California residents have legal rights under the CCPA to know what data OpenAI holds about them, request its deletion, and opt out of any data sales, though OpenAI states it does not sell personal data as defined by CCPA.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
While OpenAI asserts it does not 'sell' data under CCPA's definition, California residents can still exercise rights to know and delete, and should be aware that CCPA's definition of 'sale' includes certain data sharing arrangements that may or may not apply to OpenAI's practices.
The updated policy no longer explicitly states that OpenAI receives information from advertisers and other data partners for ad measurement and improvement, nor does it mention that users can control…
The updated policy now explicitly authorizes OpenAI to promote products and services to users through direct marketing on third-party properties and to share limited information with select marketing…
The updated policy removes explicit language describing how OpenAI shares personal data with marketing partners through cookies and similar technologies. The policy previously stated that 'some of th…
California residents can submit data access or deletion requests at privacy.openai.com or by emailing privacy@openai.com, and are protected from service denial or price discrimination for exercising these rights.
How other platforms handle this
If you are a California resident, you may have certain rights under the California Consumer Privacy Act (CCPA). These rights may include: the right to know about personal information collected, disclosed, or sold; the right to delete personal information collected from you; the right to opt-out of t...
If you are a California resident, you have the right to know what personal information we collect, use, disclose, and sell about you. You have the right to request deletion of your personal information, subject to certain exceptions. You have the right to opt out of the sale or sharing of your perso...
If you are a California resident, you have the right to know what personal information we collect about you, the right to delete personal information we have collected from you, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of your personal informa...
Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are a California resident, you have the right to: Know what personal information we collect, use, disclose, and sell. Delete your personal information. Opt out of the sale of your personal information. Non-discrimination for exercising your privacy rights. We do not sell your personal information as defined under the CCPA. You may submit a request to exercise your rights by contacting us at privacy@openai.com or by submitting a request through our Privacy Portal.— Excerpt from OpenAI's OpenAI Privacy Policy
(1) REGULATORY LANDSCAPE: This provision reflects obligations under the California Consumer Privacy Act (CCPA) as amended by CPRA, enforced by the California Privacy Protection Agency (CPPA) and the California Attorney General. The assertion that OpenAI does not 'sell' personal data should be evaluated against CCPA's expansive definition of 'sale,' which includes sharing for cross-context behavioral advertising. CPRA introduced the concept of 'sharing' as a separately regulated activity. (2) GOVERNANCE EXPOSURE: Medium. The assertion of non-sale status is a legal characterization that compliance teams should independently evaluate, particularly regarding data flows to advertising or analytics vendors. CPRA's 'sensitive personal information' category, which includes precise geolocation and inferences about consumers, may require additional disclosures or opt-out rights beyond what is described. (3) JURISDICTION FLAGS: Applies specifically to California residents. Other states with comprehensive privacy laws (Virginia, Colorado, Connecticut, Texas) have analogous frameworks; the policy's CCPA disclosure may not fully address all state-specific requirements. (4) CONTRACT AND VENDOR IMPLICATIONS: Businesses using OpenAI in California-facing contexts should confirm their service agreements characterize OpenAI appropriately as a service provider rather than a third party under CCPA, which has material implications for downstream data use limitations. (5) COMPLIANCE CONSIDERATIONS: Review whether OpenAI's CCPA data request response process meets the 45-day statutory response window; assess whether the non-sale assertion is adequately documented; and confirm whether any data sharing with advertising or analytics partners could constitute 'sharing' under CPRA.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
While OpenAI asserts it does not 'sell' data under CCPA's definition, California residents can still exercise rights to know and delete, and should be aware that CCPA's definition of 'sale' includes certain data sharing arrangements that may or may not apply to OpenAI's practices.
California residents can submit data access or deletion requests at privacy.openai.com or by emailing privacy@openai.com, and are protected from service denial or price discrimination for exercising these rights.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.