ChatGPT does not run from one public “ChatGPT data center.” OpenAI uses its own systems and cloud infrastructure providers to process, store, and deliver the service. For individual users, OpenAI says personal data may be processed and stored in the United States or in other countries where OpenAI, affiliates, partners, vendors, or service providers operate.[1] For business products, OpenAI lists cloud infrastructure sub-processors that include Microsoft, CoreWeave, Oracle Cloud Infrastructure, Google Cloud Platform, Amazon Web Services, and others.[2] The practical takeaway is simple: treat ChatGPT like a cloud service, not a local app. Your chats, files, memories, metadata, and outputs may be stored, encrypted, reviewed for safety, retained for set periods, and processed across a distributed infrastructure stack.
What “ChatGPT data center” means
A ChatGPT data center is not a single building you can point to on a map. It is better understood as the infrastructure layer that lets ChatGPT receive prompts, run model inference, store account data, save chat history, deliver files, handle safety systems, and return responses.
That infrastructure includes data centers operated by OpenAI, affiliates, and cloud or infrastructure partners. OpenAI’s privacy policy says it processes personal data on servers in multiple jurisdictions, including the United States and countries or territories where its affiliates, partners, vendors, or service providers are located.[1] That language matters because it means the location of your data may depend on product type, account settings, enterprise contract terms, selected data residency region, enabled features, and the vendors involved in the request.
There is also a difference between “storage” and “processing.” Storage means data is saved at rest, such as chat history, uploaded files, memories, or account data. Processing means data is handled to perform an action, such as generating a response, searching the web, reading a file, or routing a request through safety systems. A residency setting may limit where data is stored at rest, while a separate inference residency setting may address where GPU model execution happens.[3]
If you are mainly worried about personal privacy, start with ChatGPT Privacy and Does ChatGPT Save Your Data?. This article focuses on the infrastructure and storage side: where data may go, what OpenAI says it keeps, and what controls you have.
Where ChatGPT data is processed
OpenAI publishes a sub-processor list for Customer Data covered by its Data Processing Agreement. The list was last updated on February 11, 2026, and names infrastructure providers and their processing locations for products including API, ChatGPT Enterprise, ChatGPT Edu, and ChatGPT Business.[2]
The listed cloud infrastructure providers include Microsoft Corporation, CoreWeave, Oracle Cloud Infrastructure, Google Cloud Platform, Amazon Web Services, and Cerebras.[2] OpenAI also lists Cloudflare as a content delivery network provider, with processing performed at the data center closest to the end user for the covered products.[2]
This does not mean every ChatGPT conversation touches every provider. It means OpenAI has identified these entities as sub-processors for covered processing activities. A specific request may involve only part of the stack. It may also involve other services if you enable features such as connectors, web search, third-party GPT actions, or support workflows.
OpenAI’s broader infrastructure strategy also includes large AI compute buildouts. On January 21, 2025, OpenAI announced the Stargate Project, a company intended to invest $500 billion over the next four years in AI infrastructure for OpenAI in the United States.[9] The Associated Press also reported on January 21, 2025, that the Stargate venture involved OpenAI, Oracle, and SoftBank and would invest up to $500 billion in infrastructure tied to artificial intelligence.[12] In a later OpenAI update, OpenAI said Stargate had a full $500 billion, 10-gigawatt commitment and that five new U.S. AI data center sites, plus Abilene, Texas and CoreWeave projects, brought planned capacity to nearly 7 gigawatts and over $400 billion in investment over the next three years.[10]
For ordinary ChatGPT users, those infrastructure announcements do not change the core privacy rule. A larger data center footprint does not mean your individual chats are public, but it does mean ChatGPT depends on distributed cloud-scale systems. If you want a broader risk overview, read ChatGPT privacy concerns you should know and Is ChatGPT Secure? Encryption Explained.
What OpenAI stores when you use ChatGPT
OpenAI’s storage depends on how you use ChatGPT. The main categories are account data, chat content, uploaded files, generated outputs, saved memories, workspace content, and operational metadata. The exact list can differ between individual ChatGPT, ChatGPT Business, ChatGPT Enterprise, ChatGPT Edu, the API, and specialized enterprise offerings.
For standard ChatGPT chats, OpenAI says chats are saved to your account until you delete them manually.[6] If you archive a chat, you hide it from the sidebar but do not delete it; archived chats follow the same retention rules as unarchived chats.[6] For users asking Does ChatGPT Save Your Chats?, this distinction is important. Archive is a visibility control. Delete is a retention control.
Uploaded files are a separate concern. Files can be stored with the conversation or workspace context that uses them. In enterprise data residency documentation, OpenAI identifies conversations, files, Code Interpreter and Data Analysis artifacts, image generation inputs and outputs, custom GPT prompts and outputs, Canvas content, and ChatGPT Memory as customer content that may be stored in-region when a new workspace is provisioned with data residency.[3] That list is useful because it shows the range of data types ChatGPT can store beyond plain text chats.
Memory adds another layer. If memory is enabled, ChatGPT may store facts or preferences to personalize future responses. Deleting a chat does not necessarily mean every related memory disappears unless you also manage saved memories. For a practical safety lens, see Is ChatGPT Safe to Use Personal Data In? before putting sensitive personal, medical, legal, or financial details into a conversation.
| Stored item | What it may include | Why it matters |
|---|---|---|
| Chat history | Prompts, responses, titles, and conversation context | Saved chats can remain in your account until you delete them. |
| Uploaded files | Documents, images, spreadsheets, PDFs, and analysis inputs | Files may contain more sensitive data than the prompt itself. |
| Generated outputs | Answers, code, summaries, images, and analysis results | Outputs can include transformed versions of your inputs. |
| Memory | Saved preferences, facts, or context for later chats | Memory can persist beyond a single conversation if enabled. |
| Workspace content | Custom GPTs, Canvas, project material, and shared resources | Business and education workspaces may have admin controls and retention settings. |
| Operational metadata | Login, billing, security, abuse-prevention, and support data | Some metadata may fall outside content residency controls. |
Retention, deletion, and Temporary Chat
OpenAI’s help center says chats are saved to your account until you delete them manually.[6] When you delete a chat or account, the chat is removed from your account immediately and scheduled for permanent deletion from OpenAI systems within 30 days, unless the chat has already been de-identified and disassociated from you or OpenAI must retain it longer for security or legal obligations.[6]
Temporary Chat works differently. OpenAI says Temporary Chats do not appear in history, ChatGPT does not remember them, and they are not used to improve OpenAI’s models.[7] OpenAI also says it may keep a copy of Temporary Chats for safety purposes for up to 30 days.[7] The separate chat and file retention page says Temporary Chat conversations are automatically deleted from OpenAI systems within 30 days even without manual deletion.[6]
Temporary Chat is useful for reducing stored history, but it is not the same as using ChatGPT offline. The request still goes to OpenAI’s service and may be processed for safety. If you need a reality check on local use, see how to use ChatGPT offline.
Deletion is also not the same as training opt-out. Deleting a chat removes it from your account and schedules deletion from systems. Opting out of training affects whether new eligible content is used to improve models. OpenAI says individual users may opt out through its privacy portal, and once they opt out, new conversations will not be used to train models.[8]
- Archive: hides a chat but keeps it in your account.
- Delete: removes the chat from view and schedules system deletion under OpenAI’s retention rules.
- Temporary Chat: avoids history and memory, is not used for model improvement, and may be kept briefly for safety.
- Training opt-out: prevents new eligible chats from being used to improve models, but does not by itself delete stored chats.
Data residency and inference residency
Data residency is one of the most important storage controls for organizations. OpenAI says data residency for ChatGPT lets eligible customers keep customer content stored at rest in a specific geographic region.[3] This is mainly a business, enterprise, and education feature, not a general consumer setting.
As of OpenAI’s help center page accessed for this article, ChatGPT data residency storage at rest is available in Australia, Canada, Europe (EEA + Switzerland), India, Japan, Singapore, South Korea, the United Arab Emirates, the United Kingdom, and the United States.[3] The same page says inference residency is available for Europe (EEA + Switzerland) and the United States, and it requires data residency to be enabled in the same region.[3]
The distinction matters. Data residency controls where stored customer content sits at rest. Inference residency controls where model execution on customer content takes place on GPU infrastructure for supported locations.[3] A company with strict data sovereignty rules should ask about both, because storage and inference are different stages in the lifecycle of a prompt.
OpenAI also lists data that may fall outside the selected data region. Its ChatGPT data residency page says certain categories may be stored outside the chosen data region, including data stored and processed outside OpenAI infrastructure through external integrations such as Apps and MCP or Web Search, transient or processing steps needed for service functionality, and workspace metadata such as workspace name, billing information, and user logins.[3]
If your organization is evaluating regional storage for legal reasons, pair this article with ChatGPT and GDPR and ChatGPT Data Protection Practices. Data residency can help with policy alignment, but it is not a complete compliance program by itself.
Security controls around stored ChatGPT data
OpenAI says infrastructure serving its products runs on trusted cloud providers using industry best practices, including encryption in transit and at rest, change management, and strict access controls.[4] For enterprise privacy, OpenAI specifies AES-256 encryption at rest and TLS 1.2+ in transit between customers and OpenAI and between OpenAI and its service providers.[5]
Encryption at rest means stored data is encrypted in storage systems. Encryption in transit means data is encrypted while moving across networks. These controls are important, but they do not mean ChatGPT is end-to-end encrypted in the messaging-app sense. OpenAI’s systems still need to process your prompt to produce a response. For that distinction, read Is ChatGPT Encrypted End-to-End?.
OpenAI also says it has undergone an independent SOC 2 Type 2 examination for controls relevant to Security, Availability, Confidentiality, and Privacy for its API and ChatGPT business product services.[4] OpenAI’s security page also says it maintains ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certifications for the information security and privacy management systems supporting the OpenAI API, ChatGPT Enterprise, and ChatGPT Edu services.[4]
These controls reduce risk. They do not eliminate it. Any cloud service can still create exposure through account compromise, accidental sharing, weak workspace permissions, unnecessary file uploads, third-party integrations, or prompts that include secrets. Treat ChatGPT as a powerful hosted system and apply the same judgment you would use with email, cloud documents, and customer-support tickets.
Consumer vs. business storage rules
The biggest storage difference is between individual ChatGPT use and business or enterprise use. Individual users have controls such as deleting chats, using Temporary Chat, exporting data, and opting out of training. Business workspaces can add administrative controls, contractual terms, retention settings, residency options, and default no-training commitments.
OpenAI says that for services for individuals such as ChatGPT and Codex, it may use content to train models, and users can opt out so new conversations will not be used to train models.[8] For business products, OpenAI says it does not train on inputs or outputs from ChatGPT Business, ChatGPT Enterprise, and the API by default unless organizations explicitly opt in.[8]
OpenAI’s enterprise privacy page says business customers own and control their data, do not have their data used to train models by default, own inputs and outputs where allowed by law, and can control how long data is retained for ChatGPT Enterprise, ChatGPT for Healthcare, and ChatGPT Edu.[5]
| Area | Individual ChatGPT | Business, Enterprise, and Edu |
|---|---|---|
| Training use | May be used for model improvement unless the user opts out. | Not used for training by default for covered business products. |
| Chat retention | Chats remain until deleted, with deletion scheduled under OpenAI’s stated retention window. | Workspace terms and admin retention controls may apply. |
| Data residency | Not generally a consumer setting. | Available to eligible new ChatGPT Enterprise and Edu workspaces in supported regions. |
| Inference residency | Not generally a consumer setting. | Available to eligible customers in supported regions when data residency is enabled. |
| Administrative control | User-level settings. | Workspace-level access, retention, security, and compliance controls. |
How to reduce what ChatGPT stores
You cannot make normal ChatGPT operate like a fully local app, but you can reduce what it stores and how much sensitive data you expose. The best approach is to combine settings, habits, and organizational controls.
- Use Temporary Chat for low-retention conversations. OpenAI says Temporary Chats do not appear in history, do not create memories, and are not used to improve models.[7]
- Delete chats you no longer need. OpenAI says deleted chats are removed from your account immediately and scheduled for permanent deletion from systems within 30 days, subject to exceptions.[6]
- Turn off training if you use an individual account. OpenAI says once a user opts out, new conversations will not be used to train models.[8]
- Review memory. Delete saved memories you no longer want ChatGPT to use.
- Limit file uploads. Upload only the pages, rows, or excerpts needed for the task.
- Avoid secrets. Do not paste passwords, API keys, private keys, unreleased financials, regulated health data, or confidential client documents unless your organization has approved the workflow.
- Use business controls for work. If employees use ChatGPT for company data, use a business or enterprise plan with workspace administration instead of unmanaged personal accounts.
For more practical privacy steps, read Does ChatGPT Share Your Data?, ChatGPT Privacy Policy Explained Simply, and Is ChatGPT Safe to Use? Comprehensive Review.
Frequently asked questions
Does ChatGPT have one main data center?
OpenAI has not published an official figure for a single main ChatGPT data center. Its privacy policy and sub-processor list describe a distributed infrastructure model with OpenAI systems, affiliates, partners, vendors, and cloud infrastructure providers.[1][2]
Where are my ChatGPT chats stored?
For individual users, OpenAI says personal data may be processed and stored in the United States or in other countries where OpenAI, affiliates, partners, vendors, or service providers are located.[1] Business and education customers may have additional options, including data residency for eligible workspaces in supported regions.[3]
Are deleted ChatGPT chats gone immediately?
They disappear from your account immediately, but OpenAI says they are scheduled for permanent deletion from OpenAI systems within 30 days, unless de-identification or legal and security exceptions apply.[6] OpenAI also says deleted chats cannot be recovered through the user interface, APIs, or support.[6]
Does data residency keep everything inside one country?
No. OpenAI says ChatGPT data residency applies to customer content stored at rest in the selected region, but certain categories may be stored outside the chosen region. Examples include external integrations, Web Search, transient processing steps, and some workspace metadata.[3]
Is ChatGPT data encrypted in storage?
OpenAI says its product infrastructure uses encryption in transit and at rest.[4] For enterprise privacy, OpenAI specifies AES-256 encryption at rest and TLS 1.2+ in transit between customers and OpenAI and between OpenAI and service providers.[5]
Should I put confidential files into ChatGPT?
Only if the workflow, account type, retention settings, and contract terms fit the sensitivity of the file. For personal accounts, avoid uploading confidential, regulated, or secret material unless you fully understand the privacy controls. For company data, use an approved business workspace with administrative controls.