Free text field and GDPR. Is free text sent to openAI considered personal information?


I’m developing an application that lets users log in and chat with the Open AI API. The messages is never stored on the server, and since it is my backend server that is sending http-requests to Open AI API, the texts the users write shouldnt be identified by IP, since it is my servers IP that request Open AI API. But since open AI saves the text for 30 days, will this be considering storing of personal information? Is free text without any identifiers personal data? I have no control of what the users write about them selves, but without an identifier, who can tell if what the users write a true or not?


AFAIK, ANY data sent by users or that is related to users, falls under GDPR

See the GDPR web sites for more info. It is a simple matter to just list all the data your application(s) use, how they use it, what they use it for, and how long it is stored, etc. Also allow the user to request for their data that is stored, and request a deletion, etc.

If your app lets users chat with Open AI without saving messages on your server, the concern is whether Open AI storing text for 30 days counts as holding personal info. Since the text lacks identifiers, it’s unclear if it qualifies as personal data. You can’t verify what users write, making it challenging to confirm the accuracy of their statements.