OpenAI's privacy policy was updated on March 6, 2026, with changes to how it describes data uses and disclosures. The updated policy removed explicit language about receiving data from advertisers to measure ad effectiveness for Free and Go users, and removed mention of direct marketing to promote products and services. The revised policy now refers to vendors and service providers without explicitly naming marketing partners, and adds a new reference to a Korea-specific addendum for users in the Republic of Korea.
The updated policy removes explicit disclosure that OpenAI receives information from advertisers and other data partners to measure ad effectiveness for Free and Go users. The revised language no longer describes direct marketing practices, though the policy continues to authorize communication about services and events. A new reference to a Korea-specific addendum has been added for users in the Republic of Korea. The removal of advertiser data partner language means these practices are no longer explicitly disclosed in the main policy, though their status in regional addenda or other documents is unclear.
The updated policy removes explicit disclosures about how advertiser data is collected and used to measure ad performance, and eliminates transparency about direct marketing practices. Under privacy laws requiring transparent description of data sources and processing purposes (GDPR, CCPA, PIPA), the absence of these disclosures may create compliance gaps if the practices continue undisclosed, or may clarify that these practices have discontinued. Organizations referencing OpenAI's privacy policy in their own vendor documentation or privacy notices will need to update their compliance materials to reflect the removal of these disclosures.
→ Review OpenAI's updated privacy policy to identify what data uses are now disclosed
→ If in the Republic of Korea, consult the Korea-specific addendum referenced in the policy
→ Consider contacting OpenAI support if you need clarification on whether advertiser data partnerships continue or have ended
→ Users will operate under the updated policy terms as written, which no longer explicitly disclose advertiser data use or direct marketing practices.
→ Free and Go users may not be aware of any continued advertiser data partnerships or their scope, as these are no longer disclosed in the main policy.
→ Organizations that have not updated their vendor documentation or privacy notices referencing OpenAI may face misalignment between their own stated practices and OpenAI's actual disclosures.
Removed language stating OpenAI receives data from advertisers to measure ad effectiveness for Free and Go users.
Removed language describing promotion of products and services through direct marketing and assessment of effectiveness.
Added new reference directing users in the Republic of Korea to a separate privacy addendum.
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
Users are no longer explicitly told that advertiser data is used to measure how well ads perform on the platform.
The policy no longer explicitly states that OpenAI uses data to promote its products through direct marketing, though communication about services and events remains authorized.
+ 1 more obligation changes. Full breakdown available with Watcher.
Track changes →OpenAI removed language disclosing advertiser data partnerships and direct marketing practices from its privacy policy, effective March 6, 2026. This change may reduce transparency regarding how user data flows through advertising channels, which engages GDPR Article 13/14 (transparency obligations), CCPA disclosure requirements, and similar privacy frameworks requiring clear description of data sources and uses. Organizations that reference OpenAI's privacy policy in their own vendor assessments or privacy notices may need to update documentation. The addition of a Korea-specific addendum suggests localized privacy obligations, likely related to PIPA (Personal Information Protection Act) or similar Korean privacy law. No immediate enforcement action is indicated, but the opacity created by removing advertiser-use language may invite regulatory attention during audits or investigations.
GDPR (Articles 13, 14 transparency obligations), CCPA (California Consumer Privacy Act disclosure requirements), PIPA (Korea Personal Information Protection Act), LGPD (Brazil), similar comprehensive privacy laws requiring transparent description of data sources and processing purposes
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Watcher: regulatory citations + obligations. Professional: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-001852.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — WatcherOpenAI's Privacy Policy was updated on May 9, 2026 with a single language modification in the document header. The change …
OpenAI removed language describing advertiser data partnerships and ad personalization controls for free users, while also removing the specific statement …
OpenAI added a new statement clarifying that sensitive data is not processed to infer characteristics about users. The policy also …
OpenAI expanded its data sharing terms to include third-party marketing partners. The updated policy authorizes the use of personal data fo…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.