Security & privacy
OpenAI is committed to building trust in our organization and platform by protecting our customer and user data, models, and products.
Security & privacy commitments
Customers can learn more about our commitments to securing business data at our Enterprise Security & privacy center.
Users can understand how OpenAI safeguards data and empowers individuals to restrict their own data sharing at our Consumer privacy center.
Security compliance & accreditation
OpenAI supports our customers’ compliance with privacy laws, including the GDPR and CCPA, and offers a Data Processing Addendum for customers. Our API, ChatGPT Enterprise, ChatGPT Team, and ChatGPT Edu products are covered in our SOC 2 Type 2 report and have been evaluated by an independent third-party auditor to confirm that our controls align with industry standards for security and confidentiality. Visit our security portal to learn more about our security controls and compliance activities.
- External testing
The OpenAI API and ChatGPT business plans undergo regular third-party penetration testing to identify security weaknesses before they can be exploited by malicious actors.
- Meeting customer requirements
We strive to support our customers with regulatory, industry, and contractual requirements such as HIPAA. See our Product Compliance Features to understand how our products may fit your needs.
Product compliance features
SOC 2 Type 2
ChatGPT business products and the API have been evaluated for their compliance with the SOC 2 Type 2 Security and Confidentiality principles. Access our SOC2 report(opens in a new window) to learn more.
CSA STAR Level 1
ChatGPT business products and the API have been evaluated by the Cloud Security Alliance Security Trust Assurance and Risk (STAR) registry for key principles of transparency and cloud security best practices. View our listing(opens in a new window) to learn more.
Supporting customer compliance
OpenAI business products also support compliance and administrative features for enhanced visibility and fine grained controls.
In eligible cases, OpenAI business products may support Business Associate Agreements (BAA) for HIPAA compliance(opens in a new window).
Reporting security issues
OpenAI invites security researchers, ethical hackers, and technology enthusiasts to report security issues via our Bug Bounty Program. The program offers safe harbor for good faith security testing and cash rewards for vulnerabilities based on their severity and impact.