OpenAI · OpenAI Privacy Policy

User Rights — Access, Deletion, Portability, and Correction

Medium severity
Share 𝕏 Share in Share

What it is

Depending on your country, you may have rights to see, correct, delete, or move your personal data held by OpenAI, and to opt out of data sharing — but which rights apply depends on where you live.

Consumer impact (what this means for users)

EU, UK, and California users have legally enforceable rights to access, correct, delete, and port their ChatGPT data, but users in most other jurisdictions must rely on OpenAI's voluntary compliance rather than legal entitlement.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Visit OpenAI's privacy portal and submit a data deletion or access request. OpenAI must respond within 30 days (EU/UK) or 45 days (California) of receiving your request.
  • Export Your Data
    In ChatGPT, go to Settings, select Data Controls, and click 'Export Data' to download a copy of your conversations and account information.

How other platforms handle this

Webull Medium

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, ...

Noom Medium

We keep your information only so long as we need it to provide our services to you, fulfill the purposes described in this policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Actual retention periods can vary significantly based on your expectations and consent, ...

Stability AI Medium

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us to keep your p...

See all platforms with this clause type →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

The conditional framing ('depending on where you live') means many users outside the EU, UK, and California may have significantly fewer enforceable rights over their data, creating an unequal privacy landscape across OpenAI's global user base.

View original clause language
Depending on where you live, you may have certain rights related to your personal information. For example, you may have the right to: Access information about how we process your personal information and get a copy of your personal information; Delete your personal information from our systems; Correct inaccurate or incomplete personal information; Restrict how we process your personal information; Object to how we process your personal information; Port your personal information to another service (data portability); Opt out of the sale or sharing of your personal information; Not be discriminated against for exercising any of these rights.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: GDPR Arts. 15-22 (access, rectification, erasure, restriction, portability, objection); CCPA/CPRA §§1798.100-1798.125 (access, deletion, correction, portability, opt-out of sale/sharing); UK GDPR equivalent rights; Brazil LGPD Arts. 17-22; Canada PIPEDA access and correction rights. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • State AG
    California residents can file complaints with the California Privacy Protection Agency or California AG regarding CPRA rights violations including unfulfilled deletion or access requests.
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
FCRA
United States Federal
GDPR
European Union
GLBA
United States Federal
HIPAA
United States Federal
UK GDPR
United Kingdom

Provision details

Document information
Document
OpenAI Privacy Policy
Entity
OpenAI
Document last updated
March 24, 2026
Tracking information
First tracked
March 6, 2026
Last verified
April 10, 2026
Record ID
CA-P-002669
Document ID
CA-D-00010
Evidence Provenance
Source URL
https://openai.com/policies/privacy-policy
Wayback Machine
View archived versions →
SHA-256
90ad72975ac0d9d86d724561a29d464c061ec09345abf2fde0eccd43d6205bcf
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: OpenAI | Document: OpenAI Privacy Policy | Record: CA-P-002669
Captured: 2026-03-06 20:23:45 UTC | SHA-256: 90ad72975ac0d9d8…
URL: https://conductatlas.com/platform/openai/openai-privacy-policy/user-rights-access-deletion-portability-and-correction/
Accessed: April 29, 2026
Classification
Severity
Medium
Categories
Data retention

Other provisions in this document