Recently I pitched an idea to all of my clients. An idea to have an integration between Salesforce and OpenAI ChatGPT. I asked them, if there’s any process in their business where we could leverage the power of AI to reduce the need for human involvement. Everyone was interested, but they had concerns specifically about OpenAI data policies. They didn’t want their customers sensitive data to be used for training large OpenAI’s language models (LLMs). So, today, I’ll clarify everything about OpenAI data policies, including what data is used for training their LLMs, what isn’t, and how long your data is stored.
OpenAI API Services and non-API Services
OpenAI provides services using their APIs and non API Services. OpenAI’s Non-API Services are ChatGPT and DALL.E.
OpenAI Data Policies: non-API Services
So, as per OpenAI’s Security Policy, “Data submitted through non-API consumer services ChatGPT or DALL·E may be used to improve our models“. In other words, if you’re using ChatGPT Free, ChatGPT Plus or DALL.E, OpenAI mayor may not use your data to train their LLM. But it’s not end of the world.
Opt-Out from Data being used for non-API Services
OpenAI still allows you to Opt-Out of having your data used to improve their non-API services. All you have to do it goto OpenAI’s Privacy Website and from the top right of the page click on ‘Make a Privacy Request’.
It will ask you for your Email. After entering your Email, it will send you a login link to login into their website. Once Logged in, you’ll be shown something like this:
Confirm the request and if they process your request, you’ll receive an Email confirming the same. Like this:
Interesting Read: Salesforce ChatGPT Integration using Apex
OpenAI Data Policies: API Services
OpenAI API provides a range of Models that can be used to do variety of tasks. As per OpenAI Data Policies, ‘any data sent to the OpenAI API will NOT be used to train or improve OpenAI models.‘ But that’s not it. An important key information which most of us miss is Data Retention.
OpenAI Data Retention
Here’s where it gets interesting. Even though OpenAI is serious about keeping your data private, they also need to make sure no one’s using their tools to do harm. This could be anything from creating stuff that’s not allowed to trying to mess with their system.
To keep an eye on this, OpenAI holds onto the data for up to 30 days. Think of it like having security footage. If something goes wrong, they can look back at this “footage” (your data) to figure out what happened and who was involved. After 30 days, if everything’s cool, they erase it like it was never there.
Here’s a list of details on Data Retention for various endpoints:
For a couple of Endpoints we can still apply to have our data erased instantly, also called Zero Data Retention.
Let’s say you are using OpenAI API for Chat Completion, though they won’t use your data but they’ll keep it for 30 days to check if there’s any system abuse or not. But what if you still don’t want them to keep your data? There’s an option where you can request for the Zero Data Retention.
Zero Data Retention for non-API Services
If you require a Zero Data Retention agreement because you are processing PHI(Protected health information) you can request a BAA(Business Associate Agreement) at baa@openai.com, once you have that you’ll at least have a point of contact with whom to broach the subject of a Zero Data Retention agreement.
If you just want a Zero Data Retention because you just want one, that will likely be a steeper hill to climb. For that you’ll need to be a “Trusted” customer and be able to establish that you are dealing with sensitive information and that your application do not violate OpenAI’s usage policy.
So this is everything you need to know about the OpenAI Data Policies. If you have any questions regarding anything I wrote, reach out to me on LinkedIn.
Sources:
https://platform.openai.com/docs/models/how-we-use-your-data
https://community.openai.com/t/zero-data-retention-information/702540
https://openai.com/security
https://openai.com/enterprise-privacy
Leave a Comment