Security & privacy
OpenAI is committed to building trust in our organization and platform by protecting our customer and user data, models, and products.
Compliance and accreditation
OpenAI supports our customers’ compliance with privacy laws, including GDPR and CCPA, and we offer a Data Processing Addendum for customers. Our API, ChatGPT Enterprise, and ChatGPT Team have been evaluated by an independent third-party auditor and are covered in our SOC 2 Type 2 report.
- External auditing
The OpenAI API, ChatGPT Enterprise, and ChatGPT Team undergo annual third-party penetration testing, which identifies security weaknesses before they can be exploited by malicious actors.
- Customer requirements
We help our customers meet regulatory, industry, and contractual requirements like HIPAA.
Reporting security issues
OpenAI invites security researchers, ethical hackers, and technology enthusiasts to report security issues via our Bug Bounty Program. The program offers safe harbor for good faith security testing and cash rewards for vulnerabilities based on their severity and impact.