OpenAI · OpenAI Enterprise Privacy · View original document ↗

Business data retained up to 30 days unless legally required

High severity High confidence Explicitdocumentlanguage Common · 275 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity OpenAI recorded 14 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for OpenAI Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.

This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The clause defines a deletion window but preserves OpenAI's ability to retain data longer under legal obligation or a reasonably necessary harm-protection determination.

Recent Activity

This document changed recently

High May 28, 2026

The updated terms shift governance of conversation access and retention from end users to workspace administrators. Under the revised policy, workspace admins can now view, access, export, and delete any end user conversations within their workspace and control how long workspace data is retained. Additionally, OpenAI now reserves the right to retain deleted or unsaved conversations beyond the standard 30-day deletion window if retention is reasonably necessary to protect its services or any third party from harm, beyond prior language that limited retention extensions to legal requirements. Within an enterprise account, end users no longer have unilateral control over conversation visibility or deletion of their own conversations.

View change record →

Consumer impact (what this means for users)

Deleted or unsaved conversations will be removed from OpenAI's systems within 30 days, but may be kept longer if law requires it or if retention is reasonably necessary to prevent harm.

How other platforms handle this

Whatnot Medium

We keep your personal information where we have an ongoing legitimate business need to do so (for example, to provide you with our Services or to comply with applicable legal, tax or accounting requirements).

Cloudflare Medium

We store your personal information for a period of time that is consistent with the business purposes set forth in Section 3 of this policy or as long as needed to fulfill and comply with legal obligations.

Salesforce Medium

We may retain your Personal Data for a period of time consistent with the original purpose of collection...or as long as required to fulfill our legal and/or regulatory obligations.

See all platforms with this clause type →

Monitoring

OpenAI has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Any deleted or unsaved conversations are removed from our systems within 30 days, unless longer retention is required by law, or is reasonably necessary to protect our services or any third party from harm.

— Excerpt from OpenAI's OpenAI Enterprise Privacy

Applicable regulations

CCPA/CPRA
California, USA
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
UK GDPR
United Kingdom

Provision details

Document information
Document
OpenAI Enterprise Privacy
Entity
OpenAI
Document last updated
May 12, 2026
Tracking information
First tracked
July 9, 2026
Last verified
July 9, 2026
Record ID
CA-P-062735
Document ID
CA-D-00825
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
1ae7d9fa2dca070b64ed5b07ad1ec3806fc650d1cfbfeddb552af548e6be6663
Analysis generated
July 9, 2026 04:24 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: OpenAI
Document: OpenAI Enterprise Privacy
Record ID: CA-P-062735
Captured: 2026-07-09 04:24:19 UTC
SHA-256: 1ae7d9fa2dca070b…
URL: https://conductatlas.com/platform/openai/openai-enterprise-privacy/provision/CA-P-062735/business-data-retained-up-to-30-days-unless-legally-required/
Accessed: July 13, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
High
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does OpenAI's Business data retained up to 30 days unless legally required clause do?

The clause defines a deletion window but preserves OpenAI's ability to retain data longer under legal obligation or a reasonably necessary harm-protection determination.

How does this clause affect you?

Deleted or unsaved conversations will be removed from OpenAI's systems within 30 days, but may be kept longer if law requires it or if retention is reasonably necessary to prevent harm.

How many platforms have this type of clause?

ConductAtlas has identified this type of provision across 275 platforms. See the full comparison.

Is ConductAtlas affiliated with OpenAI?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.