Depending on your country, you may have rights to see, correct, delete, or move your personal data held by OpenAI, and to opt out of data sharing — but which rights apply depends on where you live.
This analysis describes what OpenAI's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision operationalizes OpenAI's compliance framework with varying privacy regulations across jurisdictions by explicitly enumerating the individual rights users may invoke. This establishes the procedural basis for users to initiate requests regarding their personal data and limits discrimination in service provision based on rights exercise.
The updated policy removes language describing how OpenAI uses advertiser and data partner information to personalize ads and measure ad effectiveness. The policy also removes the specific mechanism Free and Go users previously had to control ad personalization through account settings. In exchange, the policy adds explicit authorization for OpenAI to identify which of a user's contacts use OpenAI services and to monitor all content submitted on the platform for fraud and misuse detection. The authorization to monitor content and identify contacts now appears in the main policy purposes section rather than in supplementary documentation. You can review the Korea Addendum if you are located in South Korea to understand region-specific privacy rules.
View change record →The updated policy removes language that previously described ad personalization controls available to Free and Go users through account settings, though the policy continues to authorize OpenAI to personalize ads and measure their effectiveness for these user tiers. Previously, the policy explicitly stated that 'For Free and Go users, you can use the advertising controls in your account settings to control what data we use to personalize the ads we show you on our Services.' This language is no longer present in the updated version. The policy still lists ad personalization as an authorized use of personal data for Free and Go users, but no longer explicitly describes how users can access controls to manage this practice. You should verify whether advertising controls remain functional in your OpenAI account settings, as the policy no longer explicitly references them.
View change record →The updated policy removes specific language stating that OpenAI receives advertiser data to personalize ads shown to Free and Go users. It also removes reference to account-level advertising controls previously described in account settings. These removals are replaced with broader language authorizing OpenAI to promote products through direct marketing and third-party properties, subject to choices and controls, but the terms no longer explicitly describe what advertiser data is collected, from whom, or how to manage it at the account level. The policy now requires users to follow a 'learn more' link to understand ad personalization controls, rather than documenting those controls directly in the privacy policy.
View change record →EU, UK, and California users have legally enforceable rights to access, correct, delete, and port their ChatGPT data, but users in most other jurisdictions must rely on OpenAI's voluntary compliance rather than legal entitlement.
How other platforms handle this
Depending on where you live, you may have certain rights regarding your personal information, including: the right to access the personal information we hold about you; the right to correct inaccurate personal information; the right to request deletion of your personal information; the right to data...
Depending on your location, you may have certain rights regarding your personal data. These may include the right to access personal data we hold about you, to correct inaccurate data, to request deletion of your data, to object to or restrict our processing, and to receive your data in a portable f...
You may have rights under applicable law to access, correct, delete, or obtain a copy of your personal information. Depending on where you live, you may also have the right to object to or restrict certain processing of your data, and to lodge a complaint with a supervisory authority. You can exerci...
Monitoring
OpenAI has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Depending on where you live, you may have certain rights related to your personal information. For example, you may have the right to: Access information about how we process your personal information and get a copy of your personal information; Delete your personal information from our systems; Correct inaccurate or incomplete personal information; Restrict how we process your personal information; Object to how we process your personal information; Port your personal information to another service (data portability); Opt out of the sale or sharing of your personal information; Not be discriminated against for exercising any of these rights.— Excerpt from OpenAI's OpenAI Privacy Policy
(1) REGULATORY FRAMEWORK: GDPR Arts. 15-22 (access, rectification, erasure, restriction, portability, objection); CCPA/CPRA §§1798.100-1798.125 (access, deletion, correction, portability, opt-out of sale/sharing); UK GDPR equivalent rights; Brazil LGPD Arts. 17-22; Canada PIPEDA access and correction rights. (2)
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision operationalizes OpenAI's compliance framework with varying privacy regulations across jurisdictions by explicitly enumerating the individual rights users may invoke. This establishes the procedural basis for users to initiate requests regarding their personal data and limits discrimination in service provision based on rights exercise.
EU, UK, and California users have legally enforceable rights to access, correct, delete, and port their ChatGPT data, but users in most other jurisdictions must rely on OpenAI's voluntary compliance rather than legal entitlement.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by OpenAI.