OpenAI reports 20M-log ChatGPT handover after May-Sep 2025 preservation order

• hasantoxr's May 13 order post said Judge Ona T. Wang required OpenAI to "preserve and segregate" output logs that otherwise would have been deleted, and the preservation order PDF matches that language.
• According to hasantoxr's affected-user list, the preservation window covered ChatGPT Free, Plus, Pro, Team, and API traffic without Zero Data Retention, while OpenAI's response says Enterprise, Edu, and ZDR API customers were excluded.
• hasantoxr's Brad Lightcap quote contrasted the order with OpenAI's usual 30-day deletion policy, which OpenAI's retention docs still describe as subject to legal obligations.
• hasantoxr's production-order summary said 20 million de-identified chats were ordered produced to New York Times lawyers, and Judge Stein's affirmance shows OpenAI lost its January 2026 appeal.

You can read the May 13 preservation order, OpenAI's own response to the NYT data demands, the Data Controls FAQ, and Ars Technica's November report in about ten minutes. The surprising bit is how ordinary the affected surfaces were: standard ChatGPT plans, Temporary Chats, and API use without ZDR all sat inside the dispute, while the later fix was only partial and date-bounded.

The May 13, 2025 order told OpenAI to preserve and segregate output logs that otherwise would have been deleted. The court document itself says the hold applied on a going-forward basis, including data deleted at user request or under privacy laws, until further court order.

That is the whole story in one line: deleted did not mean gone during the hold. For anyone using ChatGPT as a scratchpad for scripts, client notes, drafts, or moodboards, that is a much bigger privacy footnote than the average product settings page suggests.

OpenAI's public response and hasantoxr's list line up on the main scope:

• ChatGPT Free
• ChatGPT Plus
• ChatGPT Pro
• ChatGPT Team
• API customers not using Zero Data Retention
• Exempt: ChatGPT Enterprise, ChatGPT Edu, and ZDR API traffic

OpenAI's response page adds one important timeline detail: the company says the broad obligation ended on September 26, 2025, after which normal 30-day deletion resumed for new consumer chats and API data.

OpenAI's normal product language says deleted chats and Temporary Chats are removed within 30 days. The catch, spelled out in both hasantoxr's policy post and OpenAI's retention policy, is that legal obligations override that default.

The same split shows up in the settings docs:

• "Improve the model for everyone" controls training use, per the Data Controls FAQ
• Temporary Chat keeps a conversation out of history and out of training, per hasantoxr's Temporary Chat post
• Neither setting prevents retention when a court orders a legal hold, according to the preservation order

That distinction matters because a lot of people read "not used for training" as "ephemeral." The docs do not promise that.

By November 2025, the fight had moved from preservation to production. Ars Technica's report quoted OpenAI saying more than 99.99 percent of the chats had nothing to do with the case, but Judge Wang still ordered the 20 million de-identified logs produced.

Judge Stein's January 5 affirmance rejected OpenAI's proposal to search the sample first and turn over a smaller subset. The court kept the bigger production, which is why the 20 million number stuck.

A top Hacker News discussion focused on the same tension: the logs were de-identified and covered by litigation limits, but commenters still fixated on the fact that full multi-turn conversations, not isolated prompt-output pairs, were at stake.

OpenAI argued the preservation demand collided with GDPR-style erasure rights. According to hasantoxr's GDPR post and OpenAI's own response page, later negotiations carved out conversations originating from the European Economic Area, the UK, and Switzerland.

That carve-out is easy to overread. It did not erase the earlier preservation window for everyone else, and OpenAI says it still securely stores a limited historical dataset from April through September 2025 to satisfy ongoing legal obligations.

The most concrete buried caveat lives in OpenAI's own retention language. hasantoxr's delete-account post quotes it directly: backend data is purged within 30 days, unless OpenAI must retain it for legal or security reasons.

The same help article says deleted chats disappear from your account immediately but can remain in systems during the retention window, or longer if they have been de-identified or held for legal reasons. That means the account-level controls most creatives actually touch, export data, delete a chat, Temporary Chat, delete the account, are product controls first and litigation-proof privacy controls second.