What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://privacy.openai.com', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': 'Visit privacy.openai.com, select the type of request (access, correction, or deletion), complete the verification process, and submit your request. OpenAI must respond within 45 days under CCPA.', 'deadline_days': None, 'deadline_hours': None} {'method': 'IN_APP', 'recipient': 'ChatGPT Settings > Data Controls > Export Data', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': "Log into ChatGPT, go to Settings, click Data Controls, and select 'Export Data' to download a copy of your conversation history and account information.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'State_AG', 'reason': 'State AGs in California, Virginia, Colorado, Connecticut, and Texas enforce comprehensive state privacy laws that mandate these user rights and can bring enforcement actions for failure to honor them.', 'complaint_url': 'https://www.naag.org/find-my-ag/'}

What is the severity of this clause?

ConductAtlas classifies this User Rights: Access, Correction, Deletion, and Portability clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar User Rights: Access, Correction, Deletion, and Portability clauses across approximately 1 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

User Rights: Access, Correction, Deletion, and Portability — OpenAI

Share 𝕏 Share in Share

What it is

You have the right to see what personal data OpenAI has about you, ask for corrections, request deletion, or get a copy of your data — and you can do this through OpenAI's privacy portal.

Consumer impact (what this means for users)

Users can request access to, correction of, or deletion of their personal data held by OpenAI by submitting a verified request through privacy.openai.com, though OpenAI may retain certain data for legal compliance or legitimate business purposes even after a deletion request.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Visit privacy.openai.com, select the type of request (access, correction, or deletion), complete the verification process, and submit your request. OpenAI must respond within 45 days under CCPA.
Export Your Data

Log into ChatGPT, go to Settings, click Data Controls, and select 'Export Data' to download a copy of your conversation history and account information.

Cross-platform context

See how other platforms handle User Rights: Access, Correction, Deletion, and Portability and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

These rights allow you to take control of your personal information held by OpenAI, but they are only available if you proactively submit a verified request — OpenAI does not automatically delete or limit data use without a specific request from you.

View original clause language

Depending on your location, you may have certain rights regarding your Personal Information, including the right to access, correct, or delete your Personal Information, the right to data portability, the right to opt out of certain data processing, and the right to not be discriminated against for exercising your privacy rights. To make a request, please visit our Privacy Portal at privacy.openai.com.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: This provision implements rights required under CCPA/CPRA (Cal. Civ. Code §§1798.100, 1798.105, 1798.106, 1798.110, 1798.115, 1798.130); Virginia VCDPA (§§59.1-577, 59.1-578); Colorado CPA (§§6-1-1306, 6-1-1307); Connecticut CTDPA (§42-518); Texas TDPSA (§541.051); and analogous rights in other US state privacy laws. The response deadline under CCPA is 45 days (extendable by 45 days with notice). Enforcement rests with the CPPA, California AG, and respective state AGs. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

State AG

State AGs in California, Virginia, Colorado, Connecticut, and Texas enforce comprehensive state privacy laws that mandate these user rights and can bring enforcement actions for failure to honor them.
File a complaint →

Provision details

Document information

Document

OpenAI Privacy Policy

Entity

OpenAI

Document last updated

March 24, 2026

Tracking information

First tracked

April 27, 2026

Last verified

April 27, 2026

Record ID

CA-P-003159

Document ID

CA-D-00010

Evidence Provenance

Source URL

https://openai.com/policies/privacy-policy

Wayback Machine

View archived versions →

SHA-256

8d0fc75b2591d6a033bfeb50a1e7b57bb62cb682a52fcbbd714621617a7525af

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: OpenAI | Document: OpenAI Privacy Policy | Record: CA-P-003159
Captured: 2026-04-27 09:30:04 UTC | SHA-256: 8d0fc75b2591d6a0…
URL: https://conductatlas.com/platform/openai/openai-privacy-policy/user-rights-access-correction-deletion-and-portability/
Accessed: April 29, 2026

Classification

Severity

Medium

User Rights: Access, Correction, Deletion, and Portability