Skip to main content

Security & privacy

OpenAI is committed to building trust in our organization and platform by protecting our customer and user data, models, and products.

OpenAI invests in security as we believe it is foundational to our mission. We safeguard computing efforts that advance artificial general intelligence and continuously prepare for emerging security threats.
Compliance and accreditation

OpenAI supports our customers’ compliance with privacy laws, including GDPR and CCPA, and we offer a Data Processing Addendum for customers. Our API, ChatGPT Enterprise, and ChatGPT Team have been evaluated by an independent third-party auditor and are covered in our SOC 2 Type 2 report.

A row of logos for AICPA, CCPA, and GDPR.

  • External auditing

    The OpenAI API, ChatGPT Enterprise, and ChatGPT Team undergo annual third-party penetration testing, which identifies security weaknesses before they can be exploited by malicious actors.

  • Customer requirements

    We help our customers meet regulatory, industry, and contractual requirements like HIPAA.

Reporting security issues

OpenAI invites security researchers, ethical hackers, and technology enthusiasts to report security issues via our Bug Bounty Program. The program offers safe harbor for good faith security testing and cash rewards for vulnerabilities based on their severity and impact.

An abstract, painterly image that interweaves bold primary colors in smooth shapes.

Learn more about security at OpenAI