Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes OpenAI's privacy practices for users of its products including ChatGPT, the API, and DALL-E. The policy authorizes collection of conversation content, uploaded files, device identifiers, IP addresses, and usage activity, with provisions permitting use of this data for model training except where users disable the model training toggle in Data Controls settings. The policy establishes procedures for users to submit requests for access, deletion, or correction of personal data through OpenAI's Privacy Request Form.
This document is OpenAI's US Privacy Policy, governing how OpenAI collects, uses, shares, and retains personal data from users of its consumer and API products, including ChatGPT, DALL-E, and related services, with stated legal bases including consent, contractual necessity, and legitimate interests. The policy states that OpenAI collects name, contact information, payment details, conversation content, files and images uploaded by users, device identifiers, IP addresses, browsing activity, location data, and usage logs, and the terms authorize use of this data for service delivery, safety monitoring, model training (where users have not opted out), and marketing communications. The policy discloses that conversation content submitted through non-API consumer products may be used to train AI models unless the user disables the training toggle in settings, which is an operationally significant disclosure given the nature of inputs users submit; the terms also authorize sharing personal data with affiliated entities, service providers, advertising and analytics partners, and in connection with corporate transactions such as mergers or acquisitions. The policy engages the California Consumer Privacy Act (CCPA/CPRA), which grants California residents rights to access, delete, correct, and opt out of certain data uses, and the policy provides a dedicated Privacy Request Form for these purposes; it also references compliance with US state privacy laws more broadly, including those in Virginia, Colorado, Connecticut, and Texas. Material compliance considerations include the adequacy of the model-training opt-out mechanism under emerging US AI and privacy regulations, the classification of third-party advertising pixel data flows under CCPA's sale and sharing definitions, and the policy's assertion that it does not knowingly collect data from users under 13, which engages COPPA enforcement by the FTC.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial11 important changes detected
12 versions captured · Last updated: May 2026
OpenAI modified two sentences in its US Privacy Policy on May 19, 2026. The document timestamp was updated from April 30, 2026 to May 18, 2026. More substantially, the opt-out …
View change record →OpenAI updated its privacy request procedures on May 14, 2026. Previously, the policy stated users could exercise privacy rights by submitting requests through privacy.openai.com or dsar@openai.com. The updated language now …
View change record →OpenAI updated its privacy policy on May 11, 2026 to explicitly authorize the collection and use of advertiser data from partners and to create a new ad personalization purpose for …
View change record →OpenAI's Privacy Policy was updated on May 9, 2026 with a single language modification in the document header. The change added Persian (فارسی) to the list of available language options …
View change record →OpenAI removed language describing advertiser data partnerships and ad personalization controls for free users, while also removing the specific statement that free and go users could control ad personalization through …
View change record →OpenAI added a new statement clarifying that sensitive data is not processed to infer characteristics about users. The policy also changed how users who are not logged in can exercise …
View change record →OpenAI updated its Privacy Policy on May 1, 2026 to add explicit language about direct marketing to users and disclosure of data sharing with marketing partners. The policy now states …
View change record →OpenAI removed language describing a separate category of marketing partners and the cookie-based data sharing practices used with those partners. The updated policy now consolidates all third-party recipients under a …
View change record →OpenAI's privacy policy was updated on March 6, 2026, with changes to how it describes data uses and disclosures. The updated policy removed explicit language about receiving data from advertisers …
View change record →Monitoring
OpenAI has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle AI Model Training Data Use and similar clauses.
Compare across platforms →OpenAI expanded its data sharing terms to include third-party marketing partners. The updated policy authorizes the use of personal data fo…
Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.