CA-C-003719
OpenAI — OpenAI API Data Usage Policies
Entity
Date detected
July 16, 2026
Effective date
July 16, 2026
Severity
Direction
Negative
Affected users
enterprise customers business accounts workspace administrators
Taxonomy
Disclosure requirement change
Changes
2 sentences modified
Share 𝕏 Share in Share 🔒 PDF
Get same-day alerts when OpenAI changes We email you the diff and what it means, the day it happens.
Get same-day alerts →

Get the weekly digest

Every policy change across 844 tracked documents, once a week. No account needed.

Event Summary

OpenAI modified two sentences in its Enterprise Privacy Policy, detected on July 16, 2026. The opening section now includes a formatting change (addition of 'Enterprise privacy at OpenAI' as a header). More substantively, the language describing workspace admin control over data retention was changed from 'Your workspace admins control how long your workspace data is retained' to 'Your workspace admins can control how long your data is retained.' This shifts the framing from an affirmative control right to a permissive capability, and removes the word 'workspace' before 'data,' potentially broadening the scope of data subject to admin control beyond workspace-specific data.

MEDIUM

Consumer Impact

The updated policy now states that workspace admins 'can control' data retention rather than 'control' it, introducing subtle ambiguity about whether retention control is a guaranteed right or a permitted option. Additionally, the removal of the word 'workspace' before 'data' broadens the scope of data potentially subject to admin control beyond workspace-specific information. These changes could affect how enterprise customers understand the extent of their administrative authority over data retention practices.

Governance Analysis

The updated language introduces ambiguity about whether data retention control is a right or a capability, and broadens the scope of data subject to admin governance, which may affect how enterprise customers structure their internal data handling practices and how OpenAI's obligations map to data protection regulations.

Available Actions

Review existing vendor agreements and data processing addenda with OpenAI to confirm whether the prior language was referenced or incorporated.

If No Action Is Taken

Enterprise customers may continue to rely on prior interpretations of their data retention governance authority without realizing the scope has been ambiguously reframed.

Historical Context

ConductAtlas has recorded 2 material changes to this document over 49 days of monitoring (since May 2026). An additional minor or cosmetic changes were excluded.

Across all monitored documents, OpenAI has made 15 significant changes.

9 of OpenAI's significant changes have been classified as negative for consumers.

Key Clauses Affected

workspace admin data retention control

Language shifted from affirmative 'control' to permissive 'can control,' and scope expanded from 'workspace data' to 'data.'

Full clause-by-clause analysis available with Analyst.
These clauses may change again. Get alerted when they do. Get same-day alerts →

This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology

Evidence Verification

✓ Verified
Previous Version
4fad13eadbe372ddef81bc720241b2744f389001e7f8d370d543b17b6b2d3167
June 28, 2026 00:05 UTC
✓ Verified
Current Version
cd24c5ab22cf5f2583aa1685ae7f4e1564c358c8dd78316499180e8dc3597862
July 16, 2026 00:03 UTC
✓ Verified
Change Detected
July 16, 2026 00:03 UTC
Analysis Methodology
Citation Record
Entity: OpenAI
Document: OpenAI API Data Usage Policies
Record ID: CA-C-003719
Captured: 2026-07-16 00:03:56 UTC
URL: https://conductatlas.com/change/2026-07-16-openai-openai-api-data-usage-policies-3719/
Accessed: July 18, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
For legal and compliance teams

Institutional Analysis

Assessment

OpenAI has modified language in its Enterprise Privacy Policy regarding workspace administrator control over data retention. The change shifts from affirmative language ('control') to permissive language ('can control') and expands scope from 'workspace data' to 'data.' For organizations using OpenAI's enterprise products, this affects how governance structures map to data retention authority. The change may engage GDPR data processing obligations and contractual DPA terms if those agreements reference the policy language. Compliance teams should review whether existing vendor agreements and data processing addenda are still accurately reflected by the updated policy language.

Full compliance analysis

Regulatory exposure, obligation analysis, escalation trigger, board language, and recommended action.

Analyst $49/mo

ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-003719.

Full Changes

View complete diff →

Document Context

Version history → Policy drift analysis → Document page →
Document
OpenAI API Data Usage Policies
Entity
OpenAI
Captured
July 16, 2026
Source URL
https://openai.com/policies/api-data-usage-policies/
Other changes to OpenAI API Data Usage Policies
Previous change Jun 28, 2026
OpenAI removed the phrase 'Enterprise privacy at OpenAI' from the opening header of their privacy policy on June 28, 2026. …
Low Neutral
View full version history →
More from OpenAI
Jul 18, 2026 Low
OpenAI GPT-5.5 System Card

OpenAI updated the GPT-5.5 System Card on April 24, 2026, to include safeguards information. In an update detected on July …

Jul 18, 2026 Low
OpenAI GPT-5 System Card

OpenAI's GPT-5 System Card was updated on July 18, 2026, with a modification to the document's linked content references. The …

Jul 18, 2026 Low
OpenAI Frontier Governance Framework

OpenAI removed the audio article feature reference from its Frontier Governance Framework post on July 18, 2026. The updated version …

Related Analysis
Regulatory Analysis · July 8, 2026
The AI Foundation Model Transparency Act, Explained

H.R. 8094 would make the FTC the referee for AI model disclosure. It also names system cards as a way to comply, which turns a voluntary in…

Regulatory Analysis · June 28, 2026
The Great American AI Act, Explained: What the First Federal AI Law Would Require

The bill does not regulate most AI startups directly. But it changes the companies they depend on. Here is what the first federal AI law wo…

Platform Analysis · June 12, 2026
OpenAI Changed Its Privacy Policy 4 Times in One Week. Here Is What Actually Changed.

Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.

Track OpenAI policy changes

Get alerted when this policy changes again — including what changed and why it matters.