OpenAI shares your personal data with a range of outside companies for services like payments, cloud storage, and analytics, and can transfer all your data to a new owner if OpenAI is sold or restructured.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This clause establishes the operational framework through which OpenAI discloses user personal information to external service providers necessary for platform operations and defines the circumstances under which such information may transfer between entities in corporate restructuring scenarios.
The updated policy removes language describing how OpenAI uses advertiser and data partner information to personalize ads and measure ad effectiveness. The policy also removes the specific mechanism Free and Go users previously had to control ad personalization through account settings. In exchange, the policy adds explicit authorization for OpenAI to identify which of a user's contacts use OpenAI services and to monitor all content submitted on the platform for fraud and misuse detection. The authorization to monitor content and identify contacts now appears in the main policy purposes section rather than in supplementary documentation. You can review the Korea Addendum if you are located in South Korea to understand region-specific privacy rules.
View change record →The updated policy removes language that previously described ad personalization controls available to Free and Go users through account settings, though the policy continues to authorize OpenAI to personalize ads and measure their effectiveness for these user tiers. Previously, the policy explicitly stated that 'For Free and Go users, you can use the advertising controls in your account settings to control what data we use to personalize the ads we show you on our Services.' This language is no longer present in the updated version. The policy still lists ad personalization as an authorized use of personal data for Free and Go users, but no longer explicitly describes how users can access controls to manage this practice. You should verify whether advertising controls remain functional in your OpenAI account settings, as the policy no longer explicitly references them.
View change record →The updated policy removes specific language stating that OpenAI receives advertiser data to personalize ads shown to Free and Go users. It also removes reference to account-level advertising controls previously described in account settings. These removals are replaced with broader language authorizing OpenAI to promote products through direct marketing and third-party properties, subject to choices and controls, but the terms no longer explicitly describe what advertiser data is collected, from whom, or how to manage it at the account level. The policy now requires users to follow a 'learn more' link to understand ad personalization controls, rather than documenting those controls directly in the privacy policy.
View change record →Your personal data, including your ChatGPT conversation history, can be shared with numerous third-party vendors and may be transferred to a new owner in a corporate transaction without your specific consent, giving you limited control over who ultimately holds your information.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
We may also share your personal information with third parties that assist us in providing our services, or where we are under an obligation to report to. But rest assured: we will only ever share your personal information in the limited circumstances described in this Policy.
Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal information with third parties in the following circumstances: Vendors and service providers: We share information with third-party vendors and service providers that perform services on our behalf, such as payment processing, security, cloud infrastructure, customer support, data analytics, and other services. Business transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider, your information may be transferred as part of such a transaction.— Excerpt from OpenAI's OpenAI Privacy Policy
(1) REGULATORY FRAMEWORK: GDPR Art. 28 requires data processing agreements with all processors; Art. 44-46 governs cross-border transfers. CCPA/CPRA §1798.140 defines 'sale' and 'sharing' broadly — transfer of data as part of a business asset sale may trigger disclosure obligations. FTC Act Section 5 applies to material changes in data handling post-acquisition. (2)
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This clause establishes the operational framework through which OpenAI discloses user personal information to external service providers necessary for platform operations and defines the circumstances under which such information may transfer between entities in corporate restructuring scenarios.
Your personal data, including your ChatGPT conversation history, can be shared with numerous third-party vendors and may be transferred to a new owner in a corporate transaction without your specific consent, giving you limited control over who ultimately holds your information.
ConductAtlas has identified this type of provision across 25 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.