Kukui IT · Information Security Bulletin

Codex Data Collection Advisory

What OpenAI's Codex collects, where it's sent, and how it's retained — a plain-language snapshot of where things stand, and how to lock it down for maximum privacy.

Status as of July 2026 · OpenAI Codex

1What's Collected — and Where It's Sent

Unlike some assistants that split a metadata stream off to a separate analytics vendor, Codex sends everything to one place: OpenAI. When it runs against a ChatGPT account, your prompts, code, and conversation go straight to OpenAI's servers — and by default those responses are stored server-side and, on personal ChatGPT plans, used to train the model. Here is every key item and exactly where it lands.

OpenAI vendor servers / training Stored kept server-side (retention) Local stays on your machine
Data being collectedWhat it exposesSent to
ChatGPT account identityYour account & email tie the session to you — not anonymousOpenAI
Your full prompts & conversationsEvery word you type and receive, verbatimOpenAI
Your code & coding workThe actual source you paste, generate, or editOpenAI
Tool-call arguments & file contextCommand arguments, file paths, and content the model acts onOpenAI
Working directory & environmentThe folder Codex runs in, model, reasoning effort, token countsOpenAI
Stored responses (store = true, default)Each response is retained on OpenAI servers so turns can be chainedStored
→ Used to train future models (personal ChatGPT plans, default ON)Your content becomes training data for the next modelOpenAI
Local tool execution & outputRuns on your machine; only what's needed for the next turn is sentLocal
⚠ This runs as a ChatGPT account — consumer terms apply Codex here authenticates with a ChatGPT login and calls OpenAI's ChatGPT backend, so it is governed by ChatGPT's consumer data terms, not the stricter API terms. On Free, Plus, and Pro plans the “improve the model” setting is ON by default — an opt-out. If you never touched it, assume your prompts and code are being used to train the model.
💾 Extra retention surface: server-side response storage (default on) By default Codex runs with store = true so OpenAI holds prior context server-side and each turn sends only the new message. The practical effect: response objects are cached on OpenAI's servers. This is an optimization, not a requirement — turning it off simply replays the conversation from your own local history each turn. Functionality is identical either way; the only cost is slightly slower turns and higher token use on long conversations. Disabling it removes this cache (see below).

2Training Exposure by Plan

Whether your content is used to train the model depends entirely on your ChatGPT plan. Personal plans default ON; business plans are protected by contract.

How it breaks down by plan

PlanIs your content used for training?
FreeOn by default Your conversations and code are used to train the model unless you opt out in Data Controls.
PlusOn by default Same defaults as Free — a paid consumer plan does not exempt you. Training on unless you switch it off.
ProOn by default Same as Free and Plus — content is used for training unless you opt out. The burden is on you.
TeamProtected Workspace data is not used for training by default — a Data Processing Agreement prohibits it.
EnterpriseProtected Not used for training by default; contractual DPA. Zero-Data-Retention available for qualified accounts. The recommended tier for sensitive work.
Business / APIProtected Not used for training by default under commercial terms — unless you explicitly opt in.
The takeaway Privacy of your content is a plan & setting question. Use a Team / Enterprise / Business tier for real work, and — because the toggle defaults ON for personal ChatGPT plans — actively verify the “improve the model” setting is off rather than assuming it. A personal ChatGPT login used for work is the single highest-exposure configuration.

One caveat about opting out

Turning off model training stops future use for training, but it does not delete past conversations, and OpenAI still retains data for a period (commonly ~30 days) for abuse and safety monitoring. Zero-Data-Retention terms (Enterprise/API) are the only way to eliminate server-side retention entirely.

3Configuring for Maximum Privacy

Maximum privacy with Codex means addressing both the training setting and the server-side storage default. Here is the checklist we apply for our clients.

A. Turn off model training

🔑 Turn it off in ChatGPT's settings (personal accounts)

Open Settings → Data Controls and switch this off:

  1. Toggle Improve the model for everyone OFF — stops your conversations and code from being used to train the model.
Open ChatGPT Data Controls →

B. Disable server-side response storage

By default Codex chains turns using store = true, which caches each response on OpenAI's servers. This is a no-loss privacy setting — disabling it sends requests statelessly (the conversation is replayed from local history), so work is completely unaffected:

KukuiBot config key
codex.store_responses = false

The only trade-off: multi-turn conversations, tools, and coding all keep working exactly as before — the sole cost is slightly slower turns and higher token use on long chats, since context is re-sent rather than chained. No functionality is lost.

C. Use a protected plan for real work

Verification that actually sticks

  1. Confirm Improve the model for everyone is OFF in ChatGPT Data Controls.
  2. Set codex.store_responses = false to stop server-side response retention.
  3. Use a Team / Enterprise / Business account for anything sensitive.
  4. Remember: opting out stops future training but not the standard ~30-day safety-retention window — only ZDR removes that.

Bottom line

With Codex, everything goes to one vendor — OpenAI. On a personal ChatGPT plan your prompts and code are stored server-side and used for training by default. Two switches close that: turn off training, and turn off server-side storage.

Kukui IT configures these controls for our managed clients as part of a standard secure-development posture. If you would like us to audit and lock down the AI tooling in your environment, reach out to your account team.

Sources

Facts in this advisory are drawn from OpenAI's own documentation. Settings, defaults, and terms can change — always confirm against the current source and your own account settings.