A recent study by researchers at the IMDEA Networks Institute warns that conversations with popular generative AI platforms may not be as private as users believe. The research analyzed ChatGPT, Claude, Grok, and Perplexity AI, revealing that these services integrate trackers from major companies such as Meta, Google, and TikTok. These third-party tools can expose user conversation data and online activity, challenging the assumption that interactions with AI assistants are secure for sensitive information like health records or professional details. The study highlights that while the user interface mimics a private chat, the underlying infrastructure operates similarly to the traditional web, relying heavily on data collection and digital advertising services. Three primary risks were identified. First, chat permalinks and associated metadata, including chat titles and URLs, are transmitted to third-party trackers. Second, these tracking mechanisms can link AI interactions to real user identities using cookies, hashed email addresses, and server-side techniques, enabling the creation of persistent user profiles. Third, privacy controls and policies often fail to accurately reflect actual data flows, misleading users about the extent of data sharing. Specific findings indicate that Grok and Perplexity send conversation links with weak access controls to trackers like Meta Pixel. In severe cases, possessing a conversation link allows anyone, including trackers, to access the content. Furthermore, Grok was found to expose verbatim message text through Open Graph metadata collected by TikTok. Researchers emphasize that simply declining non-essential cookies is often insufficient to prevent this data leakage. The analysis suggests that current privacy controls and policies are misleading. While privacy documents acknowledge data sharing with business partners, they rarely explicitly state that actual user conversation content is part of this exchange. From a legal standpoint, particularly under GDPR regulations, the lack of a clear legal basis for such data sharing and the insufficient information provided to users are significant concerns. Experts note that sensitive information may be reaching the advertising industry, a risk comparable to the standard disclaimer warning users that AI responses may contain errors. The authors conclude that although these findings are preliminary, they underscore an urgent need for greater transparency, stronger access control mechanisms, and improved data protection within the generative AI ecosystem. The study calls for regulatory action to address these privacy gaps, as users currently have very limited options to protect their data against these embedded tracking practices.