OpenAI has confirmed that it may retain chat logs and associated screenshots from its new AI agent, Operator, for up to 90 days. This retention policy applies even after users manually delete the information from their accounts.
Data Retention: A 60-Day Gap
The 90-day window for Operator stands in stark contrast to the company’s standard data retention policy for ChatGPT, which deletes user data after 30 days. This discrepancy means Operator users face a storage period three times longer than those using the standard chatbot platform.
Security Measures or Privacy Risk?
OpenAI justifies this extended timeframe as a necessary security measure. According to a company spokesperson, the 90-day period is designed to combat potential abuse. Because AI agents represent a nascent technology, the company claims it requires additional time to analyze and review potential “abuse vectors.” This extended window is intended to refine fraud monitoring and ensure the platform remains secure from misuse.
How Operator Functions
Unveiled this past Thursday, Operator is currently available as a research preview for users subscribed to the $200-per-month ChatGPT Pro plan. The tool acts as a general-purpose AI agent equipped with an integrated browser capable of executing independent actions across the web, such as:
- Booking travel accommodations
- Making restaurant reservations
- Executing online shopping tasks
The Role of Screenshots in Automation
To navigate the web effectively, Operator captures screenshots of its built-in browser. These images allow the AI to interpret interface elements, such as button locations and form fields, to complete tasks autonomously. OpenAI clarifies that the system does not capture screenshots when it encounters “stuck” points—such as password prompts—a state the company refers to as “take over” mode.
Access and Oversight
Despite the functional benefits, the prospect of OpenAI retaining visual data of online activity for three months raises privacy questions. The company maintains that, similar to its ChatGPT protocols, this data may be accessed by a “limited number of authorized OpenAI personnel” and “trusted service providers.” Access is strictly limited to investigating abuse reports and addressing legal requirements.