This is incorrect. As someone who has had the opportunity to work in several highly=regulated industries, companies do not want to hold onto extra data about you that they don’t have to unless their business is selling that data.
OpenAI already has a business, and not one they want to violate by having a massive amount of customer data stolen if they get hacked.
ChatGPT is not SOC2 compliant. They are not being regulated or audited by anyone that could prove your point.
The article and OpenAI themselves contradict you. Do you work at OpenAI?