The Practical Guide to eDiscovery for ChatGPT
ChatGPT is now part of the corporate bloodstream — and a Delaware court has already compelled the production of an executive's ChatGPT conversations as evidence of a contract breach. This guide shows legal and IT teams how to preserve, collect, and produce that data defensibly, before a matter forces the question.
ChatGPT is creating discoverable data. Most teams have no workflow to handle it.
ChatGPT data doesn't behave like the email and chat you already collect
Legal and IT teams have handled conversational, editable content from email and Slack for years. ChatGPT is different in ways that change how you preserve it, where it lives, and what a defensible collection has to capture.
Whole thread is on the record
Each thread preserves prompts and responses in order, with a timestamp on each, plus the conversation title, the custodian, and the model version used. Keeping the two distinct and in sequence is what makes a thread reviewable later.
Nothing gets edited away
Edit a prompt and ChatGPT keeps both the original and the revision, along with the response to each. A defensible collection captures both, so reviewers can see what was asked first and what changed.
"Deleted" doesn't mean gone
Temporary chats never appear in a user's history, but OpenAI retains them for a short window and they're collectible through the Compliance API during it. A conversation an employee assumes has vanished may still be within reach.
One chat, many custodians
When someone branches a shared thread and continues it, OpenAI treats the branch as a new, independent conversation. The same original can surface under several custodians, each collected as a separate item.
The files come with it
Uploaded files, ChatGPT-generated files, and the source URLs cited during web browsing are all part of the record. One catch worth planning for: uploaded files expire on their own short schedule, separate from your chat retention policy.
Raw data is unreadable
Pulled straight from the Compliance API, the data is a stream of prompts, responses, timestamps, and attachment references that's hard to review at scale. Turning it into readable, contextual threads is core to any ChatGPT eDiscovery workflow.
If you expect to preserve, collect, or produce ChatGPT data, the time to learn the platform is before a matter creates the urgency.
“We wanted to have confidence that the data we’re preserving and storing is not at risk of accidental deletion or spoliation. That’s where we’re seeing the value—ensuring we’re not going to get in trouble
when it comes to any of this data.”
A complete playbook for ChatGPT eDiscovery, from retention to review
This practical guide covers how ChatGPT data works, how long it actually survives, what it takes to collect it, and how to turn all of that into a workflow your team can repeat and defend.
Know what to collect
ChatGPT data hides in more places than most people expect. The guide walks through every type that can turn into evidence: prompt and response threads, edited prompts, uploaded and generated files, web citations, custom GPTs, and temporary chats. Once you know what actually exists, you can scope a collection that doesn't quietly leave half the record behind.
Beat the retention clock
ChatGPT data lives on three separate clocks, and a lot of teams only find that out after something is already gone. The guide breaks down the workspace retention policy, the 30-day window for deleted and temporary chats, and the 30-day compliance logs window, so you can document them together and stop losing data you'll later need to produce.
Collect by custodian
You rarely need a whole workspace. Onna connects through the OpenAI Compliance API and pulls only the custodians a matter actually involves, so you gather what's relevant instead of everything in sight. That keeps your volumes down from the very first step and makes the collection far easier to defend down the line.
Skip the engineering
Going at the Compliance API yourself means building a connector, maintaining it, and then parsing raw JSON into something a reviewer can read. With Onna you connect using your own API key and Workspace ID, and it handles the rest, turning the export into clean, readable threads with the prompts and responses kept in order.
Cut review costs
Most of the cost in eDiscovery comes from moving data you never needed in the first place. Because Onna scopes by custodian and lets you cull before anything is exported, teams routinely trim their data sets by more than 70 percent. In practice that has meant roughly 25 percent lower collection costs and 40 percent lower review costs.
Stay defensible
Defensibility really comes down to being able to show exactly what you collected and how. Onna keeps detailed audit logs, maps every conversation back to the right custodian, and preserves the original thread structure, so your chain of custody holds up from the moment you collect all the way through production.
Built for legal and IT teams navigating AI discovery for the first time.
This guide was produced by Onna, the leading eDiscovery data collection platform, trusted by legal and IT teams at some of the largest and fastest-growing companies globally. It draws on direct experience helping organizations preserve and collect collaboration data across 29+ apps, including Google Gemini, Google Workspace, Slack, Teams, Zoom, Jira, and, of course, ChatGPT.
As AI tools become a standard part of enterprise work, the goal is simple: help legal teams get ahead of AI data obligations before they become a liability.
Ready to get your ChatGPT eDiscovery workflow in order?
Download the guide to preserve, collect, and produce ChatGPT data — and turn scattered conversations into a single, defensible source of truth.
