Concerns around data privacy, ChatGPT plugins, and enterprise data

I am CEO of a startup that develops enterprise software. We’re interested in developing a ChatGPT plugin and even wrote a quick POC.

Our plugin will be opt-in for our users (of course) but even so, we don’t want to release it if data from the plugin can enter the training corpus. I know OpenAI is working on enterprise plans. Is there a way to block our plugin from non-enterprise plans? Would love to jump on a call with someone from OpenAI and discuss the concerns and possible solutions, if possible.

Currently the ChatGPT plugin environment is such that any and all “plus” users can activate any plugin.

OpenAI seems to not have considered the responsibility needed in allowing unidentified-maker plugins to gather unidentified queries and data. There is no mechanism for even getting a website link, terms of service, privacy policy from a plugin before it is used. Plugins are disabled if a user opts out of conversation history because of their obvious leaky hole.

Consider a current ridiculous plugin, along the lines of “conversation history enhancer” sending anything you type to locations unknown.

There is no enterprise plan or special entitlement mechanism for plugins. ChatGPT is a consumer product, currently without even a good way for companies to manage employee accounts.

The data that could be retained by OpenAI would be queries and return values, as part of the conversation for 30 days, along with (of course) you providing all the needed plugin description to them for the plugin to operate. I think they are done with pretraining on what children are typing into ChatGPT.

The API that services requests with proprietary methods would be on your side.