OpenAI · OpenAI Privacy Policy · View original document ↗

Collection of Usage and Device Data

Low severity High confidence Explicitdocumentlanguage Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity OpenAI recorded 16 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for OpenAI Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

OpenAI automatically collects technical data about your device and how you use its services, including your IP address, browser type, search queries, and feature usage patterns.

This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

The clause establishes the operational scope of data collection that occurs passively during service use, defining the categories of technical and behavioral information the entity may process as part of service delivery and system administration.

Recent Activity

This document changed recently

Medium Jun 12, 2026

The updated policy removes language describing how OpenAI uses advertiser and data partner information to personalize ads and measure ad effectiveness. The policy also removes the specific mechanism Free and Go users previously had to control ad personalization through account settings. In exchange, the policy adds explicit authorization for OpenAI to identify which of a user's contacts use OpenAI services and to monitor all content submitted on the platform for fraud and misuse detection. The authorization to monitor content and identify contacts now appears in the main policy purposes section rather than in supplementary documentation. You can review the Korea Addendum if you are located in South Korea to understand region-specific privacy rules.

View change record →
Medium Jun 9, 2026

The updated policy removes language that previously described ad personalization controls available to Free and Go users through account settings, though the policy continues to authorize OpenAI to personalize ads and measure their effectiveness for these user tiers. Previously, the policy explicitly stated that 'For Free and Go users, you can use the advertising controls in your account settings to control what data we use to personalize the ads we show you on our Services.' This language is no longer present in the updated version. The policy still lists ad personalization as an authorized use of personal data for Free and Go users, but no longer explicitly describes how users can access controls to manage this practice. You should verify whether advertising controls remain functional in your OpenAI account settings, as the policy no longer explicitly references them.

View change record →
Medium May 27, 2026

The updated policy removes specific language stating that OpenAI receives advertiser data to personalize ads shown to Free and Go users. It also removes reference to account-level advertising controls previously described in account settings. These removals are replaced with broader language authorizing OpenAI to promote products through direct marketing and third-party properties, subject to choices and controls, but the terms no longer explicitly describe what advertiser data is collected, from whom, or how to manage it at the account level. The policy now requires users to follow a 'learn more' link to understand ad personalization controls, rather than documenting those controls directly in the privacy policy.

View change record →

Clause Stability Stable

0
Changes
3
Months Monitored
May 10, 2026
First Seen
May 11, 2026
Last Seen

Consumer impact (what this means for users)

Every session with OpenAI services generates device and behavioral data that OpenAI collects automatically; this includes your IP address and usage patterns, which can be used to infer location and behavior even without account registration.

Cross-platform context

See how other platforms handle Collection of Usage and Device Data and similar clauses.

Compare across platforms →

Monitoring

OpenAI has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Usage Data. When you use our Services, we automatically collect certain technical information about your device and how you interact with our Services, such as your IP address, browser type, operating system, referring URLs, device identifiers, and cookie data, as well as information about how you use and interact with our Services, such as the date and time of your visit, the features you use, searches you conduct, and other usage information.

— Excerpt from OpenAI's OpenAI Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: Automated collection of IP addresses and device identifiers constitutes processing of personal data under GDPR, requiring a disclosed legal basis. Cookie data collection may additionally require compliance with ePrivacy Directive requirements in the EU, including consent for non-essential cookies. The FTC Act and CCPA apply to US users regarding disclosure and limitation of automated data collection. (2) GOVERNANCE EXPOSURE: Low to Medium. Automated collection of usage and device data is standard industry practice, but the breadth of categories collected (IP, device identifiers, browsing behavior, feature usage) creates a detailed behavioral profile that may engage data minimization obligations. Cookie consent mechanisms should be verified for ePrivacy compliance in the EU. (3) JURISDICTION FLAGS: EU ePrivacy Directive and national cookie laws apply to EEA users and may require granular consent for non-essential cookies. California users have CCPA rights regarding the categories of data collected. Illinois BIPA would apply only if biometric identifiers were collected, which is not indicated by this provision. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers deploying OpenAI in workplace contexts should assess whether employee device and usage data is collected and whether employee privacy notices accurately disclose this. (5) COMPLIANCE CONSIDERATIONS: Review cookie consent banners for ePrivacy compliance; assess whether device identifier collection aligns with data minimization principles; confirm that usage data is included in DSAR responses when users request their personal data.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has authority over automatic data collection practices under Section 5 of the FTC Act, including whether disclosures are adequate and whether practices are unfair or deceptive.
    File a complaint →

Provision details

Document information
Document
OpenAI Privacy Policy
Entity
OpenAI
Document last updated
May 5, 2026
Tracking information
First tracked
May 10, 2026
Last verified
May 10, 2026
Record ID
CA-P-009768
Document ID
CA-D-00010
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
9fedd919cc6d99e951ea6b8c198d3ded6d0673342d8c265778e44a35720b9b49
Analysis generated
May 10, 2026 22:24 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: OpenAI
Document: OpenAI Privacy Policy
Record ID: CA-P-009768
Captured: 2026-05-10 22:24:41 UTC
SHA-256: 9fedd919cc6d99e9…
URL: https://conductatlas.com/platform/openai/openai-privacy-policy/collection-of-usage-and-device-data/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Low
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does OpenAI's Collection of Usage and Device Data clause do?

The clause establishes the operational scope of data collection that occurs passively during service use, defining the categories of technical and behavioral information the entity may process as part of service delivery and system administration.

How does this clause affect you?

Every session with OpenAI services generates device and behavioral data that OpenAI collects automatically; this includes your IP address and usage patterns, which can be used to infer location and behavior even without account registration.

Is ConductAtlas affiliated with OpenAI?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.