Data governance and compliance
Learn how to enforce privacy settings, set retention policies, and establish governance controls for secure and compliant use of ChatGPT.
Data privacy and retention settings
One of the most important areas for governance is deciding how ChatGPT will handle your organization’s data. Both ChatGPT Enterprise and ChatGPT Business come with the following features and protections out-of-the-box:
- No training on data: By default, OpenAI does not use business customer content from ChatGPT Enterprise and ChatGPT Business to train its models.
- Data encryption: Both plans offer encryption of data at rest and in transit, to help securely store and transmit conversations.
- Conversation history & retention period: By default, chats are saved indefinitely to the user’s account until they delete them. However, Enterprise Owners can set a custom data retention policy for the workspace with a minimum of 90 days. Keep in mind that shorter retention may significantly impact user experience, as it will limit the amount of chats that ChatGPT is able to reference.
Visit the OpenAI Trust Portal to access our comprehensive compliance documentation, find answers to frequently asked questions related to security and privacy, and explore our robust security practices. Security, compliance and governance controls
Beyond user access and data retention, consider the broader security and compliance governance:
- What features should be enabled/ disabled at launch and what is the review process for enabling disabled features?
- Will we permit third-party integrations, and if so, how do we vet and enable them?
- What is the maximum sharing scope for custom GPTs?
- Will we integrate the Compliance API or SIEM/DLP tools for ongoing audit and e-discovery?
