IndexableHigh priorityLast reviewed 2026-05-215/5 fresh sources

OpenAI vendor policy review packet for SaaS teams

This page tracks the OpenAI documents a SaaS team usually needs when it promises customers how AI inputs, outputs, files, retention, subprocessors, and model training are handled. The highest-risk review area is making sure API Platform commitments are not copied to a different OpenAI product without checking the product-specific source.

Scan OpenAI against your commitments Back to vendor database

Vendor category

AI model provider

Typical use

API features, assistants, embeddings, files, fine-tuning, and ChatGPT business workspaces.

Common data involved

Prompts, completions, uploaded files, fine-tuning records, workspace metadata, and limited account data.

Documents monitored

Privacy, terms, DPA, platform data controls, and subprocessors.

Last reviewed

2026-05-21

Review priority

High

Source freshness

5/5 sources have recent review dates

What to monitor

AI and data-use policy

Verified source

Check the platform data controls page before making customer commitments about API data, abuse monitoring, model training, or retention options.

Data Processing Addendum

Verified source

Confirm whether your use of OpenAI is covered by the DPA and whether your customer contract needs a matching subprocessor or processor statement.

Privacy policy and terms

Verified source

Use these for account, product, and service-level policy changes that may affect public Trust Center language.

Subprocessor list

Verified source

Monitor new or changed subprocessors before renewing customer-facing vendor lists.

Retention and deletion details

Verified source

Treat retention as product-specific. API Platform controls, DPA language, and enterprise settings may not apply to every OpenAI product.

Review checklist

Identify which OpenAI product, workspace, and API organization your team uses.
Record whether customer content, personal data, files, fine-tuning data, or regulated data is sent.
Check model training, retention, deletion, DPA, and subprocessor language against current source links.
Map each customer-facing statement to the exact OpenAI source and last reviewed date.
Escalate to legal or privacy review before changing a Trust Center statement or DPA exhibit.

Customer commitments that may be affected

Customer data is not used to train provider models unless a team opts in or uses a product where different terms apply.
Prompts, outputs, and uploaded files are retained only for the period described in the relevant OpenAI source.
Subprocessors are reviewed before adding or materially changing customer data flows.
Vendor review packets cite current OpenAI terms, DPA, and privacy sources instead of stale screenshots.
Product documentation separates OpenAI API use from ChatGPT consumer or workspace use.

Recent changes

No material public change is asserted beyond this source review. Treat 2026-05-21 as the baseline date for future OpenAI page comparisons.

AI Vendor Packet organizes review packet evidence and review prompts. It does not provide legal advice.

Applicability notes by plan or product

Scope: OpenAI API Platform
Applies to: SaaS product features that call OpenAI APIs directly.
Watch for: Review API data controls, retention settings, abuse monitoring settings, and whether model training is enabled by choice.

Scope: ChatGPT Team, Enterprise, or Edu
Applies to: Internal employee use and business workspaces.
Watch for: Do not assume API evidence covers workspace features, connectors, file handling, or admin controls.

Scope: Consumer ChatGPT or user-owned accounts
Applies to: Ad hoc employee use outside a managed business plan.
Watch for: Customer commitments should usually exclude unmanaged accounts or require a separate policy review.

Scope	Applies to	Watch for
OpenAI API Platform	SaaS product features that call OpenAI APIs directly.	Review API data controls, retention settings, abuse monitoring settings, and whether model training is enabled by choice.
ChatGPT Team, Enterprise, or Edu	Internal employee use and business workspaces.	Do not assume API evidence covers workspace features, connectors, file handling, or admin controls.
Consumer ChatGPT or user-owned accounts	Ad hoc employee use outside a managed business plan.	Customer commitments should usually exclude unmanaged accounts or require a separate policy review.

Use issue pages for narrower customer review questions.

OpenAI data use review for SaaS customer commitmentsFor SaaS teams using the OpenAI API, the data-use question should start with OpenAI's platform data controls, not a general product page. OpenAI's public source says how API business data is handled by default and when settings or product scope may change the answer. Treat every customer statement as product-specific.OpenAI data retention review for SaaS customer commitmentsOpenAI retention commitments should be written narrowly. The API platform source explains available data controls and retention behavior for that product path, while the DPA covers contractual processing terms. A SaaS team should also review its own logs, traces, and application databases before promising a retention period.

Source freshness

For packet evidence, critical AI and SaaS vendor sources should show a recent reviewed date. Material vendor notices, Trust Center updates, DPA changes, subprocessor notices, and customer-reported changes should be checked before the packet is reused externally.

All listed source dates are recent for the current packet freshness model.

Recent review date: Sources used in a paid packet should have a visible reviewed date and should be rechecked before they are reused for a new customer answer.
Urgent-change handling: Material vendor notices, broken source links, DPA updates, subprocessor notices, and customer-reported source changes should be routed to the relevant owner before reuse.
Stale-source warning: A source older than 60 days, missing a reviewed date, or failing the latest source check should be marked for review before the packet is reused externally.

Source documents

Each factual vendor claim on this page is tied to official source documents reviewed on 2026-05-21.

Data controls in the OpenAI platformhttps://platform.openai.com/docs/guides/your-dataLast verified: May 21, 2026 · Registry verifiedFresh OpenAI Data Processing Addendumhttps://openai.com/policies/data-processing-addendum/Last verified: May 21, 2026 · Registry verifiedFresh OpenAI Privacy Policyhttps://openai.com/policies/privacy-policy/Last verified: May 21, 2026 · Registry verifiedFresh OpenAI Terms of Usehttps://openai.com/policies/terms-of-use/Last verified: May 21, 2026 · Registry verifiedFresh OpenAI subprocessorshttps://platform.openai.com/subprocessorsLast verified: May 21, 2026 · Registry verifiedFresh

Scan OpenAI against your own commitments.

Compare official vendor sources with the customer-facing promises your team has already made. Use the scanner first, then order the $199 review packet when you want the evidence organized for legal, privacy, security, or founder approval.

Scan OpenAI against your commitments See the $199 packet

OpenAI vendor policy review packet for SaaS teams

What to monitor

AI and data-use policy

Data Processing Addendum

Privacy policy and terms

Subprocessor list

Retention and deletion details

Review checklist

Customer commitments that may be affected

Recent changes

Applicability notes by plan or product

Related pages

Source freshness

Source documents

Scan OpenAI against your own commitments.