We are experimenting with running OpenAI vision API on sensitive images.
There’s a security concern of storing images on OpenAI system.
Could someone please point me to OpenAI documentation and Terms of Use where they describe for how long processed images are stored on their end and how do they treat it?
1 Like
OpenAI’s current API docs say that API content, including image inputs, is not used to train models by default.
They also say API abuse-monitoring logs may retain customer content for up to 30 days by default, unless OpenAI is legally required to keep it longer. The exact retention depends on the endpoint. /v1/responses stores response objects for 30 days by default unless store=false is set. /v1/chat/completions does not normally retain application state. /v1/files content is kept until the customer deletes it.
OpenAI also says image and file inputs are scanned for CSAM, and flagged content may be retained for manual review even under stricter retention settings.
For API customers, the relevant contractual documents are the OpenAI Services Agreement, Service Terms, and DPA or business terms, not the consumer Terms of Use.
Hope this helps!
https://openai.com/policies/services-agreement/
https://openai.com/enterprise-privacy/
https://openai.com/business-data/
https://openai.com/policies/row-terms-of-use/
https://openai.com/policies/eu-terms-of-use/
1 Like
Thank you - this is very helpful!
1 Like