Trustevo / AI safety / ChatGPT

Is ChatGPT safe to use with company data?

Short answer

ChatGPT is safe for company data only on Team or Enterprise plans with model training disabled and a DPA in place — it is risky on free or personal Plus accounts, where prompts may be retained and used to improve models.

Does ChatGPT train on your data?

On personal Free/Plus accounts, conversations can be used to train OpenAI models unless you turn off "Improve the model for everyone." ChatGPT Team and Enterprise do not train on your data by default.

The enterprise option

ChatGPT Enterprise and Team offer SOC 2 compliance, no training on your business data, SAML SSO, and admin controls. This is the minimum bar for regulated data.

Data processing agreement (DPA)

OpenAI offers a Data Processing Addendum for API and Enterprise customers — required under GDPR Art. 28 when staff enter personal data.

The real risks for OpenAI customers

  • Staff routinely paste customer PII, source code, and contracts into personal accounts with no DPA.
  • Free/Plus chats may be retained and used for training unless explicitly opted out.
  • No enterprise audit trail of what sensitive data left the company.

What never to paste into ChatGPT

  • Customer or employee PII
  • Payment card or bank details
  • Health records
  • Source code or secrets
  • Anything covered by an NDA

Protect it automatically

PII Guardrail detects and masks sensitive data on-device before it reaches ChatGPT — then restores it in the response. Or assess your company's whole AI exposure in two minutes.

Get PII Guardrail — freeAssess your AI risk →
Other AI tools
Is Claude safe? →Is Gemini safe? →Is Microsoft Copilot safe? →Is Perplexity safe? →

We use privacy-respecting analytics to understand how visitors use this site. No data is shared with AI providers and you can decline at any time.