not that i'm aware of. i don't think we see them or anything, they just get stashed somewhere. in theory i can presumably look anything up in the database, probably, but i don't know why i'd care.
If you're paranoid, you can hit the little floppy disk icon in the post toolbar (next to the undo/redo arrows) and hit "Delete draft."
i just want to state for the record that, for the most part, i am about the least-motivated snooper you could imagine. like, if i don't have specific reasons to think you're a threat to someone else (and i don't), i'm not gonna spend time going and looking at stuff.
Oh, I'm definitely paranoid, but "seebs apparently genuinely not knowing whether or how they could access it" is more reassuring than the answers I thought I might get.
Yeah, it turns out that "well, gosh, it's a database, I assume it saves them, and probably not encrypted" is a lot more convincing than "oh, no, that's impossible for admins to see", because the latter is almost certainly a direct lie, while the former tells you whether or not I ever even looked.
I think with AI that sophisticated one could argue they may be a bot, but not a spam bot, as they are not spamming, and should be allowed to be a user. Rights for bots!