OpenAI states that content you submit through consumer products like ChatGPT may be used to train its AI models by default, but you can turn this off in your account's Data Controls settings.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision is operationally significant because it means that conversational inputs, which may include personal, professional, or sensitive information, may be incorporated into AI model training unless the user actively disables the setting.
The updated policy removes language describing how OpenAI uses advertiser and data partner information to personalize ads and measure ad effectiveness. The policy also removes the specific mechanism Free and Go users previously had to control ad personalization through account settings. In exchange, the policy adds explicit authorization for OpenAI to identify which of a user's contacts use OpenAI services and to monitor all content submitted on the platform for fraud and misuse detection. The authorization to monitor content and identify contacts now appears in the main policy purposes section rather than in supplementary documentation. You can review the Korea Addendum if you are located in South Korea to understand region-specific privacy rules.
View change record →The updated policy removes language that previously described ad personalization controls available to Free and Go users through account settings, though the policy continues to authorize OpenAI to personalize ads and measure their effectiveness for these user tiers. Previously, the policy explicitly stated that 'For Free and Go users, you can use the advertising controls in your account settings to control what data we use to personalize the ads we show you on our Services.' This language is no longer present in the updated version. The policy still lists ad personalization as an authorized use of personal data for Free and Go users, but no longer explicitly describes how users can access controls to manage this practice. You should verify whether advertising controls remain functional in your OpenAI account settings, as the policy no longer explicitly references them.
View change record →The updated policy removes specific language stating that OpenAI receives advertiser data to personalize ads shown to Free and Go users. It also removes reference to account-level advertising controls previously described in account settings. These removals are replaced with broader language authorizing OpenAI to promote products through direct marketing and third-party properties, subject to choices and controls, but the terms no longer explicitly describe what advertiser data is collected, from whom, or how to manage it at the account level. The policy now requires users to follow a 'learn more' link to understand ad personalization controls, rather than documenting those controls directly in the privacy policy.
View change record →The policy states that conversation content submitted through consumer-tier products is used for model training unless the user opts out via the Data Controls toggle in account settings; API users are stated to be excluded from this default practice by default.
How other platforms handle this
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Redfin may offer interactive features such as chat services, forums, and social media pages. We may collect the information you submit or make available through these features. Any content you provide on the public sections of these channels will be considered "public" and will not be subject to the...
We process the information you share with us when you create your profile or send messages. This includes photos, videos, messages, and other content you share on the platform. We may use this content to improve our services, ensure safety, and comply with legal obligations.
Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may use your content to train our models. For example, we use content to train our models. You can opt out of having your content used to train our models by following the instructions in the 'How to exercise your privacy rights' section or following the model training opt-out instructions in our Help Center.— Excerpt from OpenAI's OpenAI Privacy Policy
REGULATORY LANDSCAPE: This provision engages the California Consumer Privacy Act and CPRA, which require businesses to provide opt-out rights for certain uses of personal data and may require disclosure of AI training use as a secondary processing purpose. Emerging US state privacy laws in Virginia, Colorado, Connecticut, and Texas also establish purpose limitation and secondary use consent requirements. The FTC Act Section 5 may apply where the opt-out mechanism's prominence or accessibility is assessed against disclosures made at point of data collection. The EU AI Act, while not addressed in this US policy, may apply to EU-resident users accessing these services. GOVERNANCE EXPOSURE: High. The default-on nature of model training using consumer-submitted content creates a material compliance obligation to ensure the opt-out mechanism is sufficiently accessible and functional. Failure of the opt-out mechanism to operate as described, or insufficient notice at point of collection, could create regulatory exposure under state consumer protection and privacy enforcement authorities. JURISDICTION FLAGS: California creates the highest exposure given the CPRA's expansive definition of sensitive personal information and the California Privacy Protection Agency's active rulemaking. Illinois, New York, and Texas residents may also have heightened protections depending on the nature of submitted content. For enterprise customers whose employees submit professional data through consumer-tier products, secondary liability exposure under sector-specific regulations (HIPAA, FERPA, financial regulations) may arise. CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement teams should verify whether their employees' use of consumer-tier ChatGPT products is governed by this consumer privacy policy or by a separate data processing agreement, as the model training default-on provision applies specifically to consumer products not covered by an API or enterprise agreement. Vendor assessment checklists should confirm the product tier and applicable data processing terms before allowing organizational data to be submitted. COMPLIANCE CONSIDERATIONS: Compliance teams should audit the model training opt-out mechanism for accessibility and confirm that user-facing consent flows adequately disclose this use at point of account creation. Data mapping documentation should classify conversation content as a distinct category of personal data with a training-use annotation. Teams operating in multi-state environments should assess whether a single toggle opt-out satisfies the varying 'clear and conspicuous' standards imposed by different state privacy laws.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision is operationally significant because it means that conversational inputs, which may include personal, professional, or sensitive information, may be incorporated into AI model training unless the user actively disables the setting.
The policy states that conversation content submitted through consumer-tier products is used for model training unless the user opts out via the Data Controls toggle in account settings; API users are stated to be excluded from this default practice by default.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.