Phase 1 · ChatGPT · Level 3 · Power User
Security and data controls
By the end, you'll be able to…
- Set your training-data and chat-history controls to match how you use ChatGPT
- Lock down account security (MFA, sessions and connected apps) so a stolen password isn't enough
- Know which settings to check when handling work or personal data, and when to use Temporary Chat
Why it matters
By now you've connected apps, built GPTs and let an agent act on your behalf, which means your ChatGPT account can reach real data and real systems. That makes it worth securing properly, not just conveniently. This lesson is the one where you turn the dials deliberately: whether your conversations train future models, what history is kept, and the part people skip until it's too late, making your account hard to break into. Ten minutes here protects everything the rest of this level set up.
Two different questions, often confused
People lump "ChatGPT privacy" into one worry, but there are really two separate questions, with separate settings:
- What does OpenAI do with what I type? The data controls: whether your conversations help train future models, and what history is kept.
- Who can get into my account? The account security: passwords, multi-factor authentication, active sessions, and which apps you've connected.
They're different problems. The first is about how your content is used by the provider; the second is about keeping other people out. A power user who's connected work apps and built GPTs needs both handled, so we'll take them in turn.
Data controls: does your chat train the model?
The setting most people mean by "privacy" lives in Settings → Data Controls, and the key one is usually phrased as "Improve the model for everyone" (wording varies). When it's on, your conversations can be used to help train future versions of OpenAI's models: the things you type, the files you upload, the replies you get. Turn it off, and future conversations won't be used for training. Two honest caveats: turning it off doesn't retroactively pull back anything already used, and it's typically on by default on personal plans, so if you care, you change it deliberately rather than assuming.
Whether to turn it off is a judgement, not a rule. For casual personal use you may not mind. For work material, even de-identified, the cautious default is off, and it costs you nothing in day-to-day quality. The more important point connects straight back to Phase 0: this setting is not a licence to paste confidential data. Even with training off, you're still sending content to an external service, and your Phase 0 privacy rules and your employer's policy still apply. The training toggle reduces one risk; it doesn't remove the need to think about what you share.
Business, Enterprise and Edu workspaces are handled differently (content there is generally excluded from training by default) which is one reason organisations use those plans. If you're on a personal account for work, you don't get that automatically; the setting is yours to manage.
Show me everything you currently have saved in memory about me. List each item plainly so I can review it. I'm looking for anything that's out of date, no longer true, or more personal than I'd want influencing future replies; tell me which items I can remove in settings, and confirm that clearing them stops them affecting future chats.
Why this works: Data controls aren't only about the future; your account may already hold stored memories from months of chats, some stale or more personal than you'd choose. Asking ChatGPT to lay out what it remembers so you can prune it turns an invisible store into something you can actually review and clean up.
Alongside training, the same area governs chat history. And for one-off sensitive queries there's a sharper tool: Temporary Chat. A Temporary Chat doesn't appear in your history, doesn't use or create memory, and isn't used to train the model; it's the "incognito" option for a conversation you want to leave no trace. Reach for it when you want a quick answer without it joining your record or colouring future replies.
Before a sensitive one-off question, ask: does this need to be in my history or memory at all? If not, open a Temporary Chat. Before using ChatGPT for ongoing work, ask: is training off, and is what I'm about to paste something my employer's policy actually allows me to share?
Why this works: This isn't a prompt you paste; it's the question to ask yourself before a sensitive chat. The useful skill here is matching the tool to the sensitivity: Temporary Chat for the one-off, training-off for ongoing work use, and neither as a substitute for not pasting confidential data in the first place.
Account security: make a stolen password not enough
Here's the uncomfortable bit. Your ChatGPT account may now hold months of work context in memory, custom GPTs, and live connectors into your Drive or email. If someone gets your password, they get all of that. So the single highest-value thing in this lesson is turning on multi-factor authentication (MFA).
MFA means a password alone won't let anyone in; sign-in also needs a second factor, typically a one-time code from an authenticator app, a push you approve, or a code by text. You'll find it in the account's security settings, and once enabled it applies across OpenAI services. It's a five-minute job that defeats the most common attack there is: a leaked or guessed password. If you do only one thing from this lesson, do this.
Two more controls round out the account side:
- Log out of all devices. In the security settings there's an option to end every active session at once, the thing to reach for if you've signed in on a shared or public computer, lost a device, or just want a clean slate. (Note it can take a little while to take effect everywhere, and enabling MFA doesn't automatically log out existing sessions, so do both.)
- Review connected apps and connectors. Everything you connected in the last lesson is standing access. Periodically look down the list and remove anything you no longer use. A connector you've forgotten is access you're no longer watching.
My ChatGPT security pass: MFA is turned on (authenticator app or push, not just a password). I've reviewed connected apps/connectors and removed any I don't use. I know where "log out of all devices" is, for shared computers or a lost phone. My training-data setting matches how I use the account (off for work). I use Temporary Chat for one-off sensitive queries.
Why this works: Security lapses are almost always omissions, not mistakes: the thing you never got round to. A short standing checklist turns 'I should sort that out' into a five-minute pass you can actually complete, and revisit. This is the reusable takeaway: the list, not any one setting.
Lockdown Mode: shipping the Phase 0 mitigation
Back in Phase 0 you learned about prompt injection: hidden instructions buried in a web page, a file or an email that try to hijack an AI into doing something you never asked, and the real danger, quietly exfiltrating your data by getting the tool to send it somewhere. Once you've connected apps and let an agent browse and act, that stops being theoretical: an injected instruction now has both something worth stealing and a way to send it out.
OpenAI has since shipped a direct mitigation for exactly this, called Lockdown Mode: an optional, conservative configuration for people handling sensitive information. Turn it on and ChatGPT deliberately limits or switches off the features that connect it to the outside world (live web access, Agent Mode, connectors, and file downloads among them), which closes the routes an injection would use to send your data out. You trade some functionality for a much smaller attack surface. It doesn't stop a malicious instruction appearing in content ChatGPT reads, but it severs the step where that instruction could carry your data away, which is the part that actually hurts.
The point worth sitting with: the risk you were taught to reason about abstractly is now something the product itself hands you a switch for. Lockdown Mode won't suit everyday use (you lose too much), but for a stretch of sensitive work, or a connected account you're nervous about, it's the built-in version of the caution Phase 0 asked you to apply by hand. If you don't need connectors, browsing and agents for a task, turning them off for it is no longer a manual discipline; it's a setting.
Matching your settings to how you use it
The right configuration depends on the account. A quick way to decide:
- Personal account, casual use: MFA on regardless; training setting to taste. Low stakes, but MFA is still free protection.
- Personal account used for work: MFA on; training off; connectors only for non-confidential material; Temporary Chat for anything sensitive, and stay inside your employer's policy and UK GDPR for anything involving other people's data. For an especially sensitive piece of work, consider switching on Lockdown Mode for the duration.
- Managed work account: much of this may be set by your organisation, and that's the point of those plans. Don't fight the guardrails; do still turn on any personal MFA and know your organisation's rules on what you can share.
The through-line is the same one from Phase 0, now made concrete with switches: decide deliberately, don't drift into defaults. The defaults are set for the average user, not for someone who's wired ChatGPT into their working life. You have, so the settings are worth ten minutes of your deliberate attention.
Try it now
Common mistakes
- Relying on a password alone. The most common account compromise is a reused or leaked password. MFA is the cheap fix that makes one on its own useless; skipping it is the biggest avoidable risk here.
- Thinking the training toggle makes it safe to paste anything. Turning off training reduces how your content is used; it doesn't change that you've sent confidential data to an external service. Phase 0's rules and your employer's policy still govern what you share.
- Set-and-forget connectors and sessions. Access you granted months ago and forgot is access no one is watching. Review connected apps periodically and log out of sessions you don't recognise.
- Assuming the defaults were chosen for you (over-trust). It's easy to trust that a big, professional product's out-of-the-box settings are the safe, private ones, but defaults are tuned for the average user and often have training on and no MFA, which is not the right setup for someone who's connected work apps and stored work context. Don't mistake "it came like this" for "this is right for me." Open the settings and decide each one yourself; the safe configuration is the one you set on purpose.
Keeping current
Data-control wording, the exact security options, MFA methods and how Temporary Chat behaves all change over time. Lockdown Mode was announced on 4 June 2026 and began on personal and self-serve Business accounts, so its availability and exactly which features it restricts will keep evolving; check the current details before relying on it. For the current details, see OpenAI's Data Controls FAQ, Lockdown Mode help article, Enabling or disabling MFA and How to keep your OpenAI account secure, plus the ChatGPT release notes. Accurate as of 14 July 2026.