Effective:  February 15, 2024 (previous version)

This Privacy Policy applies if you reside in the European Economic Area (EEA), Switzerland, or UK. If you live outside of the EEA, Switzerland, or UK, this version of our Privacy Policy applies to you.

We at OpenAI respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to Personal Data we collect from or about you when you use our website, applications, and services (collectively, “Services”). 

This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings, such as our API. Our use of that data is governed by our customer agreements covering access to and use of those offerings.

For information about how we collect and use training information to develop our language models that power ChatGPT and other Services, and your choices with respect to that information, please see this notice.

If you live in the European Economic Area (EEA) or Switzerland, OpenAI Ireland Limited, with its registered office at 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, is the controller and is responsible for the processing of your Personal Data as described in this Privacy Policy.

If you live in the UK, OpenAI OpCo, LLC, with its registered office at 3180 18th Street, San Francisco, California 94110, United States, is the controller and is responsible for the processing of your Personal Data as described in this Privacy Policy.

We collect personal data relating to you (“Personal Data”) as described below:

Personal Data You Provide: We collect the following Personal Data when you create an account or communicate with us-

• Account Information: When you create an account with us, we collect information associated with your account, including your name, contact information, account credentials, payment card information, and transaction history (collectively, “Account Information”).
• User Content: When you use our Services, we collect Personal Data that is included in the input, file uploads, or feedback that you provide to our Services (“Content”). 
• Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send (collectively, “Communication Information”).
• Social Media Information: We have pages on social media sites like Instagram, Facebook, Medium, X, YouTube and LinkedIn. When you interact with our social media pages, we collect Personal Data that you choose to provide to us, such as your contact details (collectively, “Social Media Information”). In addition, the companies that host our social media pages may provide us with aggregate information and analytics about our social media activity.

Other Information You Provide: We collect other information that you may provide to us, such as when you participate in our events or surveys or provide us with information to establish your age or identity (collectively, “Other Information You Provide”).

Personal Data We Receive Automatically From Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information (“Technical Information”):

• Log Data: Information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
• Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
• Device Information: Includes name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
• Cookies and Similar Technologies: We use cookies and similar technologies to operate and administer our Services, and improve your experience. For details about our use of cookies, please visit our Cookie Notice.

Personal Data We Receive From Other Sources: We collect information from other sources, like information that is publicly available on the internet, in particular to develop the models that power our Services. We also receive information from our trusted partners, such as security partners to protect against fraud, abuse, and other security threats to our Services or marketing vendors who provide us with information about potential customers of our business services.

For more information on the sources of information used to develop our large language models, please see this notice.

We may use Personal Data for the following purposes:

• To provide and maintain our Services;
• To improve and develop our Services and new features and conduct research;
• To communicate with you, including to send you information or marketing about our Services and events;
• To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our systems and Services; and
• To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, our affiliates, or any third party.

Aggregated or De-Identified Information. We aggregate or de-identify Personal Data so that it can no longer be used to identify you and use this information to analyze the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, we may share or publish aggregated information like general user statistics with third parties. We collect this information through the Services, through cookies, and through other means described in this Privacy Policy. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to re-identify the information, unless required by law.

As noted above, we use Content you provide us to improve our Services, for example to train the models that power our Services. Read our instructions on how you can opt out of our use of your Content to train our models.

In certain circumstances we may disclose your Personal Data to:

• Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may disclose Personal Data to vendors and service providers, including providers of hosting services, customer service vendors, cloud services, content delivery services, data warehouse services, support and safety monitoring services, email communication software, web analytics services, payment and transaction providers, and other information technology services providers. Pursuant to our instructions, these parties will access, process, or store Personal Data only in the course of performing their duties to us.
• Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Data and other information may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
• Government Authorities or Other Third Parties: We may share your Personal Data, including information about your interaction with our Services, with government authorities, industry peers, or other third parties in compliance with the law (i) if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, or users, or the public, or (vi) to protect against legal liability.
• Affiliates: We may disclose Personal Data to our affiliates, meaning an entity that controls, is controlled by, or is under common control with OpenAI. Our affiliates may use the Personal Data we share in a manner consistent with this Privacy Policy.   
• Business Account Administrators: When you join a ChatGPT Enterprise or business account, the administrator of that account may access and control your OpenAI account. In addition, if you create an account using an email address belonging to your employer or organization, we may share the fact that you have an account and certain account information, such as your email address, with your employer or organization to, for example, enable you to be added to their business account.

Other Users and Third Parties You Share Information With: Certain features allow you to display or share information with other users. For example, you may share ChatGPT conversations with other users via shared links or send information to third-party applications via custom actions for GPTs. 

We’ll retain your Personal Data for only as long as we need in order to provide our Service to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Data will depend on a number of factors, such as:

• Our purpose for processing the data (such as whether we need to retain the data to provide our Services);
• The amount, nature, and sensitivity of the data;
• The potential risk of harm from unauthorized use or disclosure of the data;
• Any legal requirements that we are subject to.

In some cases, the length of time we retain data depends on your settings. For example, ChatGPT’s data controls offer you the ability to turn off chat history. When chat history is disabled, the conversation will not appear in your history and we will permanently delete new conversations after 30 days and review them only as needed to monitor for and investigate abuse. You can find more information on data controls here.

You have the following statutory rights in relation to your Personal Data:

• Access your Personal Data and information relating to how it is processed.
• Delete your Personal Data from our records.
• Rectify or update your Personal Data.
• Transfer your Personal Data to a third party (right to data portability).
• Restrict how we process your Personal Data.
• Withdraw your consent—where we rely on consent as the legal basis for processing at any time. 
• Lodge a complaint with your local data protection authority (see below). 

You have the following rights to object:

• Object to our processing of your Personal Data for direct marketing at any time. 
• Object to how we process your Personal Data when our processing is based on our legitimate interests.

You can exercise some of these rights through your OpenAI account. If you are unable to exercise your rights through your account, please submit your request through privacy.openai.com or send it to dsar@openai.com.

Please note these rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information that we are required by law or have compelling legitimate interests to keep.   

We hope that we are able to address any questions or concerns you may have. If you have any unresolved complaints with us or our Data Protection Officer, you can reach out to the Irish Data Protection Commissioner as our lead supervisory authority, or your local supervisory authority. For any unresolved complaints relating to the UK you can reach out to the Information Commissioner's Office and for Switzerland, to the Federal Data Protection and Information Commissioner.   

A note about accuracy: Services like ChatGPT generate responses by reading a user’s request and, in response, predicting the words most likely to appear next. In some cases, the words most likely to appear next may not be the most factually accurate. For this reason, you should not rely on the factual accuracy of output from our models. If you notice that ChatGPT output contains factually inaccurate information about you and you would like us to correct the inaccuracy, you may submit a correction request to dsar@openai.com. Given the technical complexity of how our models work, we may not be able to correct the inaccuracy in every instance. In that case, you may request that we remove your Personal Data from ChatGPT’s output by filling out this form.

For information on how to exercise your rights with respect to data we have collected from the internet to train our models, please see this notice.

Our Services are not directed to, or intended for, children under 13.  We do not knowingly collect Personal Data from children under 13. If you have reason to believe that a child under 13 has provided Personal Data to OpenAI through the Services, please email us at privacy@openai.com. We will investigate any notification and, if appropriate, delete the Personal Data from our systems. Users under 18 must have permission from their parent or guardian to use our Services.

When we process your Personal Data for the purposes described above, we rely on the following legal bases:

We will transfer your Personal Data to recipients outside of the EEA, Switzerland and the UK for the purposes described in this Privacy Policy. If you are based in the EEA, Switzerland or the UK and your Personal Data is transferred to a third country, that third country may not offer the same level of data protection as your home country. However, we transfer Personal Data pursuant to applicable data protection laws. To transfer your Personal Data outside of the EEA, Switzerland or the UK, we rely on the European Commission’s adequacy decisions on certain countries and, for other jurisdictions, we rely on the Standard Contractual Clauses as approved by the European Commission and any applicable country addenda. For more information on or to obtain a copy of the appropriate safeguards we have in place, please contact us at privacy@openai.com. 

By using our Services, you understand and acknowledge that your Personal Data will be processed and stored in our facilities and servers in the United States and may be disclosed to our service providers and affiliates in other jurisdictions.

We may update this Privacy Policy from time to time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law.

Please contact support if you have any questions or concerns not already addressed in this Privacy Policy. Alternatively, you can write to us at privacy@openai.com or the address above under Section 1 (Data Controller).

You can contact our Data Protection Officer at dpo@openai.com in matters related to Personal Data processing.