8 Total
1 High severity
5 Medium severity
2 Low severity
Summary

This document establishes OpenAI's privacy practices for users of its products including ChatGPT, the API, and DALL-E. The policy authorizes collection of conversation content, uploaded files, device identifiers, IP addresses, and usage activity, with provisions permitting use of this data for model training except where users disable the model training toggle in Data Controls settings. The policy establishes procedures for users to submit requests for access, deletion, or correction of personal data through OpenAI's Privacy Request Form.

Technical / Legal Breakdown

This document is OpenAI's US Privacy Policy, governing how OpenAI collects, uses, shares, and retains personal data from users of its consumer and API products, including ChatGPT, DALL-E, and related services, with stated legal bases including consent, contractual necessity, and legitimate interests. The policy states that OpenAI collects name, contact information, payment details, conversation content, files and images uploaded by users, device identifiers, IP addresses, browsing activity, location data, and usage logs, and the terms authorize use of this data for service delivery, safety monitoring, model training (where users have not opted out), and marketing communications. The policy discloses that conversation content submitted through non-API consumer products may be used to train AI models unless the user disables the training toggle in settings, which is an operationally significant disclosure given the nature of inputs users submit; the terms also authorize sharing personal data with affiliated entities, service providers, advertising and analytics partners, and in connection with corporate transactions such as mergers or acquisitions. The policy engages the California Consumer Privacy Act (CCPA/CPRA), which grants California residents rights to access, delete, correct, and opt out of certain data uses, and the policy provides a dedicated Privacy Request Form for these purposes; it also references compliance with US state privacy laws more broadly, including those in Virginia, Colorado, Connecticut, and Texas. Material compliance considerations include the adequacy of the model-training opt-out mechanism under emerging US AI and privacy regulations, the classification of third-party advertising pixel data flows under CCPA's sale and sharing definitions, and the policy's assertion that it does not knowingly collect data from users under 13, which engages COPPA enforcement by the FTC.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

16 important changes detected

17 versions captured · Last updated: June 2026

June 12, 2026

medium
What changed OpenAI updated its privacy policy on June 12, 2026 to restructure how it describes data use and advertising practices. The policy removed language stating that OpenAI receives information from advertisers and data partners for measuring ad effectiveness on Free and Go users, while adding new regional guidance for South Korean users. The policy also added explicit language authorizing OpenAI to identify contacts who use its services and to monitor content for fraud prevention, previously buried in separate documentation. Separately, the policy removed a specific mechanism allowing Free and Go users to control personalized ad data through account settings.
Why this matters The updated policy removes language describing how OpenAI uses advertiser and data partner information to personalize ads and measure ad effectiveness. The policy also removes the specific mechanism Free and Go users previously had to control ad personalization through account settings. In exchange, the policy adds explicit authorization for OpenAI to identify which of a user's contacts use OpenAI services and to monitor all content submitted on the platform for fraud and misuse detection. The authorization to monitor content and identify contacts now appears in the main policy purposes section rather than in supplementary documentation. You can review the Korea Addendum if you are located in South Korea to understand region-specific privacy rules.
View full change record →

June 12, 2026

unknown
What changed OpenAI updated their OpenAI Privacy Policy on June 12, 2026. Change detected: 18 sentence(s) added, 1 sentence(s) removed, 11 sentence(s) modified. Document contained 169 sentences after update.
View full change record →

June 9, 2026 medium

OpenAI updated its privacy policy on June 9, 2026, removing specific language about ad personalization controls for Free and Go users while adding language directing Korean users to a separate …

View change record →
June 8, 2026 unknown

OpenAI updated their OpenAI Privacy Policy on June 08, 2026. Change detected: 2 sentence(s) modified. Document contained 156 sentences after update.

View change record →
June 7, 2026 unknown

OpenAI updated their OpenAI Privacy Policy on June 07, 2026. Change detected: 7 sentence(s) added, 2 sentence(s) removed, 10 sentence(s) modified. Document contained 156 sentences after update.

View change record →
May 27, 2026 medium

OpenAI removed specific language about collecting advertiser data for ad targeting on free and paid tiers, but simultaneously removed user-facing controls for managing ad personalization. The policy now consolidates ad-related …

View change record →
May 23, 2026 low

OpenAI updated the language selector in their Privacy Policy header on May 23, 2026. The change modified the spelling and formatting of several language names and codes in the multilingual …

View change record →
May 19, 2026 low

OpenAI modified two sentences in its US Privacy Policy on May 19, 2026. The document timestamp was updated from April 30, 2026 to May 18, 2026. More substantially, the opt-out …

View change record →
May 14, 2026 medium

OpenAI updated its privacy request procedures on May 14, 2026. Previously, the policy stated users could exercise privacy rights by submitting requests through privacy.openai.com or dsar@openai.com. The updated language now …

View change record →
May 11, 2026 medium

OpenAI updated its privacy policy on May 11, 2026 to explicitly authorize the collection and use of advertiser data from partners and to create a new ad personalization purpose for …

View change record →
May 9, 2026 low

OpenAI's Privacy Policy was updated on May 9, 2026 with a single language modification in the document header. The change added Persian (فارسی) to the list of available language options …

View change record →
May 5, 2026 medium

OpenAI removed language describing advertiser data partnerships and ad personalization controls for free users, while also removing the specific statement that free and go users could control ad personalization through …

View change record →
May 2, 2026 low

OpenAI added a new statement clarifying that sensitive data is not processed to infer characteristics about users. The policy also changed how users who are not logged in can exercise …

View change record →
May 1, 2026 medium

OpenAI updated its Privacy Policy on May 1, 2026 to add explicit language about direct marketing to users and disclosure of data sharing with marketing partners. The policy now states …

View change record →
April 22, 2026 medium

OpenAI removed language describing a separate category of marketing partners and the cookie-based data sharing practices used with those partners. The updated policy now consolidates all third-party recipients under a …

View change record →
March 6, 2026 low

OpenAI's privacy policy was updated on March 6, 2026, with changes to how it describes data uses and disclosures. The updated policy removed explicit language about receiving data from advertisers …

View change record →

Recent Provision Changes Jun 12, 2026

8 provisions unchanged.

View full change record →
High — 1 provision
Medium — 5 provisions
Low — 2 provisions

Monitoring

OpenAI has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle AI Model Training Data Use and similar clauses.

Compare across platforms →

Mapped Governance Frameworks

CCPA/CPRA
California, USA
View official text ↗
FTC Act Section 5
United States Federal
View official text ↗
GDPR
European Union
View official text ↗
UK GDPR
United Kingdom
View official text ↗

Related Analysis

Privacy · May 3, 2026
OpenAI Privacy Policy Update May 2026: New Terms Authorize Advertiser Data Sharing

OpenAI expanded its data sharing terms to include third-party marketing partners. The updated policy authorizes the use of personal data fo…

Dependency Governance · June 11, 2026
AI Dependency Governance: How API Terms Govern Every App Built on OpenAI, Anthropic, and Google

872 provisions across 8 AI platforms. The terms your AI provider sets become the terms your product operates under.

Platform Analysis · June 12, 2026
OpenAI Changed Its Privacy Policy 4 Times in One Week. Here Is What Actually Changed.

Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.

Regulatory Analysis · June 28, 2026
The Great American AI Act, Explained: What the First Federal AI Law Would Require

The bill does not regulate most AI startups directly. But it changes the companies they depend on. Here is what the first federal AI law wo…

Archival ProvenanceSource & Archival Record
Last Captured June 12, 2026 07:18 UTC
Capture Method Automated scheduled archival capture
Document ID CA-D-000010
Version ID CA-V-003739
SHA-256 d0ade2f5b00feb8376dc350f766531efe458dc96254c2ddd7f032be10e4dfd0f
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Hash verified

Governance Monitoring

Monitor governance changes across the platforms you rely on.

Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.

Create free account Compare plans