What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: The document engages GDPR through its reference to Standard Contractual Clauses and a Data Processing Addendum, CCPA through its disclosure of data handling practices for California-based users and businesses, and HIPAA through its reference to Business Associate Agreement availability for qualifying use cases. Primary enforcement authorities include the FTC for US consumer and business data practices, relevant EU supervisory authorities for GDPR compliance, and HHS OCR…

How does OpenAI's OpenAI API Data Usage Policies affect users?

The document establishes that enterprise and API customers' conversation inputs, outputs, and uploaded files are not used by default to train OpenAI models, distinguishing these tiers from standard consumer ChatGPT accounts. Under these terms, enterprise customers retain ownership of their inputs and outputs, and OpenAI states it acts as a data processor under customer instructions for these service tiers. You can request a Data Processing Addendum or Business Associate Agreement through OpenAI…

How often is OpenAI's OpenAI API Data Usage Policies updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when OpenAI updates this document?

Yes. Monitor subscribers ($19/month) can add OpenAI to their watchlist and receive same-day email alerts whenever this document or any other OpenAI document changes.

CA-D-000789

OpenAI API Data Usage Policies

OpenAI

Last change detected May 29, 2026 Privacy policy

SHA-256: 1ae7d9fa2dca070b64e… 5 versions captured 4 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at OpenAI ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

6 Total

0 High severity

5 Medium severity

1 Low severity

Summary

This is OpenAI's Enterprise Privacy disclosure page, covering data handling practices for ChatGPT Enterprise, ChatGPT Teams (Business), and the API Platform. The document states that for these enterprise and API tiers, customer inputs, outputs, and uploaded files are not used to train OpenAI models by default, and that enterprise customers own their conversation data. The document also discloses that OpenAI offers a Data Processing Addendum for GDPR compliance and can enter into Business Associate Agreements for customers with HIPAA-relevant use cases.

Technical / Legal Breakdown

This document is OpenAI's Enterprise Privacy page, a marketing and disclosure resource governing data handling practices for ChatGPT Enterprise, ChatGPT Business (Teams), and the API Platform, with contractual obligations grounded in OpenAI's Data Processing Addendum and Terms of Service. The document states that API and ChatGPT Enterprise customers' inputs and outputs are not used to train OpenAI models by default, that enterprise customers retain ownership of their inputs and outputs, and that OpenAI acts as a data processor under customer instructions for these tiers. The document discloses that OpenAI maintains SOC 2 Type 2 certification and encryption at rest and in transit, and asserts GDPR compliance through Standard Contractual Clauses for EU data transfers, though the document is a marketing page rather than a binding legal instrument, and specific contractual terms are governed by separate agreements referenced but not reproduced here. The policy engages GDPR, CCPA, and HIPAA-adjacent considerations, and references a Data Processing Addendum as the primary mechanism for compliance obligations; EU and California users face the most operationally significant compliance dependencies. Enterprise customers operating under BAA or DPA agreements should note that the page references but does not reproduce those instruments, and compliance verification requires review of those underlying contracts.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

4 important changes detected

5 versions captured · Last updated: May 2026

May 29, 2026

low

What changed OpenAI updated its API Data Usage Policies on May 29, 2026 by modifying three hyperlinked references within the document. The changes involved adjusting whitespace and link formatting around the Data Processing Agreement form, the Student Data Privacy Agreement for educational users, and the ChatGPT Business information page. These are formatting and structural edits with no change to the substantive content, procedures, or rights described in the policy.

Why this matters These changes are formatting and hyperlink adjustments with no impact on how OpenAI collects, uses, or protects user data. The substantive content of the Data Processing Agreement, Student Data Privacy Agreement, and ChatGPT Business terms remains unchanged. No action is required in response to these edits.

View full change record →

May 28, 2026

unknown

What changed OpenAI updated their OpenAI API Data Usage Policies on May 28, 2026. Change detected: 7 sentence(s) modified. Document contained 107 sentences after update.

View full change record →

May 24, 2026 low

OpenAI made minor formatting adjustments to three hyperlinks in their API Data Usage Policies on May 24, 2026. The changes affected the Data Processing Agreement link, the Student Data Privacy …

View change record →

May 19, 2026 low

OpenAI modified a single hyperlink in its API Data Usage Policies on May 19, 2026. The phrase 'Learn more about ChatGPT Business' previously linked directly to that resource; the updated …

View change record →

Recent Provision Changes May 29, 2026

6 provisions unchanged.

View full change record →

Medium — 5 provisions

API and Enterprise Data Not Used for Model Training Compare →

The document states that inputs and outputs submitted through the OpenAI API or ChatGPT Enterprise are not used to train OpenAI models by default, and that training use requires explicit customer opt-in.

Added May 20, 2026 Standard Seen across 284 platforms
Enterprise Customer Data Ownership Compare →

The document asserts that customers retain ownership of the inputs they submit and the outputs they receive through the enterprise and API tiers.

Added May 20, 2026 Standard Seen across 242 platforms
GDPR Compliance and Data Processing Addendum Compare →

The document states that OpenAI offers a Data Processing Addendum incorporating Standard Contractual Clauses to support GDPR compliance for customers processing EU personal data through the API or ChatGPT Enterprise.

Added May 20, 2026 Standard Seen across 284 platforms
HIPAA Business Associate Agreement Availability Compare →

The document states that OpenAI can execute Business Associate Agreements with HIPAA-covered entities and business associates requiring contractual HIPAA protections for their use of OpenAI services.

Added May 20, 2026 Standard Seen across 284 platforms
Standard Contractual Clauses for EU Data Transfers Compare →

The document states that OpenAI provides Standard Contractual Clauses as the legal mechanism for cross-border personal data transfers from the EU to the United States and other non-adequate countries.

Added May 20, 2026 Standard Seen across 284 platforms

Low — 1 provision

Security Certifications and Encryption Compare →

The document states that OpenAI maintains SOC 2 Type 2 certification and applies encryption to customer data both at rest and in transit for enterprise and API service tiers.

Added May 20, 2026 Standard Seen across 284 platforms

Monitoring

OpenAI has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Data Processing Addendum Availability and similar clauses.

Compare across platforms →