When the API service agreement ends, OpenAI will either return or delete the business customer's personal data, unless a law requires it to keep certain data.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes the operator's right to data deletion or return at contract end, which is a standard GDPR Article 28(3)(g) requirement. Operators should confirm what process applies and what data categories are covered, including any data that may have been used in fine-tuning or logged for safety purposes.
Personal data processed through an operator's API integration is subject to deletion or return when the operator ends its agreement with OpenAI. Individuals whose data was processed benefit from this commitment, though the practical scope depends on the operator requesting deletion and on any legal exceptions that may apply.
How other platforms handle this
Descript may terminate or suspend your account and access to the Services at any time, for any reason, with or without notice. Upon termination, your right to use the Services will immediately cease. If you wish to terminate your account, you may do so by following the instructions on the Services. ...
These Additional Terms apply only to the Mistral AI Products available on the Mistral AI Infrastructure and provided to customers located in the European Union that are subject to the EU Data Act (as defined below). These Additional Terms shall take effect on 12 September 2025 (the "Effective Date")...
Managing And Deleting Your Information. You have the right to access, correct, or delete your information in certain circumstances. We store information until it is no longer necessary to provide our Services or until your account is deleted, whichever comes first. You can delete your WhatsApp accou...
Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Upon termination or expiry of the Agreement, OpenAI will, at Customer's choice, delete or return all Customer Personal Data, and delete existing copies, unless applicable law requires storage of the Customer Personal Data.— Excerpt from OpenAI's OpenAI Data Processing Addendum
REGULATORY LANDSCAPE: GDPR Article 28(3)(g) requires processor contracts to include deletion or return of personal data at the end of services. The UK GDPR and Swiss nFADT impose equivalent requirements. CCPA/CPRA does not impose a specific contract-end deletion obligation but service provider contract requirements may include data deletion commitments. GOVERNANCE EXPOSURE: Medium. Operators must actively request deletion or return; the provision is not automatic absent an operator instruction. Operators who allow agreements to lapse without making a deletion or return request may lose the ability to confirm data disposition. JURISDICTION FLAGS: EU/EEA and UK operators have the clearest legal basis for enforcing this provision under GDPR Article 28. US operators may rely on this provision for CCPA service provider contract purposes. Legal exceptions for data retention (e.g. financial records, law enforcement holds) may limit the scope of deletion in specific cases. CONTRACT AND VENDOR IMPLICATIONS: Procurement teams should include a data deletion request step in offboarding checklists when terminating API agreements. The provision should be reviewed for any conditions on what data is covered, particularly where data has been processed in ways that may make complete deletion technically complex (e.g. data used in inference logs retained for safety monitoring). COMPLIANCE CONSIDERATIONS: Operators should document the deletion or return request made to OpenAI at contract termination, obtain confirmation of completion, and update their records-of-processing-activities to reflect that personal data is no longer being processed by OpenAI following termination.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes the operator's right to data deletion or return at contract end, which is a standard GDPR Article 28(3)(g) requirement. Operators should confirm what process applies and what data categories are covered, including any data that may have been used in fine-tuning or logged for safety purposes.
Personal data processed through an operator's API integration is subject to deletion or return when the operator ends its agreement with OpenAI. Individuals whose data was processed benefit from this commitment, though the practical scope depends on the operator requesting deletion and on any legal exceptions that may apply.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.