tech
March 6, 2026
Security and privacy at OpenAI
OpenAI is committed to building trust in our organization and platform by protecting our customer data, models, and products.
TL;DR
- OpenAI prioritizes customer and user data protection to build trust.
- Dedicated pages offer information on business data privacy and consumer data safeguarding.
- OpenAI supports compliance with privacy laws like GDPR and CCPA.
- API, ChatGPT Enterprise, Business, and Edu products meet industry security standards per SOC 2 Type 2 evaluations.
- Regular third-party penetration testing is conducted on the API and ChatGPT business plans.
- Support for regulatory requirements like HIPAA is provided through product compliance features.
- Business products and API are evaluated for SOC 2 Type 2 Security and Confidentiality principles.
- ChatGPT business products and API are listed in the Cloud Security Alliance STAR registry.
- OpenAI business products offer administrative features for enhanced control and visibility.
- Business Associate Agreements (BAA) may be supported for HIPAA compliance.
- A Bug Bounty Program invites security researchers to report vulnerabilities for rewards.
Continue reading the original article