Skip to main content

Security & privacy

OpenAI is committed to building trust in our organization and platform by protecting our customer and user data, models, and products.

OpenAI is dedicated to safeguarding computing efforts that advance artificial general intelligence. Our responsibility to prepare for emerging security threats to users, customers, and global communities shapes everything we do.
OpenAI humans

Security & privacy commitments

Customers can learn more about our commitments to securing business data at our Enterprise Security & privacy center.

Users can understand how OpenAI safeguards data and empowers individuals to restrict their own data sharing at our
Consumer privacy center.

Security compliance & accreditation

OpenAI supports our customers’ compliance with privacy laws, including the GDPR and CCPA, and offers a Data Processing Addendum for customers. Our API, ChatGPT Enterprise, ChatGPT Team, and ChatGPT Edu products are covered in our SOC 2 Type 2 report and have been evaluated by an independent third-party auditor to confirm that our controls align with industry standards for security and confidentiality. Visit our security portal to learn more about our security controls and compliance activities.

Icons for AICPA SOC, CCPA, and GDPR on a soft green gradient background, representing compliance with data security and privacy standards.

  • External testing

    The OpenAI API and ChatGPT business plans undergo regular third-party penetration testing to identify security weaknesses before they can be exploited by malicious actors.

  • Meeting customer requirements

    We strive to support our customers with regulatory, industry, and contractual requirements such as HIPAA. See our Product Compliance Features to understand how our products may fit your needs.

Product compliance features

SOC 2 Type 2

ChatGPT business products and the API have been evaluated for their compliance with the SOC 2 Type 2 Security and Confidentiality principles. Access our SOC2 report(opens in a new window) to learn more.

CSA STAR Level 1

ChatGPT business products and the API have been evaluated by the Cloud Security Alliance Security Trust Assurance and Risk (STAR) registry for key principles of transparency and cloud security best practices. View our listing(opens in a new window) to learn more.

Supporting customer compliance

OpenAI business products also support compliance and administrative features for enhanced visibility and fine grained controls. 

In eligible cases, OpenAI business products may support
Business Associate Agreements (BAA) for HIPAA compliance(opens in a new window).

Reporting security issues

OpenAI invites security researchers, ethical hackers, and technology enthusiasts to report security issues via our Bug Bounty Program. The program offers safe harbor for good faith security testing and cash rewards for vulnerabilities based on their severity and impact.

Abstract image with flowing brushstrokes in shades of green, blue, and yellow, resembling a river or natural landscape.

Learn more about security at OpenAI