This is OpenAI's Terms of Use — the legal agreement you accept when using ChatGPT, Sora, Codex, or the OpenAI API. The most important thing to know is that OpenAI may use your conversations and inputs to train and improve its AI models unless you actively opt out through your account settings. EU users and business customers have separate, more detailed terms that may provide additional protections not available to general consumers.
This document constitutes OpenAI's Terms of Use governing consumer access to OpenAI's AI services including ChatGPT, Sora, Codex, and the API platform, operating under a clickwrap contract formation model with incorporation by reference of supplemental policies including the Privacy Policy, Usage Policies, and Sharing & Publication Policy. Key obligations imposed on users include compliance with usage policies prohibiting specified harmful content categories, age restrictions (13+ generally, 18+ for certain features, with parental consent requirements for minors), and restrictions on reverse engineering or circumventing service safety systems; OpenAI's principal obligations include service provision, content moderation, and data handling as described in the referenced Privacy Policy. Notably, the document references separate terms for EU users and business customers, creating a tiered contractual structure that may reduce transparency for non-EU consumers who receive fewer statutory protections, and the terms explicitly permit OpenAI to use user inputs and outputs to improve model performance unless users opt out, which represents a broad data utilization right that goes beyond what many consumers would reasonably anticipate. The document engages GDPR (EU users directed to separate terms), CCPA (California residents implicated by data use for model training), COPPA (age restrictions and parental consent mechanisms), and the EU AI Act (given ChatGPT's classification as a general-purpose AI system); material compliance considerations include the adequacy of consent mechanisms for model training data use, the enforceability of the incorporated-by-reference policy structure, and the sufficiency of age verification controls relative to COPPA and equivalent state minors' privacy laws.
REGULATORY EXPOSURE: This document engages multiple regulatory frameworks simultaneously. GDPR Arts. 6, 13, and 17 apply to EU/EEA users who are directed to a separate EU Terms of Use, raising questi…
REGULATORY EXPOSURE: This document engages multiple regulatory frameworks simultaneously. GDPR Arts. 6, 13, and 17 apply to EU/EEA users who are directed to a separate EU Terms of Use, raising questions about whether the bifurcated structure adequately satisfies transparency obligations for non-EU …
Compliance intelligence locked
Regulatory exposure, material risk, and due diligence action items.