The data I’m sending the api has to be secure and must not be access or stored by the openai . Will the data’s security and privacy be compromised if I use the openAI api
Welcome to the community!
Answer via OpenAI’s kapa.ai implementation on Discord…
OpenAI places a high priority on data security and privacy. According to the information provided in the extracts:
- Data sent to the OpenAI API is not used to train or improve OpenAI models, unless you explicitly opt in to share your data for this purpose [source (https://platform.openai.com/docs/models)].
- Data submitted through the OpenAI API is not used to improve OpenAI’s service offering [source (Security)].
- OpenAI does not share user content with third parties for marketing purposes [source (Security)].
- You can request that your content be deleted, and OpenAI will delete your content (such as prompts, generated images, uploads, and API responses) when you submit a data deletion request. A data deletion request can take up to 30 days to process once it has been received [source (Security)].
- To help identify abuse, API data may be retained for up to 30 days, after which it will be deleted (unless otherwise required by law). For trusted customers with sensitive applications, zero data retention may be available. With zero data retention, request and response bodies are not persisted to any logging mechanism and exist only in memory in order to serve the request [source (https://platform.openai.com/docs/models)].
Therefore, your data’s security and privacy should not be compromised when using the OpenAI API. However, it’s always a good practice to review the Privacy Policy (Privacy policy) and Terms of Use (Terms of use) to ensure you understand how your data is handled.
Note, data security on your end is important too.
Hope this helps.
Stick around, we’ve got a great community garden growing here! 
1 Like
OpenAI is not governed by their privacy policy but its Data Processing Addendum
Just google “Privacy and Compliance Considerations for ChatGPT Applications”
OpenAI’s Data Processing Addendum, not their Privacy, governs the data collected from organizations using OpenAI’s API services for businesses in the absence of any other individually negotiated agreements.
OpenAI represents that all customer data is processed and stored in the US. No data centres are located in the EU or elsewhere, and no capability currently exists to self-host.
Subservice providers used by OpenAI are, at the time of writing, Microsoft for providing cloud infrastructure; OpenAI affiliates for services and support; Snowflake for data warehousing; and TaskUS for user support and human annotation of data for service improvement. Microsoft and TaskUS are located ‘worldwide’ and the other two are in the US. In light of the fact that OpenAI says all customer data is processed and stored in the US, it seems that the Microsoft servers hosting OpenAI customer data are located in the US as well.
This is my take on the situation.