This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision operationalizes the data controller-processor relationship required under data protection regulations. It establishes the legal framework under which OpenAI processes personal data and requires that processing occur only pursuant to documented instructions, creating an audit trail for compliance with data protection obligations.
This provision requires that personal data processing be limited to purposes documented in customer instructions and for providing and improving the Services. Customers, as data controllers, formally instruct OpenAI to process personal data within these specified parameters, establishing the scope of authorized processing activities.
How other platforms handle this
In providing the services, Adyen will process personal data in accordance with its Privacy Policy and applicable data protection laws, including the General Data Protection Regulation. You are responsible for ensuring that you have the necessary consents and legal bases to share personal data with A...
This Privacy Policy does not apply where Anthropic acts as a data processor and processes personal data on behalf of commercial customers using Anthropic's Commercial Services – for example, your employer has provisioned you a Claude for Work account, or you're using an app that is powered on the ba...
When we provide the Service to our customers, we act as a data processor on behalf of those customers. Our customers are the data controllers, meaning that they determine the purposes and means of the processing of personal data that is submitted into the Service. If you are an end user of a custome...
Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"OpenAI will process Customer Personal Data only in accordance with Customer's documented instructions, unless required to do so by applicable law. Customer, as the data controller (or processor acting on behalf of a controller), instructs OpenAI to process Customer Personal Data to provide and improve the Services in accordance with the Agreement.— Excerpt from OpenAI's OpenAI Data Processing Addendum
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision operationalizes the data controller-processor relationship required under data protection regulations. It establishes the legal framework under which OpenAI processes personal data and requires that processing occur only pursuant to documented instructions, creating an audit trail for compliance with data protection obligations.
This provision requires that personal data processing be limited to purposes documented in customer instructions and for providing and improving the Services. Customers, as data controllers, formally instruct OpenAI to process personal data within these specified parameters, establishing the scope of authorized processing activities.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.