ChatGPT

OpenAI · Generative AI assistant

Ayliea's assessment: High RiskAyliea recommends: RestrictIn Ayliea's curated list

Verified 2026-04-26. Risk classification and recommended policy are Ayliea's subjective assessments — not vendor certifications.

Data residency: United States (commercial); EU regions on Enterprise
Zero retention available: Yes (commercial / Enterprise tier)
Certifications: SOC 2 Type II, ISO 27001

Why this rating

Personal accounts may use prompts for training (free tier) and lack DPA coverage. Enterprise / Team accounts have a DPA, zero-retention by default, and SOC 2 / ISO 27001 attestations.

Considerations before deploying

Use Enterprise or Team accounts for any business use; block free.openai.com at egress for organizational accounts
Confirm DPA executed before processing personal data
Disable training opt-in (Settings → Data Controls)

Sources

OpenAI Trust Portal (trust.openai.com)
OpenAI Enterprise Privacy (openai.com)

Want this for every tool on your network?

Ayliea finds every AI tool your team is actually using and applies your policies automatically.

Run a free network scan Compare with another vendor

← Back to vendor lookup