Zero Data Retention Information

Have looked up and down for more information on ZDR for the OpenAI API product and eligible endpoints. Have submitted sales requests as directed, here, multiple times, and followed up on those follow ups.

No settings in the OpenAI account portal, no concrete language in privacy or data policies, no known or obvious API parameters to be passed.

It’s mentioned that ZDR “can be requested” which would imply that the base policies do not cover ZDR out of the box. The standards retention is 30 days for the “eligible endpoints” - this does not seem to be the same as "Not training our models on your data. Your data is still retained for up to 30 days for review.

Has ANYONE been able to get any concrete information or advice on Zero Data Retention or enabling Zero Data Retention on eligible endpoints?

Doesn’t seem like this should be as hard as it’s been.

1 Like

If you require a ZDR agreement because you are processing PHI you can request a BAA at baa@openai.com, once you have that you’ll at least have a point of contact with whom to broach the subject of a ZDR agreement.

If you just want a ZDR because you just want one, that will likely be a steeper hill to climb.

For trusted customers with sensitive applications, zero data retention may be available.

So, you’ll need to be a “trusted” customer and be able to establish you’re dealing with sensitive information and that your application doesn’t otherwise violate OpenAI’s usage policies.

3 Likes

Yeah, we’re a healthcare company and a user may or may not unintentionally discuss PHI with some semblance of GPT. Thanks for the info, will look into that. Appreciate it.

1 Like

Hello everyone, we are an EU payment service provider facing a similar issue. Although we don’t handle healthcare information, we are considering integrating the OpenAI API to process financial data. This integration aims to enhance our communication processes with customers when suspicious transactions are detected. We adhere strictly to audit processes and GDPR compliance.

We are looking for something akin to a Business Associate Agreement (BAA) but for financial data. Ideally, this would be coupled with a zero data retention agreement. We’ve tried reaching out to sales multiple times, but haven’t received a response in months.

Is the option for zero data retention only available for HIPAA-related data, or is it applicable to financial data as well?

My understanding is that the zero data retention option is use case specific and hence not limited to healthcare providers. It might simply take some time for the OpenAI team to get back to your specific query. I would give it a few more weeks.

Thank you for your response. I should have mentioned that we have repeatedly contacted sales since November 2023 but have not received any reply. We also reached out to baa@openai.com and received a prompt response; however, it only addressed HIPAA-related queries.

Take a look at the thread below - it has some additional insights from others, in particular here and here. Unfortunately not necessary with a successful outcome but it indicates an alternative path you might want to take to reach out to OpenAI regarding the request.

Thank you, but we have already tried those methods.

I think the next step is to submit an information notice to our customers.

Hello Moglial,
have you received any response from them yet?