OpenAI updates Europe privacy policy, adding new data categories

OpenAI has updated its Europe-facing privacy policy following the November 2024 EU revision, clarifying scope, expanding coverage, and detailing user controls.

The updated document is longer, with dedicated sections for data controls and practical resources. It explains key controls and settings within the text, making available choices easier to understand without moving between documents.

“This Privacy Policy describes our practices with respect to personal data that we collect from or about you, and how we use it when you use our website, applications, and services,” the company said.

Coverage now extends to a wider range of user content, including files, images, audio, video, and content created through newer tools and integrations. Contact data is also addressed, covering cases where users upload or sync contacts.

User options are described in more detail, including opting out of model training where available, managing memory features, exporting or deleting data, using temporary chats, and adjusting cookie or advertising preferences where applicable.

Additional detail is provided on how personal data may be disclosed, including sharing with service providers for infrastructure, safety, or age and identity checks, disclosures related to search, shopping, or media features, and sharing information with a parent or guardian to support the linking and oversight of teen accounts.

The document explains data retention practices, describing how long different categories of personal data may be kept and the factors that influence retention periods. The document notes that some data may be retained after deletion requests for legal, security, or compliance reasons, and that such information is subject to appropriate safeguards.

Data controller information has been reorganized into a dedicated section, with updated address and regional scope details.