As an EU/EEA user, you have rights under GDPR to access, correct, delete, and port your personal data held by OpenAI, and to object to or restrict certain processing activities; these rights are exercisable through OpenAI's privacy portal.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
GDPR data subject rights are legally mandated protections that exist independently of what the contract states; the document's disclosure of these rights and the mechanism for exercising them is operationally significant for users who wish to manage their personal data.
Interpretive note: The specific language disclosing GDPR rights in this document was not available due to HTML truncation; GDPR rights apply as a matter of law regardless of contractual language.
EU/EEA users can request access to, correction of, deletion of, or a portable copy of their personal data held by OpenAI by submitting a request through the privacy portal at https://privacy.openai.com; OpenAI is required to respond to verified requests within one month under GDPR Article 12.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
(1) REGULATORY LANDSCAPE: Data subject rights provisions are mandated by GDPR Articles 15-22 and enforced by national DPAs coordinated through the Irish DPC as lead supervisory authority for OpenAI Ireland Limited. Response time obligations (one month, extendable by two months for complex requests) and identity verification requirements are set by GDPR Article 12. (2) GOVERNANCE EXPOSURE: High. The volume of data subject requests from EU users creates significant operational obligations; failure to respond within statutory timeframes or to honor valid deletion requests may result in DPA enforcement action and fines up to 4% of global annual turnover under GDPR Article 83(5). (3) JURISDICTION FLAGS: All EU/EEA member states and the UK (under UK GDPR) apply data subject rights obligations. Users in Switzerland are covered by the revised Federal Act on Data Protection (revFADP) which has similar but not identical rights. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise API customers who process end-user personal data through OpenAI must ensure their Data Processing Agreements with OpenAI include obligations for OpenAI to support data subject request fulfillment, particularly for deletion requests that may affect model training data. (5) COMPLIANCE CONSIDERATIONS: Organizations should establish internal triage processes for data subject requests that involve data processed through OpenAI services, and confirm with OpenAI whether deletion of account data also removes personal data from any training datasets per the stated privacy policy.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
GDPR data subject rights are legally mandated protections that exist independently of what the contract states; the document's disclosure of these rights and the mechanism for exercising them is operationally significant for users who wish to manage their personal data.
EU/EEA users can request access to, correction of, deletion of, or a portable copy of their personal data held by OpenAI by submitting a request through the privacy portal at https://privacy.openai.com; OpenAI is required to respond to verified requests within one month under GDPR Article 12.
ConductAtlas has identified this type of provision across 6 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.