AI keeps three separate things about you, and most people only ever see one of them. There is the content you typed, the metadata wrapper around it (timestamps, IP address, device, session), and the inferred profile the system builds by drawing conclusions from your chats. You can view and delete the first two on every major platform. The third, the profile, is usually the one you cannot see as a full list and cannot fully delete. And here is the part almost no coverage states plainly: under GDPR, that inferred profile often escapes the right to data portability entirely, because you did not directly provide it.
This distinction matters because the privacy debate almost always fixates on layer one. People ask whether their prompts are saved or whether their chats train the model. Those are real questions. But the layer that follows you across conversations, the one that shapes how the assistant treats you, is the profile you never signed off on and often cannot audit. This guide separates the three layers, gives you the real path to view, export, and delete each, and names the honest gap where the paths run out.
You can port the words you gave them. You usually cannot port the conclusions they drew. That asymmetry, not any single retention number, is what this piece is really about.
A security researcher who reverse-engineered ChatGPT's internal context found the profile runs far deeper than the tidy memory list suggests: Assistant Response Preferences with confidence ratings, Notable Past Conversation Topics, Helpful User Insights (inferred biographical details), and rolling summaries of recent chats. As the researcher put it, the user currently cannot modify or inspect what ChatGPT learns about them over time without prompt hacking. One reporter who asked ChatGPT what it knew about them got back the books they were writing, where they live, and even health and family details pulled from old conversations.
Layer 1: Content, the words you actually typed
Content is the most visible layer and the easiest to control. It is your prompts, the files and images you upload, and the responses generated back. Every major assistant stores this, and every major assistant lets you export or delete it. OpenAI, for example, collects the questions, prompts, and files you upload and stores them tied to your account, and it offers a full export through Settings, Data controls, Export data, with the ZIP arriving by email or SMS.
Anthropic is unusually clear about content collection: everything you type into Claude, including work documents, personal questions, code, and ideas, gets collected and stored. For consumer accounts, deleting a conversation removes it from your chat history immediately and from Anthropic's back-end storage within 30 days, unless you opted into model training (up to 5 years, de-identified) or the chat was flagged by trust and safety systems (inputs and outputs up to 2 years, classification scores up to 7 years). MemX's platform-by-platform retention table breaks down every one of these windows if you want the full grid.
Google stores your Gemini conversations in your Google Account with a default retention of 18 months, changeable to 3 or 36 months. The catch sits underneath the setting: even if you turn Gemini Apps Activity off, Google keeps conversations for up to 72 hours to run the service.
To wipe layer one, delete chats AND clear saved memories AND disconnect any connected apps. A single delete rarely clears everything, because the same fact can live in more than one place. MemX has a step-by-step walkthrough for ChatGPT, Claude, and Gemini if you want the exact clicks.
Layer 2: Metadata, the wrapper you never see
Metadata is the technical envelope around every message, and it is collected whether you are logged in or not. This includes your IP address, device name, operating system, browser type, device identifiers, timestamps, time zone, and general location derived from that IP. OpenAI collects this technical and device data even when you use ChatGPT without an account, to detect unusual login activity and prevent abuse.
Metadata rarely comes up because it feels boring, yet it is precisely what de-anonymizes you: it ties an otherwise anonymous session back to a person, links separate conversations into one identity, and pins a rough location to every prompt. Claude, for instance, can access location data at the device level on non-web surfaces like its mobile app and browser extension, to pull location-relevant results.
Metadata usually rides along inside your data export, and you erase it by deleting the account or the chats it rides with. It is the least mysterious of the three layers: you can see it, and it goes away when the content goes away. The trouble starts at layer three, where neither of those two things is reliably true.
Layer 3: The inferred profile, what the model decided about you
The inferred profile is the layer that separates a chat log from a model of you. It is not the words you typed; it is the conclusions drawn from them: your communication style, recurring topics, apparent preferences, and biographical guesses assembled across many conversations. On ChatGPT this splits into two parts, and the split is the whole story. Saved memories are an explicit, editable list. Reference chat history is an implicit layer inferred at runtime from past chats and never displayed as a fixed list. For a deeper look at how these hidden inferences form, MemX has a full breakdown of the inferred profile.
You can get a glimpse of it. Type "What do you know about me?" and the assistant will read back a list. But that reply is a summary the model chooses to surface, not a dump of the underlying profile. OpenAI's own guidance notes the memory summary will not include everything ChatGPT remembers from your chats, so the recitation you see is a curated slice, not the whole record.
Removing this layer is where the whole model breaks down. To erase something ChatGPT may know, you have to delete every source it could be inferred from: past chats, archived chats, uploaded files, the saved-memories list, and any connected apps. Even then, the implicit reference-chat-history layer rebuilds itself from whatever conversations survive. No single button says "delete what you concluded about me," which is exactly why the profile behaves so differently from the two visible layers above it.
The comparison: three layers, side by side
| Layer | Content | Metadata | Inferred profile |
|---|---|---|---|
| What it is | Prompts, files, uploads, and responses | IP, device, timestamps, location, session | Conclusions the model draws about you across chats |
| Can you see it? | Yes, in chat history and full export | Yes, inside your data export | Partly. A summary only, not the full profile |
| Can you delete it? | Yes, delete chats and memories | Yes, tied to the content and account | No clean delete. Rebuilt from remaining chats |
| Covered by GDPR data portability? | Yes, you provided it | Partly, where tied to your input | Often not. Derived data you did not provide |
| Who holds it | The vendor, on their servers | The vendor, for security and ops | The vendor, as a model-built profile of you |
What most coverage misses: the profile is exempt from the strongest rights
Even where the law grants you strong data rights, the inferred profile often sits in a gap. Under GDPR, inferred and derived data (the profile a company builds about you) is generally not treated as "provided by the data subject," which means it typically falls outside the right to data portability. You can port the words you gave them; you usually cannot port the conclusions they drew. That single line is the difference between a chat log you own and a profile you merely appear in.
The right of access is broader than portability and does cover inferences. UK regulator guidance is explicit that opinions and inferences attached to an identifiable person are personal data, even if the company is unsure they are correct. In practice, though, access to a machine-built, runtime-inferred profile is far harder to enforce than access to a stored chat log, because there is no tidy record to hand over.
Regulators are starting to push on the source data too. A joint investigation by four Canadian privacy authorities found OpenAI collected significant amounts of personal information, including sensitive medical, political, and children's data, from public sources without valid consent to train its models. Users could theoretically request removal but had to prove the connection between themselves and their data first, a high bar for anything the model absorbed rather than a discrete file you can point to.
You have real rights over the words you typed. Your rights over the conclusions drawn from them are weaker, harder to exercise, and in the case of portability, often absent.
The practical path: view, export, delete each layer
ChatGPT
- View the profile summary: ask "What do you know about me?" in a normal chat.
- Manage saved memories: Settings, Personalization, Manage memories, delete entries individually.
- Export content and metadata: Settings, Data controls, Export data; the ZIP arrives by email within up to 7 days.
- Cut off the inferred layer: turn off Reference chat history and use Temporary Chat for sensitive sessions.
Gemini
- Review and delete conversations under Gemini Apps Activity in your Google Account.
- Set retention to 3, 18, or 36 months, or turn auto-delete off.
- Remember the 72-hour floor even with activity off, and that human-reviewed chats are kept up to 3 years, disconnected from your account.
Claude
- Delete conversations; back-end removal completes within 30 days for consumer accounts.
- Check your training opt-in status in Privacy Settings; opting in extends de-identified retention to 5 years.
- Use incognito chats for anything you do not want retained for improvement.
One pattern runs through every list above. Layers one and two get precise, named controls. Layer three gets a toggle to stop future inference and a summary you can request, but no view of the full profile and no clean delete. Once you notice that gap, you stop trusting the delete button to do more than it can, and you start keeping your own copy of anything that matters.
Where MemX fits this problem
The pain in this post is asymmetry: you can see and delete your words, but not the profile a vendor builds from them. MemX is built the other way around. It is a model-agnostic memory layer that sits above whichever assistant you use, and the stored layer is yours to inspect. You back up your own documents, chats, voice notes, and photos, and you can see and search exactly what is held, rather than trusting a vendor's runtime inference you cannot audit.
MemX is private by architecture: per-user isolation, customer-managed encryption keys, encryption at rest, and on-device processing. To be honest about the boundary, that is not end-to-end encryption and not zero-knowledge, and MemX will not stop a separate assistant from forming its own inferred profile on its own servers. What it changes is which layer you actually hold: the visible, exportable stored layer, instead of an opaque profile you can only glimpse through a summary.
Keep the two jobs separate. Use the assistant's controls to limit the profile it builds, and keep your own searchable copy of the source material somewhere you control.
Frequently asked questions
01What data does AI keep about you?
Three layers: content (your prompts, files, and responses), metadata (IP address, device, timestamps, and location), and an inferred profile (conclusions the model draws about your style, topics, and traits across chats). You can view and delete the first two on major platforms; the profile is harder to see or remove.
02Does ChatGPT store my conversations?
Yes. OpenAI stores your prompts, uploaded files, and responses tied to your account, plus technical metadata like IP and device. You can export it all through Settings, Data controls, Export data, and delete chats, though a separate inferred profile persists beyond the visible history.
03Does deleting my chats delete what AI knows about me?
Not entirely. Deleting chats and clearing saved memories removes the sources, but the implicit inferred layer is rebuilt from whatever conversations remain. A fact can also live in multiple places, so you must delete every source and disconnect connected apps.
04Can I export the profile an AI built about me?
Usually not. Data exports include your content and metadata, not the machine-built inferred profile. Under GDPR, inferred and derived data typically falls outside the right to data portability because it was not directly provided by you.
05How do I stop AI from building a profile of me?
Turn off the inferred layer where offered: disable ChatGPT's Reference chat history, use Temporary or Incognito chats, and turn off Gemini Apps Activity (though a 72-hour floor still applies). These stop future inference; they do not fully erase what was already built.
The bottom line
Stop treating "what AI keeps about you" as one question. It is three. Your content and metadata are visible and deletable, and you should use those controls. The inferred profile is the layer that quietly persists, resists deletion, and often escapes the strongest data rights. Assume that anything you share can become a durable conclusion about you, and hold your own copy of the source material somewhere you can actually see.
Written by Aditya Kumar Jha, Founding Software Engineer at MemX, who builds the model-agnostic memory layer discussed here and works daily on how personal data is stored, retrieved, and kept auditable. Every retention figure and rights claim in this piece is sourced to the vendor's own policy or a named regulator.
