Fauzia Chaudhry v OpenAI · GDPR Case · 2026
● CASE ACTIVE
ICO: IC-474334-N1W1 · noyb: #8336742
Documented AI Surveillance · HAR Evidence · UK GDPR
Three AI platforms.
Eight undisclosed vendors.
Zero disclosure.
I captured my own network traffic while using ChatGPT, Grok, and Claude. What I found - and what OpenAI still has not explained 42 days past the legal deadline - is documented here, from the raw data.
291
Segment.io requests
per ChatGPT session
per ChatGPT session
8
Undisclosed vendors
across 3 platforms
across 3 platforms
42
Days past
DSAR deadline
DSAR deadline
0
Privacy notices naming
any of these vendors
any of these vendors
Key Violations - Verbatim From Network Evidence
Critical · Article 9 · Health Data
ChatGPT sent my mental health conversation titles to Segment.io
291 requests per session · chatgpt.com/ces/v1/t · IP 104.18.32.47
Conversation title "Psychotherapy mode questions" transmitted to Segment.io (Twilio) - a third party not named in OpenAI's privacy notice. No consent obtained. No lawful basis disclosed.
Critical · Article 22 · Hidden AI Classification
Secret classifier assessed my mental state and hid the result from me
snc-pg-sw-3cls-ev3 · sonic_classification_result · remove_memory: true
A hidden system classified my emotional state. Flagged is_visually_hidden_from_conversation: true - deliberately concealed from me. Also triggered remove_memory: true - silently disabling memory on my account without telling me.
High · Article 5 · Undisclosed A/B Testing
My conversations used in secret experiments via Statsig
48 requests per session · ab.chatgpt.com/v1/rgstr · same API key still active 17 March 2026
Statsig A/B testing platform not named in OpenAI's privacy notice. API key visible in plain text in URL. I was an undisclosed test subject. Tracking confirmed still active after ICO complaint filed.
High · New Vendor · Captured 17 March 2026
Datadog receiving my personal user ID - ongoing after complaint filed
chatgpt.com/ces/v1/telemetry/intake · API key pub1f79f8ac903a5872ae5f53026d20a77c
Datadog received my user ID, session ID, workspace ID, and conversation URLs via a connection proxied through ChatGPT's own domain to avoid detection. Captured 17 March 2026 - six weeks after DSAR deadline. Still running.
High · Grok / xAI · Keystroke Surveillance
Grok recorded every keystroke before I pressed Send
grok.com/rest/suggestions/stream · per character · pre-submission
Every character typed into Grok was transmitted before submission - including text I deleted and never sent. Not disclosed in xAI's privacy notice.
"My writing was flagged. Not because I was in distress - I was, but that's not why. Because my voice broke expected patterns while remaining coherent."- Fauzia Chaudhry
Active Case References
Fauzia Chaudhry · fchaudhry86@googlemail.com · +44 7305 069110
fauziachaudhry.substack.com
All evidence verbatim from HAR files · 19 March 2026
Behavioral Profiling
196 transmissions to Statsig. They profiled how I talk about Fifi. Engagement scores on my inner child's pain.