OpenAI Atlas and the privacy settings worth checking
OpenAI Atlas brings ChatGPT into the browser. That gives you convenience, but it also adds new places where browsing data can end up. The browser stores more than raw history and cookies, and you need to know what is being kept.
How Atlas changes what the browser keeps
Atlas is not just a Chromium shell with a chatbot bolted on. It can read pages for on-page help, summarise content, and use an optional Browser Memories feature that keeps contextual records of sites you visit and actions you take. OpenAI says those memories stay private to your ChatGPT account and that you can view, archive, or delete them in Settings. OpenAI also says browsing content is not used to train public models by default, unless you change that in Data Controls [OpenAI Help Center].
That changes two assumptions. First, the browser now keeps summarised, contextual data, not just the usual history. Second, the assistant and the memory store sit with the same vendor. That concentrates risk. Reporters and researchers have already shown that Atlas can retain sensitive browsing threads, which is enough reason to treat the memory layer with caution [Washington Post].
In day-to-day use, the main effects are straightforward:
- The Ask ChatGPT sidebar can recall sites you visited and use them in later replies.
- Incognito windows stop memory creation for that session.
- You can turn off assistant visibility for a site with the lock icon in the address bar.
- Agent Mode can act on your behalf, but that needs broader permissions and widens the attack surface.
That is useful if you want the browser to remember more for you. It is awkward if you want work and personal browsing kept apart, or if you do not want sensitive searches sitting in one account.
How to check and tighten Atlas privacy settings
Start in Settings and work through these one by one. Check each change after you make it.
-
Check Data Controls and the training setting
- Path: Settings → Data Controls.
- Action: Confirm Include web browsing or Help improve browsing and search is off unless you want to opt in.
- Verify: Run a short browsing session, then open Settings → Data Controls → View training data status. If you opted out, recent pages should not be flagged for training.
-
Turn Browser Memories off, or clear them out
- Path: Settings → Personalisation / Browser Memories.
- Action: Disable memories if you do not want Atlas keeping contextual summaries. If you leave them on, open the memories list and archive or delete anything sensitive.
- Verify: After disabling, open a normal tab, click Ask ChatGPT, and ask for a summary of the page. If memories are off, Atlas should not pull in prior browsing context.
-
Use per-site visibility controls
- Action: On any site you do not want the assistant to read, click the lock icon in the address bar and disable Atlas visibility for that domain.
- Example: Turn it off for banks, health sites, or login pages. That stops on-page reading and stops new memories being created for that site.
-
Use incognito for sensitive sessions
- Action: Use Atlas incognito mode for searches or sessions that should not be linked to your account. Agent Mode and memories will not record in incognito.
- Verify: Open an incognito window, do the task, then check Settings → Browser History and Memories; the actions should be absent.
-
Keep a tight grip on Agent Mode
- Action: Agent Mode can automate tasks across sites. If you do not need that, leave it off. If you do use it, keep the scope narrow and limit permissions.
- Verify: Start an agent in a test account or non-critical profile. Watch which domains it touches and revoke permissions if it goes further than it should.
-
Split profiles and keep credentials separate
- Action: If Atlas becomes a daily browser, create separate profiles for personal, testing, or higher-risk browsing. That reduces cross-profile leak risk. Do not reuse passwords or session tokens across profiles.
- Verify: Log into a service in Profile A and check that Profile B has no session cookies for that site.
-
Purge old history and memories regularly
- Action: Set a monthly review for memory and history. Delete anything you no longer need.
- Verify: After purging, try to retrieve an old memory through Ask ChatGPT. If deletion worked, the assistant should not bring it back.
What to watch for
- Prompt injection and tainted memories are real risks. Malicious pages can try to feed the assistant content it should not trust. Keep per-site visibility strict on untrusted domains. Security researchers have also pointed at attacks against Atlas’ memory mechanism [Washington Post].
- OpenAI is moving fast. Recheck Data Controls after updates. Release notes can add new toggles or change behaviour, so it is worth checking Settings → Release Notes or the Help Center from time to time [OpenAI Help Center].
OpenAI Atlas adds an AI memory layer to the browser. That brings convenience, but it also creates new privacy and security decisions. Turn off memories if you do not need them. Use per-site visibility and incognito for sensitive work. Treat Agent Mode carefully. Check the settings, then check them again after updates.
Sources:
- OpenAI Help Center, ChatGPT Atlas — data controls and privacy: https://help.openai.com/en/articles/12574142-chatgpt-atlas-data-controls-and-privacy
- The Washington Post, “ChatGPT Atlas: What OpenAI’s browser collects and how to control your privacy”: https://www.washingtonpost.com/technology/2025/10/22/chatgpt-atlas-browser/



