Did OpenAI really share ChatGPT chats with Meta and Google?

It is an allegation, not a proven fact. A California class action accuses OpenAI of using Meta Pixel and Google Analytics on the ChatGPT website to share query data with Meta and Google. OpenAI is the only defendant, and it says it does not share conversations with marketing partners. A comparable suit against Perplexity was voluntarily dismissed.

What did the ChatGPT data sharing lawsuit actually claim was shared?

The complaint alleges that trackers on the ChatGPT website transmitted query topics, browser tab titles derived from queries, user IDs, and email addresses, along with identifying cookies. The term 'chat queries' is undefined in the filing and likely means topics or derived signals, not the full verbatim text of conversations. Whether actual prompt text was transmitted is the contested technical core.

Is ChatGPT safe to use for sensitive or confidential information?

The lawsuit reframes the question. The exposure it describes lives at the web layer, the browser page at chatgpt.com, not inside the AI model. For anything sensitive, the safer approach is architectural: keep the conversation off a tracked web page, and strip identifying details before any text reaches a cloud model.

Does deleting my ChatGPT conversations remove the data?

Not always. In 2025, a US court ordered OpenAI to preserve ChatGPT logs, including deleted ones, in separate litigation, a mandate later narrowed. Deleting old conversations is not always a clean reset, which is one reason a privacy-focused, local-first AI tool can be a safer default for sensitive work.

NewsAI PrivacyJune 2, 2026 · 7 min read

OpenAI Is Accused of Sharing ChatGPT Chats With Meta and Google

A California ChatGPT user filed a class action in mid-May 2026, and it became a ChatGPT data sharing lawsuit overnight. The complaint accuses OpenAI of allegedly routing private query data to Meta and Google without users knowing or agreeing to it.

Ever typed a health worry, a money problem, or a client question into ChatGPT? The obvious next thought is whether it is safe. The honest answer turns out to be narrower and stranger than the headlines suggest, and the part that matters most is the part almost no outlet bothers to explain.

1,000+

CIPA website-wiretapping suits filed in 2025, the playbook this case borrows

$5,000

Statutory damages sought per violation (a litigation ask, not awarded)

23%

of the top 10,000 websites embed Meta Pixel (Stony Brook, 2025)

66%

of US hospital-website observations used pixel tracking, 2012-2023 (PNAS Nexus, 2025)

In Short

A California class action accuses OpenAI of allegedly sharing ChatGPT users' query data with Meta and Google through Meta Pixel and Google Analytics embedded on the chat website.
OpenAI is the only defendant; Meta and Google are named as alleged recipients, not parties being sued.
The complaints appear to allege query topics and tab-title signals plus identifiers, not the full verbatim text of conversations, and OpenAI says it does not share conversations with marketing partners.
This is the same “pixel lawsuit” wiretap playbook that produced more than 1,000 filings in 2025, now reaching AI companies.
The durable takeaway holds even if the case is dismissed, as a comparable Perplexity suit was. The leak vector is the tracked web page, not the AI model, so the only reliable fix is architectural.

Why the ChatGPT Data Sharing Lawsuit Is Bigger Than One Company

A California ChatGPT data sharing lawsuit names OpenAI as the sole defendant, with Meta and Google as alleged recipients.

Shape of the claim matters more than the volume around it. The complaint alleges OpenAI used Meta Pixel and Google Analytics on the ChatGPT website to share query topics, user IDs, and email addresses. OpenAI is the sole defendant. Meta and Google are named only as the alleged recipients of the data, not as parties to the suit.

Old wiretap statutes anchor the legal theory, and the numbers it cites look eye-catching on paper.

The suit invokes the California Invasion of Privacy Act (CIPA), the Electronic Communications Privacy Act (ECPA), and the California Constitution, plus an intrusion-upon-seclusion count.
It seeks a nationwide class and a California subclass, a jury trial, and statutory damages of up to $5,000 per violation or three times actual damages.
More than 1,000 CIPA “website wiretapping” suits were filed in 2025 alone, the exact playbook this case borrows.
Perplexity got hit with a near-identical complaint first, in March 2026, before OpenAI did.

Read that as a template, not an isolated scandal. Plaintiff's-bar method once aimed at hospitals, retailers, and publishers now points at AI vendors. More such suits are likely across the sector regardless of how this one ends. Worth saying plainly: the $5,000-per-violation figure is a litigation ask, not money anyone has been awarded.

What Meta Pixel and Google Analytics Actually Do

How Meta Pixel allegedly reads a browser tab title derived from a ChatGPT query and forwards it with identifying cookies.

Meta Pixel and Google Analytics are small pieces of code that sit on a website and quietly report what visitors do back to Meta and Google. They power ads and measurement, and they run on millions of perfectly ordinary sites.

Mechanism alleged in this case is the part that makes people uneasy. On the ChatGPT website, the complaint says these trackers fired silent requests carrying a browser tab title derived from the query, along with identifying cookies. Ask “who won the 2005 Super Bowl,” and the tab title becomes something like “Super Bowl 2005 Winner,” which the tracker allegedly reads and forwards.

Cookies and identifiers named in the filing are what tie that activity back to a real account.

The Facebook cookies named include c_user, fr, and fbp, which can connect activity to a logged-in Facebook account.
Google Analytics tags are alleged to have captured hashed email addresses, device identifiers, and Google Signals cookies mapped to a logged-in Google profile.
The Google Analytics line quoted in the complaint describes what Analytics is designed to do in general, not specific proof it transmitted ChatGPT chats.
“Chat queries” is an undefined term in the filing and likely means topics or derived signals, not the full verbatim text of a conversation.

Scary versions skip one caveat. A tracker firing on a page captures URLs, tab titles, events, and IDs. Whether the actual text of a prompt was transmitted is the contested technical core, and nobody has proven it. A pixel firing is not the same thing as Meta or Google reading your conversations, but it does reframe the broader question of whether ChatGPT is safe for anything sensitive.

The Leak Is the Website, Not the AI

The alleged leak vector is the tracked web page, not the AI model itself, with PIIxel Leaks pixel-tracking statistics.

Everyone keeps quoting the browser tab title as a gotcha, and that detail is itself the most useful one in the whole ChatGPT data sharing lawsuit. Exposure lives at the web layer, the browser page at chatgpt.com, not inside the model. Danger was never that an AI “read” something. A confidant-style conversation happened on a tracked web surface in the first place, and that is the real problem.

None of this counts as a new or exotic risk. Researchers have measured it for years, most recently in a 2025 study of the top one million sites from Stony Brook.

That study found roughly 23% of the top 10,000 websites embed Meta Pixel, so the exact tracker named in the complaint is baseline infrastructure, not an edge case.
The same research quantified real personally identifiable information (PII) leaking through that pixel, heaviest on gambling and education sites and lowest on tightly regulated health and finance pages.
A separate 2025 study found pixel tracking on about 66% of US hospital-website observations from 2012 to 2023, evidence the failure mode is systemic across sensitive contexts.
The OpenAI complaints allege query topics and derived signals, unlike the dismissed Perplexity suit, which alleged full chat text, a narrower and harder-to-prove claim.

Even so, the case is far from a sure thing. One infosec researcher called it a pretty weak case, since OpenAI's policy already discloses sharing some data with ad platforms. A comparable Perplexity suit was voluntarily dismissed in May 2026. Courts are split on whether common trackers even count as wiretaps under CIPA, and OpenAI says it does not share conversations with marketing partners. The structural takeaway holds whether the plaintiffs win or lose.

What This Means for You and Your Clients

Regulated professionals face confidentiality risk, not just personal privacy concerns, and ChatGPT carries no legal privilege.

Realistic personal risk is not that strangers are reading your transcripts. Sensitive context existed on a tracked surface at all, and you may have “agreed” to analytics trackers buried in a policy you never read. Consent adequacy, not the mere existence of trackers, is the real legal battleground here.

The practical implications are narrower than the panic suggests.

The exposure described is web-layer, so the browser is the surface in question; whether the native desktop or mobile apps are implicated at all is unclear in the filing.
Deleting old conversations is not always a clean reset. In 2025, a US court ordered OpenAI to preserve ChatGPT logs, including deleted ones, in separate litigation, a mandate later narrowed but still one of several reasons a private AI tool can be the safer default.
OpenAI's likely defense is that its privacy policy already discloses sharing some data with advertising platforms, part of why courts may find no reasonable expectation of privacy.
The same pixel-suit template will keep hitting AI vendors, so this is a category problem, not a single-company one.

Lawyers, doctors, therapists, financial advisors, and accountants face something past personal annoyance here. This touches professional duty: attorney-client privilege, confidentiality, fiduciary obligation. Sam Altman has said ChatGPT chats carry no legal confidentiality the way a conversation with a therapist or lawyer would. Routing client or patient facts through a tracked chatbot stacks a silent disclosure channel on top of a confidentiality problem that already exists.

How to Use Powerful AI Without the Tracked Web Page

Elephas runs on-device as a native Mac app, so there is no tracked web page in the path.

Only one defense survives both a won lawsuit and a lost one, and it is architectural. Keep the conversation off any tracked web page, and the entire pixel-and-analytics surface in the complaint simply does not exist. Stripping identifying details before anything reaches a cloud model closes the gap that is left.

Elephas is one way that principle takes physical form. Built as a native Mac app rather than a browser tab, it gives a third-party web page nothing to track and no pixel to fire. It provides built-in local LLM models, so sensitive work can run fully on-device with no cloud call and no tracked surface anywhere in the path.

Smart Redaction strips PII on your Mac before anything reaches a cloud model, then reassembles the answer locally.

For people who want a leading cloud model anyway, the privacy work happens before your text leaves the machine.

Smart Redaction (beta) strips sensitive details (names, emails, phone numbers, card numbers, client and medical identifiers) on your Mac before any prompt reaches a cloud model, and it is available on all plans, including Free.
The sequence runs local Mac, then redact, then cloud AI, then answer back, then reassembled locally, so the cloud model only ever sees sanitized text.
You can keep the cloud models you already trust (ChatGPT 5.5, Claude Opus 4.7, Gemini, Perplexity, Grok) with Elephas sitting between you and the cloud as the privacy-focused tool.
Zero data retention means content never trains AI models, never sits on a vendor's server, and never passes through a third-party reviewer's screen.

On cost, Elephas has a free plan. Paid plans start at $9.99 per month for the Standard tier, with Pro at $19.99 and Pro Plus at $39.99 for maximum credits. Professionals who cannot certify what happened to a client's data on a tracked page get a cleaner default by keeping the sensitive part on-device.

What to Watch From Here

Courts could certify the case or quietly dismiss it, the way the comparable Perplexity suit already was. Judges still disagree on whether common trackers are wiretaps, and proposed California legislation could shrink the whole theory before it gets traction. A wave of similar filings spreading across AI companies is the part most likely to outlast any single verdict.

Whatever the court decides, the lesson stays steady. Treat a browser-based chatbot as a tracked web page, and keep your most sensitive questions on a surface that has nothing to fire and no one to forward them to.

For anyone who would rather not gamble on a privacy policy, Elephas is the privacy-friendly alternative: a native Mac AI knowledge assistant with built-in local LLM models and on-device redaction that keep sensitive questions off any tracked web page in the first place.

Keep Sensitive Chats Off the Tracked Web Page

Elephas is the privacy-friendly AI knowledge assistant for Mac. Built-in local LLM models, Smart Redaction before anything reaches the cloud, and zero data retention. Your data never leaves your device.

Try Elephas Free

Written by

Selvam Sivakumar

Founder, Elephas.app

Selvam Sivakumar is the founder of Elephas and an expert in AI, Mac apps, and productivity tools. He writes about practical ways professionals can use AI to work smarter while keeping their data private.

Sources

Back to News