Does Your AI Assistant Train on Your Notes?
It depends on which product you paste into, and the default was chosen for you. As of March 1, 2023, the OpenAI API does not train on your data unless you opt in 1. Consumer ChatGPT, GitHub Copilot's free tiers, and Anthropic's Claude each answer differently — and "won't train on it" never meant "won't see it."
That last line is the whole post. A vendor can promise it will not use your text to improve its models and still log that text, retain it for a window, and run it through monitoring. Training is one boundary. Seeing, storing, and processing are separate boundaries, governed by separate defaults. This guide gives you a method that survives the defaults changing: read each path's default, keep your source of truth in plain files you hold, and treat every send as a scoped decision about which text leaves and under which rule.
The numbers below are accurate as of late June 2026, and every one is dated. They will drift. The discipline will not.
The single discipline: keep the source of truth local, send on purpose
Treat your notes as the original and any AI send as a copy you authorize. The source of truth lives as plain Markdown files on your own device, where no vendor default applies. When you use an AI feature, you decide which excerpt leaves and to which provider — and you accept that provider's default knowingly, not by accident.
This inverts the usual posture. Most people paste first and wonder later. The boundary discipline asks the question before the paste: what am I sending, where does it go, and what is that destination's default for training and retention? The general version of this point — that what you type into an AI leaves your walls the moment you hit send — is the thesis this post specializes into dated, per-vendor rules. The plain-file source of truth is what makes the question cheap to answer. Nothing moves unless you move it, so the only data under a vendor's rules is the data you deliberately handed over.
Why the boundary matters at all
Training on your text is not abstract — under pressure, a model can repeat what it learned. In a 2021 USENIX Security study, Carlini and eleven co-authors showed that "an adversary can perform a training data extraction attack to recover individual training examples by querying the language model" 2. They extracted hundreds of verbatim sequences from the model's data.
The honest framing matters here, because this is where scare stories outrun the evidence. The Carlini attack targeted GPT-2 and was adversarial and difficult — it is not a one-click leak of your diary. The authors themselves note a caveat that should make you more careful, not less: "we find that larger models are more vulnerable than smaller models" 2. So the stakes are real and the trend points the wrong way, but the takeaway is a reason to mind the boundary, not a reason to panic. You control what enters a training set by controlling what you send.
The per-vendor defaults, dated
Here is the answer most people are searching for, in one table. Each cell is a point-in-time reading sourced to the vendor's own policy and stamped with the date it was confirmed. Read it as a snapshot, not a law of nature — these defaults have shifted before and will shift again.
| Path / tier | Trains on your data by default? | Retention you should know about | Source · confirmed |
|---|---|---|---|
| OpenAI API | No — not used to train unless you explicitly opt in (policy as of 2023-03-01) 1 | Abuse-monitoring logs up to 30 days by default 3 | OpenAI API docs · 2026-06-26 |
| ChatGPT Business / Enterprise / Edu / business API | No, by default 4 | Per business terms | OpenAI Help Center · 2026-06-26 |
| ChatGPT consumer (Free / Plus / Pro) | Interactions are used to improve and train models 5; giving feedback can re-include a whole conversation 6 | Per consumer terms | OpenAI Help Center · 2026-06-26 |
| GitHub Copilot Free / Pro / Pro+ | Yes, by default from 2026-04-24, unless you opt out 7 | — | The GitHub Blog · 2026-06-26 |
| GitHub Copilot Business / Enterprise | No — "not affected by this update" 8 | — | The GitHub Blog · 2026-06-26 |
| Anthropic Claude (consumer) | Only if Model Improvement is on in your settings 9; the default state is not stated in the policy and should be re-checked 9 | Feedback conversations retained up to 5 years 9 | privacy.claude.com · 2026-06-26 |
Two patterns survive the dates. First, the consumer/business split: across OpenAI and GitHub, business and enterprise tiers default to no-train while consumer tiers do not 4578. Second, the opt-in versus opt-out divide: a default is only as protective as its direction, and you rarely chose it.
The honesty hook: "won't train" is not "won't see"
A no-train promise covers one boundary — model improvement. It says nothing about whether the vendor logs, stores, or processes your text. OpenAI's API documentation states that abuse-monitoring logs are generated for all API usage and retained "for up to 30 days" by default 3, and that those logs "may contain certain customer content, such as prompts and responses" 10.
GitHub draws the same distinction in plain language. Even where your code is not used for training, the company writes that it uses the phrase "at rest" deliberately, "because Copilot does process code from private repositories when you are actively using Copilot" 11. Read those two admissions together and the rule falls out: a vendor can truthfully say it will not train on your notes while it still sees them, processes them, and keeps them for a window. The no-train headline is the floor of what to verify, not the ceiling.
There is a sharper version of the same trap on the consumer side. Opting out of training is not always permanent for the data you touch afterward. OpenAI's help documentation notes that "if you choose to provide feedback, the entire conversation associated with that feedback may be used to train our models" 6 — so a single thumbs-up can pull a whole exchange back across the boundary you thought you closed. The lesson generalizes: an opt-out governs a default, and a separate action can override that default for a specific piece of data. Read the conditions, not just the toggle.
How to read any vendor's policy in five minutes
You do not need a lawyer; you need five questions answered in order. Each one targets a separate boundary so you never collapse "won't train" into "won't see," and so a no-train headline never stands in for the logging and retention around it. Run them against the live policy page, because the wording drifts between updates.
- Which tier am I on? Consumer and business tiers routinely carry opposite defaults 45. Confirm yours first; everything else changes with it.
- Is training opt-in or opt-out here? A no-train default and a train-unless-you-opt-out default are worlds apart 17. Find the direction, not just the toggle.
- What is retained, and for how long? Look past training to logging. Find the retention window and what the logs contain 310.
- Does feedback re-include my data? A thumbs-up can pull an entire conversation back into a training set even after you opted out 6. Treat the feedback button as a separate send.
- Where is the date? Note the policy's last-updated stamp. An undated screenshot from a forum is not a policy; the vendor's current page is.
Common mistakes
The errors cluster around one habit: collapsing several boundaries into a single yes-or-no. Training, retention, processing, and tier are four separate questions, and the policy answers them separately. Most missteps come from reading one answer and assuming it settled the other three, or from trusting a default that has since moved.
- Reading "no training" as "no retention." The most common error in the whole topic. OpenAI logs API content up to 30 days by default even on the no-train path 310; the two boundaries are independent.
- Assuming Zero Data Retention is a consumer switch. Under OpenAI's ZDR, the
storeparameter "will always be treated as false," and content is excluded from abuse logs — but ZDR and modified monitoring are "subject to prior approval by OpenAI" 12. It is an enterprise control, not a checkbox in your account. - Believing one default holds across tiers. GitHub's 2026 change hit Copilot Free, Pro, and Pro+ while "Copilot Business and Copilot Enterprise users are not affected" 78. Same product name, opposite defaults.
- Trusting that "bring your own key" exempts you from training. BYOK governs key custody and encryption-at-rest, not whether a given product trains on your prompts. Whether BYOK changes the training default depends entirely on that vendor's policy for that product — verify it; do not assume it.
- Citing an undated default. Every policy here has drifted across 2025–2026. A claim without a date is a claim with a hidden expiry.
How this works with MNMNOTE
MNMNOTE keeps the source of truth where the defaults cannot reach it: your notes live as plain Markdown files on your own device, and nothing has to move for you to read, edit, or search them. There is no account in the way and no server holding the original. The boundary is the default, not an afterthought.
When you do reach for AI, the discipline still applies, and honesty requires the scoped version of the claim: your notes stay on your device, but an AI feature sends the text you choose to the provider you choose, using your own key. Once that excerpt leaves, it is under that provider's default for training and retention — the very defaults this post taught you to read. MNMNOTE narrows the boundary to a deliberate, per-send decision; it does not promise that a third-party model "never sees" what you send it. No tool can promise that for text it does not hold.
Frequently Asked Questions
These are the questions people actually type, answered to the vendors' current policies and dated. Each answer separates training from retention on purpose, because that is where the confusion lives. Treat every figure as a snapshot — re-read the linked policy before you rely on it, since the defaults below have moved before.
Does ChatGPT train on my data? It depends on your tier. For business products — ChatGPT Business, Enterprise, Edu, and the API — OpenAI states it does "not train on any inputs or outputs from our products for business users" by default 4. For consumer ChatGPT, OpenAI says interactions are used to improve and train its models 5. Confirm your tier and the live policy date before relying on either.
How do I opt out of AI training? For consumer ChatGPT, the control lives in the account's Data Controls settings as a toggle for improving the model. The exact label drifts between updates, so open your settings and read the current wording rather than trusting an old screenshot. Remember that opting out stops training, not logging or retention 310.
What is Zero Data Retention?
Zero Data Retention is an OpenAI control where the store parameter "will always be treated as false" and content is excluded from abuse-monitoring storage 12. It is not a consumer switch — ZDR is "subject to prior approval by OpenAI" and acceptance of additional requirements 12. Treat it as a real but enterprise-gated control, not a setting you toggle.
Does bring-your-own-key stop AI training? Not automatically. BYOK is about key custody and encryption, not about whether a product uses your prompts for training. Whether your text is trained on still depends on that specific vendor's policy for that specific product. Check the provider's own current policy rather than assuming the key arrangement exempts you.
Does Claude train on my conversations? For consumer Claude, Anthropic says model improvement happens only when you "choose to allow us to use your chats and coding sessions to improve Claude" through your settings 9. Incognito chats "are not used to improve Claude, even if you have enabled Model Improvement" 9. The policy does not state the default on/off state, so re-check it live before relying on it 9.
Is GitHub Copilot training on my code? For Copilot Free, Pro, and Pro+, GitHub states that from April 24, 2026, interaction data "will be used to train and improve our AI models unless they opt out" 7. Copilot Business and Enterprise "are not affected by this update" 8. Confirm the policy is in effect and re-read the opt-out path before relying on it.
Does opting out of AI training actually work? Opting out generally stops training, but it does not stop logging, retention, or processing. OpenAI's own documentation notes that abuse-monitoring logs can contain prompts and responses for up to 30 days by default 310, and GitHub states Copilot "does process code from private repositories when you are actively using Copilot" 11. The honest read: opt-outs cover training, not the seeing and storing around it.
The villain was never a particular vendor. It is the default you did not choose — and the cure is to keep your words in files you hold and to make every send a decision, not an accident. To keep the source of truth in plain Markdown on your own device, mnmnote.com opens in a browser tab.
Footnotes
-
"API Data Usage and Retention," OpenAI Developer Platform, https://developers.openai.com/api/docs/guides/your-data, accessed 2026-06-26. "As of March 1, 2023, data sent to the OpenAI API is not used to train or improve OpenAI models (unless you explicitly opt in to share data with us)." ↩ ↩2 ↩3
-
Carlini, N., Tramèr, F., Wallace, E., Jagielski, M., Herbert-Voss, A., Lee, K., Roberts, A., Brown, T., Song, D., Erlingsson, Ú., Oprea, A., & Raffel, C. (2021). "Extracting Training Data from Large Language Models." USENIX Security Symposium 2021. https://arxiv.org/abs/2012.07805, accessed 2026-06-26. ↩ ↩2
-
"API Data Usage and Retention," OpenAI Developer Platform, https://developers.openai.com/api/docs/guides/your-data, accessed 2026-06-26. "By default, abuse monitoring logs are generated for all API feature usage and retained for up to 30 days, unless longer retention is required by law." ↩ ↩2 ↩3 ↩4 ↩5 ↩6
-
"How your data is used to improve model performance," OpenAI Help Center, https://help.openai.com/en/articles/5722486-how-your-data-is-used-to-improve-model-performance, accessed 2026-06-26. "By default, we do not train on any inputs or outputs from our products for business users, including ChatGPT Business, ChatGPT Enterprise, and the API." ↩ ↩2 ↩3 ↩4
-
"How your data is used to improve model performance," OpenAI Help Center, https://help.openai.com/en/articles/5722486-how-your-data-is-used-to-improve-model-performance, accessed 2026-06-26. "We retain certain data from your interactions with us, but we take steps to reduce the amount of personal information in our training datasets before they are used to improve and train our models." ↩ ↩2 ↩3 ↩4
-
"How your data is used to improve model performance," OpenAI Help Center, https://help.openai.com/en/articles/5722486-how-your-data-is-used-to-improve-model-performance, accessed 2026-06-26. "If you choose to provide feedback, the entire conversation associated with that feedback may be used to train our models." ↩ ↩2 ↩3
-
"Updates to GitHub Copilot interaction data usage policy," The GitHub Blog, 2026-03-25, https://github.blog/news-insights/company-news/updates-to-github-copilot-interaction-data-usage-policy/, accessed 2026-06-26. "From April 24 onward, interaction data—specifically inputs, outputs, code snippets, and associated context—from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out." ↩ ↩2 ↩3 ↩4 ↩5
-
"Updates to GitHub Copilot interaction data usage policy," The GitHub Blog, 2026-03-25, https://github.blog/news-insights/company-news/updates-to-github-copilot-interaction-data-usage-policy/, accessed 2026-06-26. "Copilot Business and Copilot Enterprise users are not affected by this update." ↩ ↩2 ↩3 ↩4
-
"Is my data used for model training?," Anthropic, last updated 2026-03-16, https://privacy.claude.com/en/articles/10023580-is-my-data-used-for-model-training, accessed 2026-06-26. "Your Incognito chats are not used to improve Claude, even if you have enabled Model Improvement in your Privacy Settings"; model improvement applies when "You choose to allow us to use your chats and coding sessions to improve Claude"; feedback conversations retained up to 5 years. ↩ ↩2 ↩3 ↩4 ↩5 ↩6
-
"API Data Usage and Retention," OpenAI Developer Platform, https://developers.openai.com/api/docs/guides/your-data, accessed 2026-06-26. "Abuse monitoring logs may contain certain customer content, such as prompts and responses, as well as metadata derived from that customer content, such as classifier outputs." ↩ ↩2 ↩3 ↩4 ↩5
-
"Updates to GitHub Copilot interaction data usage policy," The GitHub Blog, 2026-03-25, https://github.blog/news-insights/company-news/updates-to-github-copilot-interaction-data-usage-policy/, accessed 2026-06-26. "We use the phrase 'at rest' deliberately because Copilot does process code from private repositories when you are actively using Copilot." ↩ ↩2
-
"API Data Usage and Retention," OpenAI Developer Platform, https://developers.openai.com/api/docs/guides/your-data, accessed 2026-06-26. Under Zero Data Retention the
storeparameter "will always be treated as false"; ZDR and modified abuse monitoring are "subject to prior approval by OpenAI and acceptance of additional requirements." ↩ ↩2 ↩3