The document states that inputs and outputs submitted through the OpenAI API or ChatGPT Enterprise are not used to train OpenAI models by default, and that training use requires explicit customer opt-in.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the primary data use boundary for enterprise and API customers, directly affecting purpose limitation and data minimization compliance under GDPR and equivalent frameworks. The default exclusion from model training is a material operational distinction from consumer-tier ChatGPT accounts, where different terms may apply.
Interpretive note: The binding obligations are contained in the referenced Data Processing Addendum and Terms of Service, not this disclosure page; the enforceability of this commitment depends on those underlying instruments.
Previous version had no excerpt; current version adds explicit language clarifying opt-in model training default and covers both API and ChatGPT Enterprise.
View full change record →Under this provision, organizations using the API or ChatGPT Enterprise can operate with the assurance that their submitted data is not used for model training unless they affirmatively opt in. This provision applies specifically to enterprise and API tiers and does not govern standard consumer ChatGPT accounts.
How other platforms handle this
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We do not train on your business data by default. Data submitted via the API or ChatGPT Enterprise is not used to train our models unless you explicitly opt in.— Excerpt from OpenAI's OpenAI API Data Usage Policies
1) REGULATORY LANDSCAPE: This provision engages GDPR Articles on purpose limitation and data minimization, as well as CCPA restrictions on secondary use of personal information submitted under a service provider relationship. The FTC's unfair or deceptive practices authority is relevant if the asserted default differs from actual practice. EU supervisory authorities would assess this provision against Article 28 processor obligations and the DPA terms. 2) GOVERNANCE EXPOSURE: Medium. The provision asserts a clear default but the operative contractual language is contained in the Data Processing Addendum and Terms of Service, not this page. If those documents contain carve-outs or conditions that qualify this default, the marketing disclosure could create a misalignment with binding contractual terms that compliance teams must assess. 3) JURISDICTION FLAGS: EU/EEA organizations face heightened exposure because GDPR requires that processor agreements explicitly address the scope of data processing and prohibit unauthorized secondary use. California organizations should assess whether this provision satisfies CCPA service provider contract requirements prohibiting use of personal information beyond the specified business purpose. Organizations subject to sector-specific regulation (healthcare, finance, education) should assess whether the default exclusion is sufficient or whether additional contractual restrictions are required. 4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should confirm that the Data Processing Addendum and enterprise service agreement reproduce this default exclusion in binding contractual language, and that the opt-in mechanism is clearly defined and subject to customer control. The absence of this provision from the DPA would undermine the marketing disclosure. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should map this provision against their data inventories to confirm which data categories are submitted to the API or ChatGPT Enterprise, verify the binding contractual language in the DPA, and document the opt-in mechanism if training use is ever considered. Organizations should also confirm how this provision interacts with any fine-tuning or custom model features offered by OpenAI.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the primary data use boundary for enterprise and API customers, directly affecting purpose limitation and data minimization compliance under GDPR and equivalent frameworks. The default exclusion from model training is a material operational distinction from consumer-tier ChatGPT accounts, where different terms may apply.
Under this provision, organizations using the API or ChatGPT Enterprise can operate with the assurance that their submitted data is not used for model training unless they affirmatively opt in. This provision applies specifically to enterprise and API tiers and does not govern standard consumer ChatGPT accounts.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.