OpenAI data privacy. The nine clauses that matter.

OpenAI will not train on your enterprise data by default, but retention, subprocessors, audit rights, and exit deletion are only as strong as the clauses you sign.

What does OpenAI do with enterprise data by default?

OpenAI does not train its models on ChatGPT Enterprise, ChatGPT Team, or API data by default, and that commitment sits in the published enterprise privacy commitments. The default position is stronger than most procurement teams assume.

The gap is everything the defaults do not cover. Retention windows, subprocessor changes, breach notice timing, and audit rights are all set by the contract documents, not the marketing page.

• Business terms. The OpenAI business terms govern API and enterprise use. Read the data ownership and indemnity sections first.
• DPA. The Data Processing Addendum carries the GDPR and CCPA processor commitments. It must be executed, not just referenced.
• Trust portal. SOC 2 reports and subprocessor lists live on the OpenAI trust portal. Pull them before signature, not after.

The three documents that actually govern

The business terms set ownership and liability, the DPA sets processor obligations, and the trust portal evidences the controls. A privacy review that reads only one of the three is incomplete.

What the defaults leave open

Retention length, subprocessor changes, breach notice timing, residency, and exit deletion are contract variables. Each defaults to provider discretion unless your order form says otherwise.

Which nine clauses should the agreement carry?

Nine clauses separate a defensible OpenAI agreement from a signed marketing page: training exclusion, retention, zero data retention eligibility, subprocessor notice, breach notice, audit rights, data residency, deletion on exit, and indemnity scope. Each one has a concrete buyer position.

Clauses one to five: data handling

1. Training exclusion in the order form. Restate the no training default as a contract term so it survives policy edits.
2. Retention window. Name the 30 day abuse monitoring window and require written notice if it changes.
3. Zero data retention. If your workload qualifies, get ZDR approval in writing and reference it in the agreement.
4. Subprocessor notice. 30 days advance notice of new subprocessors, with a right to object.
5. Breach notice. 72 hours to match GDPR Article 33, not the vaguer commercially reasonable standard.

Clauses six to nine: control and exit

1. Audit rights. Annual SOC 2 Type 2 delivery plus a written security questionnaire right.
2. Data residency. If you need EU processing, name the region. Silence means provider discretion.
3. Deletion on exit. Certified deletion within 30 days of termination, including backups on a defined cycle.
4. Indemnity scope. Copyright indemnity for output exists in OpenAI paper. Confirm it covers your usage tier and is not voided by your own fine tuning data.

How do you negotiate these clauses without stalling the deal?

Anchor every ask to something OpenAI has already published, because the fastest redlines are the ones the vendor has conceded elsewhere. The enterprise privacy page, the DPA, and the trust portal give you the anchor for seven of the nine clauses.

Sequence matters. Send the DPA and the security questionnaire in week one, in parallel with commercial terms. Teams that treat privacy as a closing formality lose two to four weeks at signature.

What the account team will push back on

• ZDR eligibility. Granted by use case review, not by negotiation pressure. Submit the use case early.
• Custom breach windows. Smaller deals get the standard DPA terms. Below roughly 250 thousand dollars a year, expect limited movement.
• Audit beyond SOC 2. On site audits are reserved for the largest commitments. The report plus questionnaire route is the realistic position.

Where the common advice on OpenAI privacy terms is wrong

The standard advisory line is that OpenAI terms are non negotiable below seven figures, so buyers should sign the standard paper and move on. We disagree. In roughly 12 of the 30 OpenAI reviews Morten Andersen ran in 2024 to 2025, named retention, subprocessor notice, and deletion clauses were accepted at mid six figure spend, because the asks restated published commitments as contract terms rather than inventing new obligations. The buyer side move is to convert policy into contract. A policy page can change with a web edit; an order form term cannot. Treating the two as equivalent is the single most common GenAI procurement error we see.

A privacy policy is a webpage. An order form clause is a promise you can enforce. Never confuse the two when the data leaving your estate is your customers own.

What to do next

1. Map every OpenAI channel in use: ChatGPT tiers, API keys, and shadow usage through third party tools.
2. Pull the current business terms, DPA, and SOC 2 report from the trust portal.
3. Execute the DPA before the next renewal or expansion order.
4. Submit the zero data retention use case review if your workload qualifies.
5. Redline the nine clauses above into the order form, anchored to published commitments.
6. Set a quarterly check on the enterprise privacy page for changes to defaults.
7. Brief the AI governance owner on retention and residency positions agreed.

For the wider GenAI vendor picture, start with the GenAI knowledge hub or the GenAI vendor advisory practice. For an always on review lane across all your vendors, see Vendor Shield.

Frequently asked questions

Does OpenAI train its models on enterprise data?

No. OpenAI states it does not train models on ChatGPT Enterprise, ChatGPT Team, or API customer data by default. Restate that commitment in your order form so a future policy change cannot weaken it.

How long does OpenAI retain API data?

The standard window is up to 30 days for abuse monitoring, after which inputs and outputs are deleted. Qualifying workloads can apply for zero data retention, which removes storage at rest.

Is the OpenAI DPA negotiable?

Mostly no at typical enterprise spend. The realistic positions are executing the standard DPA, adding order form clauses for notice and deletion, and securing ZDR approval where eligible.

What audit rights can an enterprise get from OpenAI?

Annual SOC 2 Type 2 report delivery plus a written security questionnaire right is the standard achievable position. On site audit rights are reserved for the largest commitments.

Does OpenAI offer EU data residency?

Regional processing options exist for eligible enterprise customers but only apply when named in the agreement. Silence in the contract means provider discretion on processing location.