Is OpenAI platform SOC2 compliant if I have subscribed ChatGPT enterprise?

Because of the requirement of security compliance, we need the api providers are compliant to ensure the security of data and service. It seems OpenAI platform and ChatGPT are two different products, So, is OpenAI platform compliant?
Another question: How much free credits does chatgpt enterprise members have? In this page: https://openai.com/index/introducing-chatgpt-enterprise/ " If you need to extend OpenAI into a fully custom solution for your org, our pricing includes free credits to use our APIā (opens in a new window) as well."

2 Likes

I had asked this question once to OpenAI. They gave me this answer : OpenAIā€™s services, including ChatGPT, comply with various industry standards and regulations. For example, ChatGPT Enterprise is SOC 2 compliant, which means it adheres to stringent security and privacy standards.

1 Like

Ho @jinjie.wu and welcome to the community!

As per your link, it actually stipulates explicitly that Enterprise license is SOC2 compliant, more specifically:

Enterprise-grade security and privacy

  • Customer prompts and company data are not used for training OpenAI models.
  • Data encryption at rest (AES 256) and in transit (TLS 1.2+)
  • Certified SOC 2 compliant

I use Enterprise in my organization and can confirm that itā€™s compliant. Regarding free tokens, I think itā€™s case by case.

1 Like

Hi!

You can also get a better understanding of the data security, privacy, and compliance for enterprise and other services via the trust portal.

https://trust.openai.com/

3 Likes

Thanks for you reply. However, my question is OpenAI api SOC2 compliant? Because API is a different product from ChatGPT

2 Likes

Yes, the API service is SOC2 Type 2 compliant.
This is from the API overview page. You need to browse there in order to follow the links.

Security and data privacy
No training on your dataā 

Zero data retention policy by requestā (opens in a new window)

Business Associate Agreements (BAA) for HIPAA complianceā (opens in a new window)

SOC 2 Type 2 complianceā (opens in a new window)

Single sign-on (SSO) and multi-factor authentication (MFA)

Data encryption at rest (AES-256) and in transit (TLS 1.2+)

Private Link to securely connect your Azure instances

Hope this helps!

2 Likes