AI Chatbots Leak Conversation Links and Personal Data to Third‑Party Trackers

Researchers examined four leading generative AI platforms—ChatGPT, Claude, Grok and Perplexity—and identified more than thirteen distinct third‑party tracking tools embedded in their interfaces. The study shows that these tools operate across free and paid tiers, often without clear user consent.

Key facts - Grok forwards conversation URLs and page titles to Google Analytics, DoubleClick, and, in some cases, TikTok or Meta. Those links can reveal the subject of a chat and, if shared publicly, expose the content to advertisers. - Claude transmits users' email addresses and conversation titles to Intercom, a customer‑support platform, and links activity across services through server‑side signals that bypass browser controls. - ChatGPT sends full conversation links and titles to Google Analytics for free‑tier users regardless of cookie preferences. - Perplexity stopped using Meta Pixel in April 2026 but continues to send raw email addresses, conversation titles and metadata to tools such as Datadog and Singular.

The leakage extends beyond URLs. Tracking services receive cookies and identifiers that can tie a conversation to a specific user profile, enabling re‑identification through email hashes or cross‑site syncing. While the study does not prove that advertisers read the content, the technical possibility alone raises structural privacy concerns.

What it means Users assume AI assistants are private spaces for personal queries, yet the embedded analytics expose sensitive topics—health, finances, or proprietary business information—to advertising networks. Companies that rely on these tools risk inadvertent disclosure of intellectual property. The findings also highlight a gap between stated privacy policies and actual data flows, as many platforms allow server‑side tracking that bypasses user‑controlled cookie settings.

Regulators may scrutinize these practices as they blur the line between web‑based advertising and AI‑driven services. Developers could face pressure to redesign consent mechanisms or limit data sharing to essential functions.

What to watch next Monitor regulatory responses in Nigeria and globally, and watch for platform updates that either curb or further obscure third‑party data collection.