QWE AI Academy Here’s a fact most comparison articles skip: between June and September 2025, every ChatGPT conversation you had – including the ones you deleted – was being preserved on OpenAI’s servers under a federal court order. Not for safety. For litigation. OpenAI confirmed in its own blog post that limited historical April-September 2025 user data is still being securely stored because the New York Times is still demanding it.
That’s the kind of detail that reframes the whole Ollama privacy vs ChatGPT debate. It’s not really cloud-vs-local. It’s about who has legal authority over your prompts after you hit send.
The takeaway, upfront
If your prompts are mundane, ChatGPT’s standard 30-day retention is fine. If they contain anything you wouldn’t want subpoenaed, Ollama wins – but only if you configure it correctly. A misconfigured Ollama install can be more exposed than a logged-in ChatGPT account, because the default API has no authentication.
That’s the part nobody talks about. Here’s what that actually means.
Background: what each tool actually does with your data
ChatGPT: server-side, always. Your prompt travels over the internet, gets processed, logged. Delete a chat and it’s queued for permanent removal within 30 days – per OpenAI’s retention policy, as of mid-2025. Legal exceptions, as we just covered, can extend that window significantly.
Ollama is different. It’s an open-source tool that runs large language models directly on your local machine – no account, no API key, no outbound prompt traffic during inference. Full data ownership by design.
So far this matches every other comparison you’ve read. Now the part they get wrong.
Ollama privacy vs ChatGPT: the comparison nobody draws correctly
It’s messier than that, because each side has carve-outs that change the math.
| Privacy dimension | ChatGPT (Free/Plus/Pro) | ChatGPT Enterprise | Ollama (default) |
|---|---|---|---|
| Trained on your data? | Yes, unless you opt out | No, by default | No – model is static |
| Standard retention | 30 days after deletion | Admin-controlled, 90-day minimum | None – local files only |
| Subject to NYT court order (Apr-Sep 2025) | Yes | No (excluded May 27) | No |
| Network exposure risk | OpenAI’s infrastructure | OpenAI’s infrastructure | Your machine – depends on config |
| Zero-logging option | No | ZDR API only | Default behavior |
Notice what the table reveals: on May 27, the Magistrate Judge clarified that ChatGPT Enterprise is excluded from preservation, while consumer Plus and Pro were not. Someone paying $200/month for ChatGPT Pro got less legal-hold protection during that window than a Business customer paying less. The pricing tier didn’t track with the privacy tier – the contract type did.
After months of litigation, OpenAI is no longer under a legal order to retain consumer ChatGPT and API content indefinitely; obligations under the earlier order ended on September 26, 2025, and deleted conversations now return to the 30-day deletion window. Good news, but the principle still stands: a future court order could trigger the same retention again. Local doesn’t have that exposure.
Walkthrough: making Ollama actually private
Installing Ollama is easy. Making it actually local-only takes three deliberate steps that most tutorials skip.
Step 1: bind to localhost only
By default, Ollama serves an HTTP API on port 11434. If you’ve ever set OLLAMA_HOST=0.0.0.0 to access it from another device on your network, you’ve potentially opened it to the entire internet – depending on your router and firewall.
# Force localhost binding (Linux/macOS)
export OLLAMA_HOST=127.0.0.1:11434
ollama serve
# Verify nothing else is listening
lsof -i :11434UpGuard counted 7,000+ publicly reachable Ollama instances in early 2025 – all serving a live API with zero authentication. Anyone who found them could query your model as freely as you can.
Step 2: confirm zero outbound traffic during inference
Run a quick sanity check while a model is generating. On macOS or Linux, open a second terminal:
# Watch outbound connections during a prompt
sudo lsof -i -n -P | grep -i ollamaYou should see only loopback (127.0.0.1) connections during inference. The Ollama process itself does check for updates periodically, so the absence of any outbound traffic isn’t realistic – but during an active prompt, nothing should leave your machine.
Step 3: handle the model download honestly
Pulling a model phones home. There’s no way around that – you’re downloading weights from a registry. Ollama supports Llama 3.1, Mistral, Mixtral, Gemma, Phi, Code Llama and many others, and pulling each one creates a network record of which model you fetched. After the pull, you’re offline. Before the pull, you’re not.
Pro tip: If even the model download is sensitive (say, you don’t want anyone to know you’re testing a specific medical or legal model), pull it on a separate network and then transfer the
~/.ollama/modelsdirectory to your work machine. The runtime never needs to re-fetch.
Edge cases the comparison guides miss
Three scenarios where the simple “local = private” framing breaks down.
The Enterprise exception flip
If you’re a small team that needs auditable privacy, OpenAI does not use ChatGPT Business or Enterprise content to train its models by default, and Enterprise Owners can set a custom retention policy with a 90-day minimum. That can be a more defensible setup than a self-hosted Ollama box that your IT team can’t audit. Privacy isn’t just “where the data lives” – it’s “who can prove what happened to it.”
Zero Data Retention API: the option most people don’t know exists
ZDR API: prompts and responses never logged, never retained. Per OpenAI’s NYT litigation response, ZDR customers weren’t touched by the preservation order at all. Closest cloud equivalent to Ollama. Catch: it requires a sales conversation and isn’t on any consumer plan.
The ‘local’ that isn’t quite local
Ollama doesn’t publish a complete list of what its background processes communicate to its servers (update checks, telemetry). The community recommendation is to monitor network traffic during inference to confirm zero external connections. As of early 2026, this is still on the user to verify – there’s no third-party audit. Take the privacy claim seriously, but verify it.
So which one should you use?
Marketing copy, public article summaries, brainstorming? ChatGPT is fine. The 30-day deletion window (as of mid-2025) is short enough that the practical risk is low for everyday work.
Client NDAs, draft contracts, code that hasn’t shipped – different story. Ollama, configured right, leaves zero record on anyone else’s server. As of early 2026, a 16GB laptop handles 7B models without breaking a sweat – enough for most writing and coding tasks.
The middle ground: ChatGPT Enterprise with a custom retention policy and ZDR endpoints. Not glamorous, but auditable.
FAQ
Does turning off “Improve the model for everyone” actually protect my old ChatGPT chats?
No. The toggle only affects future conversations. Anything already used in training stays in the training set, and the setting doesn’t change retention duration.
I’m a freelance lawyer drafting a sensitive memo – can I just use ChatGPT Temporary Chat?
It’s better than nothing but not bulletproof. Per OpenAI’s documentation, Temporary Chats are auto-deleted within 30 days and aren’t used for training. The catch: during the NYT preservation window, Temporary Chats from consumer accounts were swept up alongside regular ones. If a similar order is ever issued again, that protection evaporates retroactively. For privileged client work, run Ollama with a 13B+ model locally, or use ChatGPT Enterprise with a Business Associate setup. Temporary Chat is a privacy improvement, not a privacy guarantee.
Is Ollama really 100% offline once installed?
The inference is. Update checks and the initial model pull aren’t. If you need true air-gap operation, install on an offline machine and copy the models directory across.
Next step: open a terminal right now and run lsof -i :11434. If you see anything other than 127.0.0.1, your “private” Ollama install is reachable from your local network. Fix that before your next sensitive prompt.