the same range. The AI's analysis would be just as useful, but the actual client data would never enter OpenAI's infrastructure at all, let alone their ad-targeting pipeline.

The architectural point is worth emphasizing. Privacy settings inside an AI platform are toggles that the platform controls. They can change with the next policy update, the next product decision, the next earnings target. Stripping data before it reaches the platform eliminates the dependency on those settings entirely. It doesn't matter what OpenAI's privacy policy says about your data if the data was never sensitive to begin with.

Use Temporary Chat for anything you wouldn't want stored. OpenAI's Temporary Chat mode doesn't save conversations to your history, and according to their ad documentation, temporary chats won't show ads. The catch: OpenAI still retains temporary chat data for up to 30 days for abuse monitoring. So "temporary" means "not permanent," not "gone immediately."

The Bigger Pattern

OpenAI's privacy policy update is one data point in a larger trend. Google has introduced ads in AI Overviews. Perplexity has experimented with sponsored follow-up questions. The economic logic is straightforward: conversational AI is expensive to run, users are accustomed to free products, and advertising is the proven model for monetizing massive free user bases.

The pattern from the social media era is instructive. Every major platform launched with strong privacy commitments. Every major platform eventually weakened those commitments under financial pressure. The difference with AI is that the data involved is qualitatively more intimate. People don't just browse or click or like. They explain, confide, and reason out loud. The advertising incentive is to analyze all of that.

Whether you think OpenAI will maintain its current guardrails or gradually erode them is ultimately a judgment call about institutional incentives. But you don't have to make that bet with your clients' data. The most resilient privacy strategy is architectural: ensure that the sensitive information never enters the system in the first place, regardless of what that system's business model looks like today or next quarter.

TrustPrompt automatically sanitizes sensitive data from your AI prompts before they leave your browser. Zero-knowledge architecture means your confidential information never reaches any AI provider. Try it free at trustprompt.io

Related Reading:

Why Companies Are Banning ChatGPT (And How to Use AI Safely Anyway)
The Complete Guide to Using AI at Work When Your Company Has Banned It
ChatGPT Privacy Risks: What Happens to Your Data (And How to Protect It) (coming soon)
How Zero-Knowledge Architecture Protects Your AI Prompts (coming soon)