# AI Stack GRC Compliance Report — 2 platforms - Generated: 2026-06-14T10:36:28.721Z - Source: AIRIN verified findings (gate-verified, verbatim-cited, SHA-256-anchored) > Automated assessment against a published rubric — not legal advice. ## Stack summary | Platform | Headline risk | Verified findings | Dealbreakers | |---|---|---|---| | Claude (Anthropic) | HIGH | 202 | none detected | | ChatGPT | HIGH | 139 | none detected | --- # GRC Risk Assessment — Claude (Anthropic) - Platform: **Claude (Anthropic)** (anthropic-claude) - Headline risk rating: **HIGH** - Website: https://claude.ai - Generated: 2026-06-14T10:36:28.721Z - Findings (verified, published): **202** > Every assertion is anchored to a verbatim quote with a SHA-256 snapshot hash and a Wayback archive URL for independent verification. Informational only; not legal advice. ## Control crosswalk (NIST AI RMF 1.0 + ISO/IEC 42001) | Surface | Risk | Confidence | NIST AI RMF | ISO/IEC 42001 | |---|---|---|---|---| | training use | high | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | medium | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | medium | low | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | medium | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | medium | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | commercial use | high | low | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | medium | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | ambiguous | low | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | low | low | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | low | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | low | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | data retention | medium | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | medium | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | medium | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | ambiguous | medium | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | low | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | low | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | audit rights dpa residency | medium | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | low | medium | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | ambiguous | low | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | indemnity liability | high | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | governing law disputes | medium | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | moderation enforcement | high | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | high | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | high | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | medium | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | medium | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | medium | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | medium | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | medium | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | low | low | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | low | low | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | tier differences | medium | medium | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | ## Evidence (verbatim, with provenance) ### training use — risk high > We may use your Inputs and Outputs to train our models and improve our Services, unless you opt out through your account settings. Even if you opt-out, we will use Inputs and Outputs for model improvement when: (1) your conversations are flagged for safety review to improve our ability to detect harmful content, enforce our policies, or advance AI safety research, or (2) you've explicitly reported the materials to us (for example via our feedback mechanisms). - Interpretation (disclaimed): The clause grants Anthropic a broad default right to use inputs and outputs for model training, with an opt-out mechanism that is materially limited by two exceptions. The safety-review carve-out in particular is broad and discretionary, meaning a user's opt-out election may be overridden by Anthropic's internal content moderation decisions. - Tier: All - Location: § 2 - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=We%20may%20use%20your,via%20our%20feedback%20mechanisms). ### training use — risk medium > To improve the Services and conduct research (including model training). See our Non-User Privacy Policy for more details on the data used to train our models. Feedback Inputs and Outputs Data provided through the Development Partner Program Consent (when users submit Feedback) Legitimate interests It is in our legitimate interests and in the interest of Anthropic users to evaluate the use of the Services and adoption of new features to inform the development of future features and improve direction and development of the Services. - Interpretation (disclaimed): Using legitimate interests as a legal basis for model training is contested under EU/UK GDPR. Users have an objection right, but the policy does not proactively highlight this for the training purpose. The dual legal basis (consent + LI) creates ambiguity about when each applies. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=To%20improve%20the%20Services,development%20of%20the%20Services. ### training use — risk medium > Utilization of inputs and outputs to train an AI model (e.g., “model scraping” or “model distillation”) without prior authorization from Anthropic - Interpretation (disclaimed): The restriction is framed as a prohibited user behavior under the AUP, not as a bilateral obligation. The document is silent on Anthropic's own training-use rights over user-submitted content, which is a significant gap for risk assessment. Users who wish to fine-tune competing models using Claude outputs are expressly prohibited without authorization. - Tier: All - Location: Usage Policy › “Do Not Abuse our Platform” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=Utilization%20of%20inputs%20and,prior%20authorization%20from%20Anthropic ### training use — risk medium > Data that our users or crowd workers provide, including Inputs and Outputs from our Services (unless users opt out) - Interpretation (disclaimed): This clause establishes that user-submitted inputs and outputs are a listed data source for model training by default, placing the onus on users to affirmatively opt out rather than opting in. - Tier: All - Location: Privacy Policy › “Publicly available information via the Internet” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Data%20that%20our%20users,(unless%20users%20opt%20out) ### training use — risk medium > We may process personal data in an aggregated or de-identified form to analyze the effectiveness of our Services, conduct research, study user behavior, and train our AI models as permitted under applicable laws. For instance: When you submit Feedback, we disassociate Inputs and Outputs from your user ID to use them for training and improving our models. If our systems flag Inputs or Outputs for potentially violating our  Usage Policy , we disassociate the content from your user ID to train our trust and safety internal classification and generative models. However, we may re-identify the Inputs or Outputs to enforce our Usage Policy with the responsible user if necessary. - Interpretation (disclaimed): Under GDPR and similar laws, truly anonymous data falls outside data protection scope, but the explicit re-identification capability suggests the data may not qualify as fully anonymous, raising Art. 4(1) personal data concerns. The training use is based on legitimate interests, which users may object to. - Tier: All - Location: Privacy Policy › “Aggregated or De-Identified Information” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=We%20may%20process%20personal,responsible%20user%20if%20necessary. ### training use — risk unknown > When you access our website or Services, your personal data may be transferred to our servers in the US, or to other countries outside the European Economic Area ( “EEA” ) and the UK. This may be a direct provision of your personal data to us, or a transfer that we or a third party make. Where information is transferred outside the EEA or the UK, we ensure it benefits from an adequate level of data protection by relying on: Adequacy decisions.   These are decisions from the European Commission under Article 45 GDPR (or equivalent decisions under other laws) where they recognise that a country outside of the EEA offers an adequate level of data protection. We transfer your information as described in “Collection of Personal Data” to some countries with adequacy decisions, such as the countries listed  here ; or Standard contractual clauses.   The European Commission has approved contractual clauses under Article 46 GDPR that allows companies in the EEA to transfer data outside the EEA. These (and their approved equivalent for the UK and Switzerland) are called standard contractual clauses. We rely on standard contractual clauses to transfer information as described in “Collection of Personal Data” to certain affiliates and third parties in countries without an adequacy decision. In certain situations, we rely on derogations provided for under applicable data protection law to transfer information to a third country. - Interpretation (disclaimed): This segment permits Anthropic to process personal data in aggregated or de-identified form for research, analytics, and AI model training, and describes specific de-identification procedures for feedback and safety-flagged content, while noting the possibility of re-identification, establishing a qualified permission for de-identified training data use. - Tier: All - Location: § 5 (Data Transfers) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20When%20you%20access,to%20a%20third%20country. ### training use — risk unknown > When you use our Services, you acknowledge and agree: Outputs may not always be accurate and may contain material inaccuracies even if they appear accurate because of their level of detail or specificity. Actions may not be error free or operate as you intended. You should not rely on any Outputs or Actions without independently confirming their accuracy. The Services and any Outputs may not reflect correct, current, or complete information. Outputs may contain content that is inconsistent with Anthropic’s views. Our use of Materials.  We may use Materials to provide, maintain, and improve the Services and to develop other products and services, including training our models, unless you opt out of training through your account settings. Even if you opt out, we will use Materials for model training when: (1) you provide Feedback to us regarding any Materials, or (2) your Materials are flagged for safety review to improve our ability to detect harmful content, enforce our policies, or advance our safety research. - Interpretation (disclaimed): This segment disclaims accuracy of Outputs and Actions, warns users not to rely on them without independent verification, and grants Anthropic permission to use Materials to provide, maintain, and improve Services, which encompasses potential training use of user-submitted content. - Tier: All - Location: § 4 - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=When%20you%20use%20our,advance%20our%20safety%20research. ### training use — risk unknown > Datasets that we obtain through commercial agreements with third party businesses Data that our users or crowd workers provide, including Inputs and Outputs from our Services (unless users opt out) - Interpretation (disclaimed): Discloses that user inputs and outputs are used for model training unless users opt out, and that commercially licensed third-party datasets are also used, establishing both the training use permission and the opt-out right as a restriction on default use. - Tier: All - Location: Privacy Policy › “Publicly available information via the Internet” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Datasets%20that%20we,(unless%20users%20opt%20out) ### training use — risk unknown > Datasets that we obtain through commercial agreements with third party businesses Data that our users or crowd workers provide, including Inputs and Outputs from our Services (unless users opt out) - Interpretation (disclaimed): This segment discloses that training data includes commercially licensed third-party datasets and user/crowd worker Inputs and Outputs, with a conditional exception allowing users to opt out, creating a default obligation to use user data for training unless opt-out is exercised. - Tier: All - Location: Privacy Policy › “Publicly available information via the Internet” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Datasets%20that%20we,(unless%20users%20opt%20out) ### training use — risk unknown > It is in our legitimate interests and in the interest of Anthropic users to evaluate the use of the Services and adoption of new features to inform the development of future features and improve direction and development of the Services. Our research also benefits the AI industry and society: it investigates the safety, inner workings, and societal impact of AI models so that artificial intelligence has a positive impact on society as it becomes increasingly advanced and capable. To improve the Services and conduct research (including model training). See our Non-User Privacy Policy for more details on the data used to train our models. Feedback - Interpretation (disclaimed): Explains Anthropic's legitimate interest justification for processing data to improve services and conduct research that includes model training, referencing the Non-User Privacy Policy and articulating the public-benefit rationale for AI safety research, thereby granting permission to use data for model training purposes. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,train%20our%20models.%20Feedback ### training use — risk unknown > For more information about how we collect and use personal data to develop our language models that power our Services, the steps we take to minimize the privacy impact on individuals through the training process, and your choices with respect to that information, please see our separate Non-User Privacy Policy . - Interpretation (disclaimed): Incorporates by reference the separate Non-User Privacy Policy for detailed information on how personal data is used to develop language models, steps taken to minimize privacy impact, and user choices regarding training data, making that document operative for training-related rights and obligations. - Tier: All - Location: Privacy Policy › “Data that we generate internally” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20For%20more%20information,Non-User%20Privacy%20Policy%20. ### training use — risk unknown > Anthropic obtains personal data from third party sources in order to train our models. Specifically, we train our models using data from the following sources: - Interpretation (disclaimed): States that Anthropic obtains personal data from third-party sources specifically for the purpose of training AI models, establishing the legal basis and scope of this data acquisition obligation. - Tier: All - Location: Privacy Policy › “Personal data we collect or receive to train our models” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Anthropic%20obtains%20personal,from%20the%20following%20sources%3A ### training use — risk unknown > For more information about how we collect and use personal data to develop our language models that power our Services, the steps we take to minimize the privacy impact on individuals through the training process, and your choices with respect to that information, please see our separate Non-User Privacy Policy . - Interpretation (disclaimed): This segment incorporates by reference the Non-User Privacy Policy for further detail on personal data used in language model development, the steps taken to minimize privacy impact, and user choices, making that separate document legally operative for training-related rights and obligations. - Tier: All - Location: Privacy Policy › “Data that we generate internally” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20For%20more%20information,Non-User%20Privacy%20Policy%20. ### training use — risk unknown > Anthropic obtains personal data from third party sources in order to train our models. Specifically, we train our models using data from the following sources: - Interpretation (disclaimed): This segment discloses that Anthropic obtains personal data from third-party sources for model training and introduces the enumeration of those sources, creating a transparency obligation regarding training data provenance. - Tier: All - Location: Privacy Policy › “Personal data we collect or receive to train our models” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Anthropic%20obtains%20personal,from%20the%20following%20sources%3A ### training use — risk unknown > It is in our legitimate interests and in the interest of Anthropic users to evaluate the use of the Services and adoption of new features to inform the development of future features and improve direction and development of the Services. Our research also benefits the AI industry and society: it investigates the safety, inner workings, and societal impact of AI models so that artificial intelligence has a positive impact on society as it becomes increasingly advanced and capable. To improve the Services and conduct research (including model training). See our Non-User Privacy Policy for more details on the data used to train our models. Feedback - Interpretation (disclaimed): Articulates the legitimate interest rationale for service improvement and research excluding model training, then transitions to a separate processing purpose that explicitly includes model training, referencing the Non-User Privacy Policy for further detail, thereby granting permission for AI model training using Inputs and Outputs. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,train%20our%20models.%20Feedback ### training use — risk unknown > We may process personal data in an aggregated or de-identified form to analyze the effectiveness of our Services, conduct research, study user behavior, and train our AI models as permitted under applicable laws. For instance: When you submit Feedback, we disassociate Inputs and Outputs from your user ID to use them for training and improving our models. If our systems flag Inputs or Outputs for potentially violating our  Usage Policy , we disassociate the content from your user ID to train our trust and safety internal classification and generative models. However, we may re-identify the Inputs or Outputs to enforce our Usage Policy with the responsible user if necessary. To improve user experience, we may analyze and aggregate general user behavior and usage data. This information does not identify individual users. - Interpretation (disclaimed): Permits processing of personal data in aggregated or de-identified form for analytics, research, and AI model training, and describes the procedure of disassociating inputs/outputs from user IDs for training and safety purposes, while noting the possibility of re-identification under specific circumstances. - Tier: All - Location: Privacy Policy › “Aggregated or De-Identified Information” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20We%20may%20process,not%20identify%20individual%20users. ### prompt ownership — risk unknown > Generally. You may be allowed to interact with our Services in a variety of formats (we call these “ Inputs ”). Our Services may generate responses (we call these “ Outputs ”), or enable the Services to take actions on your behalf, such as software manipulation, data processing, and system interactions (we call these "Actions" ), based on your Inputs. Inputs and Outputs collectively are “ Materials .” Rights and Responsibilities.  You are responsible for all Inputs you submit to our Services and all Actions. By submitting Inputs to our Services, you represent and warrant that you have all rights, licenses, and permissions that are necessary for us to process the Inputs under our Terms and to provide the Services to you, including for example, to integrate with third-party services, to share Materials with others at your direction, and to take Actions. You also represent and warrant that your submitting Inputs to us or directing Claude to take Actions will not violate our Terms, our  Acceptable Use Policy , or any laws or regulations applicable to those Inputs or Actions. As between you and Anthropic, and to the extent permitted by applicable law, you retain any right, title, and interest that you have in the Inputs you submit. Subject to your compliance with our Terms, we assign to you all of our right, title, and interest—if any—in Outputs. Reliance on Outputs and Actions.  Artificial intelligence and large language models are frontier technologies that are still improving in accuracy, reliability and safety. - Interpretation (disclaimed): This segment defines key terms—Inputs, Outputs, Actions, and Materials—and establishes that users are responsible for all Inputs and Actions and represent they have all rights necessary to submit Inputs, creating foundational definitions and ownership-related representations that govern user content rights. - Tier: All - Location: § 4 - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20Generally.%20You%20may,reliability%20and%20safety.%20 ### prompt ownership — risk unknown > The Services are owned, operated, and provided by us and our affiliates, licensors, distributors, and service providers (collectively “ Providers ”). We and our Providers retain all of our respective rights, title, and interest, including intellectual property rights, in and to the Services. Other than the rights of access and use expressly granted in our Terms, our Terms do not grant you any right, title, or interest in or to our Services. - Interpretation (disclaimed): This segment establishes that Anthropic and its Providers retain all intellectual property rights in and to the Services, and restricts users from claiming any right, title, or interest beyond the express access rights granted, limiting user ownership claims over the Services. - Tier: All - Location: § 10 (Ownership of the Services) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20The%20Services%20are,or%20to%20our%20Services. ### output ownership — risk unknown > We appreciate feedback, including ideas and suggestions for improvement or rating an Output in response to an Input (“ Feedback ”). If you rate an Output in response to an Input—for example, by using the thumbs up/thumbs down icon—we will store the related conversation as part of your Feedback. You have no obligation to give us Feedback, but if you do, you agree that we may use the Feedback however we choose without any obligation or other payment to you. - Interpretation (disclaimed): This segment defines Feedback, establishes that Anthropic will store rated conversations as Feedback, and grants Anthropic an unrestricted, royalty-free permission to use Feedback however it chooses with no obligation or payment to the user, effectively conveying broad rights over user-provided feedback content. - Tier: All - Location: § 5 (Feedback) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20We%20appreciate%20feedback%2C,other%20payment%20to%20you. ### commercial use — risk high > Human-in-the-loop: When using our products or services to provide advice, recommendations, or in subjective decision-making directly affecting individuals or consumers , a qualified professional in that field must review the content or decision prior to dissemination or finalization. You or your organization are responsible for the accuracy and appropriateness of that information. - Interpretation (disclaimed): This clause contractually assigns responsibility for output accuracy to the operator ('You or your organization are responsible'), which could be used against the operator in negligence or product liability claims by affected individuals. The human-in-the-loop requirement also increases operational overhead and may make certain automated workflows non-compliant. - Tier: All - Location: Usage Policy › “High-Risk Use Case Requirements” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=Human-in-the-loop%3A%20When%20using%20our,appropriateness%20of%20that%20information. ### commercial use — risk medium > Disclosure: If model outputs are presented directly to individuals or consumers , you must disclose to them that you are using AI to help produce your advice, decisions, or recommendations. This disclosure must be provided at a minimum at the beginning of each session. - Interpretation (disclaimed): This contractual disclosure requirement mirrors and reinforces emerging regulatory obligations. Non-compliance risks breach of contract with Anthropic and potential regulatory liability under consumer protection or AI-specific disclosure laws. Operators must implement session-level disclosure mechanisms. - Tier: All - Location: Usage Policy › “High-Risk Use Case Requirements” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=Disclosure%3A%20If%20model%20outputs,beginning%20of%20each%20session. ### commercial use — risk ambiguous > Anthropic may enter into contracts with certain governmental customers that tailor use restrictions to that customer’s public mission and legal authorities if, in Anthropic’s judgment, the contractual use restrictions and applicable safeguards are adequate to mitigate the potential harms addressed by this Usage Policy. - Interpretation (disclaimed): This clause gives Anthropic unilateral discretion ('in Anthropic's judgment') to waive or modify AUP restrictions for government customers via contract. Non-governmental commercial users have no equivalent mechanism disclosed here, creating a two-tiered enforcement regime with potential fairness and competitive concerns. - Tier: Enterprise - Location: Usage Policy › “Usage Policy \ Anthropic” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=Anthropic%20may%20enter%20into,by%20this%20Usage%20Policy. ### privacy data use — risk medium > Inputs and Outputs:  You are able to interact with our Services in a variety of formats, including but not limited to chat, coding, and agentic sessions ( “Prompts”  or  "Inputs" ), which generate responses and actions ( “Outputs” ) based on your Inputs. This includes third-party applications you choose to integrate with our Services. If you include personal data or reference external content in your Inputs, we will collect that information and this information may be reproduced in your Outputs. - Interpretation (disclaimed): The clause confirms that any personal data embedded in user inputs is collected by Anthropic and may reappear in outputs, raising risks of inadvertent disclosure of third-party personal data and complicating deletion or access requests. - Tier: All - Location: Privacy Policy › “Personal data you provide to us directly” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Inputs%20and%20Outputs%3A%20You,reproduced%20in%20your%20Outputs. ### privacy data use — risk medium > Feedback on your use of our Services:  We appreciate feedback, including ideas and suggestions for improvement or rating an Output in response to an Input (" Feedback "). If you rate an Output in response to an Input—for example, by using the thumbs up/thumbs down icon—we will store the entire related conversation as part of your Feedback. - Interpretation (disclaimed): The clause broadens the data collection consequence of a minimal user action (rating), resulting in full conversation retention. This expands the data footprint beyond what users would typically expect from a feedback mechanism. - Tier: All - Location: Privacy Policy › “Personal data you provide to us directly” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Feedback%20on%20your%20use,part%20of%20your%20Feedback. ### privacy data use — risk medium > Cookies & Similar Technologies.  We and our service providers use cookies, scripts, or similar technologies (“ Cookies ”) to manage the Services and to collect information about you and your use of the Services. These technologies help us to recognize you, customize or personalize your experience, market additional products or services to you, and analyze the use of our Services to make them safer and more useful to you. - Interpretation (disclaimed): The clause confirms use of cookies and similar technologies for behavioral targeting and marketing by Anthropic and its service providers, extending data collection beyond core service delivery. - Tier: All - Location: Privacy Policy › “Personal data we receive automatically from your use of the Services” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Cookies%20%26%20Similar%20Technologies.,more%20useful%20to%20you. ### privacy data use — risk medium > To improve the Services and conduct research, including training our models; and - Interpretation (disclaimed): This purpose statement in the lawful-use section anchors Anthropic's legal basis for using personal data in model training and research, reinforcing the training_use clauses. - Tier: All - Location: § 2 - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=To%20improve%20the%20Services,training%20our%20models%3B%20and ### privacy data use — risk medium > We will only collect, use and disclose your personal data with your consent, unless otherwise permitted or required by law. Your consent may be given expressly or implied, depending on the circumstances and the sensitivity of the information involved. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. - Interpretation (disclaimed): Allowing implied consent lowers the bar for obtaining user agreement to data processing. The caveat that withdrawal is subject to 'contractual restrictions' means ongoing contractual obligations may override a user's desire to stop data use. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Canada” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=We%20will%20only%20collect%2C,restrictions%20and%20reasonable%20notice. ### privacy data use — risk medium > in certain cases we may continue to process and retain data regardless of your request for deletion, objection, blocking or anonymisation, in order to comply with legal, contractual and regulatory obligations, safeguard and exercise rights, including in judicial, administrative and arbitration proceedings and in other cases provided for by law. - Interpretation (disclaimed): This override provision means user rights (deletion, objection, blocking) are not absolute; Anthropic retains broad discretion to continue processing. While legally standard, the breadth of exceptions ('other cases provided for by law') reduces practical enforceability of user rights. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Brazil” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=in%20certain%20cases%20we,provided%20for%20by%20law. ### privacy data use — risk low > Violate privacy rights as defined by applicable privacy laws, such as sharing personal information without consent or accessing private data unlawfully Misuse, collect, solicit, or gain access without permission to private information such as non-public contact details, health data, biometric or neural data (including facial recognition), or confidential or proprietary data - Interpretation (disclaimed): The clause imposes obligations on users not to misuse personal data through the platform but is silent on how Anthropic collects, stores, or shares user data. For a complete privacy risk assessment, a separate privacy policy would need to be reviewed. - Tier: All - Location: Usage Policy › “Do Not Compromise Privacy or Identity Rights” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=Violate%20privacy%20rights%20as,confidential%20or%20proprietary%20data ### privacy data use — risk low > Automated decision-making : Anthropic does not engage in decision making based solely on automated processing or profiling in a manner which produces a legal effect (i.e., impacts your legal rights) or significantly affects you in a similar way (e.g., significantly affects your financial circumstances or ability to access essential goods or services). - Interpretation (disclaimed): The carve-out mirrors GDPR Art. 22 language (legal/similarly significant effects) but does not exclude all automated profiling. Automated moderation flagging of Inputs/Outputs is referenced elsewhere in the document and is not covered by this statement. - Tier: All - Location: § 4 (Rights and Choices) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Automated%20decision-making%20%3A%20Anthropic,essential%20goods%20or%20services). ### privacy data use — risk low > Sale & targeted Anthropic marketing of its products and services . Anthropic does not “sell” your personal data as that term is defined by applicable laws and regulations. You can opt-out of sharing your personal data for targeted advertising to promote our products and services, and we will honor global privacy controls. - Interpretation (disclaimed): Under CCPA/CPRA, 'sharing' for cross-context behavioral advertising is distinct from 'selling' and triggers separate opt-out rights. Anthropic's denial of 'selling' does not preclude 'sharing' as defined under California law, which may still apply. - Tier: All - Location: § 4 (Rights and Choices) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Sale%20%26%20targeted%20Anthropic,honor%20global%20privacy%20controls. ### privacy data use — risk unknown > We use your personal data for the following purposes: To provide, maintain and facilitate any products and services offered to you with respect to your Anthropic account, which are governed by our Terms of Service; To provide, maintain and facilitate optional services and features that enhance platform functionality and user experience; To communicate with you, including to send you information about our Services and events; To create and administer your Anthropic account; To facilitate payments for products and services provided by Anthropic; To prevent and investigate fraud, abuse, and violations of our  Usage Policy , unlawful or criminal activity, unauthorized access to or use of personal data or Anthropic systems and networks, to protect our rights and the rights of others, and to meet legal, governmental and institutional policy obligations; To investigate and resolve disputes; To investigate and resolve security issues; To debug and to identify and repair errors that impair existing functionality To improve the Services and conduct research, including training our models; and To enforce our  Terms of Service  and similar terms and agreements, including our  Usage Policy . We may use your Inputs and Outputs to train our models and improve our Services, unless you opt out through your account settings. Even if you opt-out, we will use Inputs and Outputs for model improvement when: (1) your conversations are flagged for safety review to improve our ability to detect harmful content, enforce our policies, or advance AI safety research, or (2) you've explicitly reported the materials to us (for example via our feedback mechanisms). Please see Section 10 below for details of our legal bases for processing your personal data. - Interpretation (disclaimed): Continues the enumeration of permitted uses of personal data including service improvement, legal compliance, and safety purposes, further defining the lawful bases for Anthropic's data processing activities. - Tier: All - Location: § 2 - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20We%20use%20your,processing%20your%20personal%20data. ### privacy data use — risk unknown > We implement appropriate technical and organizational security measures designed to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. - Interpretation (disclaimed): This segment establishes Anthropic's procedure for updating the Privacy Policy, including obligation to notify users of material changes, update the effective date, and maintain a changelog in the Privacy Center, creating procedural obligations for policy amendment transparency. - Tier: All - Location: Privacy Policy › “Security Controls Relating to our Processing of Personal Data” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20We%20implement%20appropriate,disclosure%2C%20alteration%2C%20or%20destruction. ### privacy data use — risk unknown > Consent (for example for precise device location or for health app integrations) - Interpretation (disclaimed): This segment defines Consent as a legal basis for processing personal data for optional services, providing examples such as precise device location and health app integrations that clarify the scope of consent-based processing. - Tier: All - Location: Privacy Policy › “Technical Information” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Consent%20(for%20example,for%20health%20app%20integrations) ### privacy data use — risk unknown > It is in our legitimate interests to promote our Services and to send direct marketing. To create and administer your Anthropic account Identity and Contact Data - Interpretation (disclaimed): This segment identifies the purpose of creating and administering user accounts, specifying Identity and Contact Data as a processed category and establishing Contract as the legal basis, creating an obligation to process data for account management. - Tier: All - Location: Privacy Policy › “Legitimate Interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > Entrusted Data Name, ID, phone number, email, address, and other information that you may provide to the domestic representative - Interpretation (disclaimed): Defines the categories of personal data (name, ID, phone number, email, address, and other provided information) that are entrusted to the domestic representative, establishing the scope of data subject to the transfer obligation. - Tier: All - Location: Privacy Policy › “Trustees and Contacts Bae, Kim & Lee LLC (02-3404-0001)” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Entrusted%20Data%20Name%2C,the%20domestic%20representative%20 ### privacy data use — risk unknown > This includes using our products or services to: Violate privacy rights as defined by applicable privacy laws, such as sharing personal information without consent or accessing private data unlawfully Misuse, collect, solicit, or gain access without permission to private information such as non-public contact details, health data, biometric or neural data (including facial recognition), or confidential or proprietary data Impersonate a human by presenting results as human-generated, or using results in a manner intended to convince a natural person that they are communicating with a natural person when they are not - Interpretation (disclaimed): This segment specifies prohibited privacy-related activities including violating privacy laws, misusing private information such as health data or biometric data, and impersonating a human to deceive natural persons about the nature of AI-generated communications. - Tier: All - Location: Usage Policy › “Do Not Compromise Privacy or Identity Rights” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,when%20they%20are%20not ### privacy data use — risk unknown > This includes using our products or services to: Violate privacy rights as defined by applicable privacy laws, such as sharing personal information without consent or accessing private data unlawfully Misuse, collect, solicit, or gain access without permission to private information such as non-public contact details, health data, biometric or neural data (including facial recognition), or confidential or proprietary data Impersonate a human by presenting results as human-generated, or using results in a manner intended to convince a natural person that they are communicating with a natural person when they are not - Interpretation (disclaimed): This segment enumerates specific prohibited privacy-related activities, including violating applicable privacy laws, misusing or collecting private information (health, biometric, neural data) without permission, and impersonating humans by presenting AI-generated results as human-generated, establishing specific data-use and identity restrictions. - Tier: All - Location: Usage Policy › “Do Not Compromise Privacy or Identity Rights” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,when%20they%20are%20not ### privacy data use — risk unknown > Please read our Privacy Policy , which describes how we collect and use personal information. - Interpretation (disclaimed): This segment incorporates the Privacy Policy by reference, directing users to a separate document that governs how personal information is collected and used, creating a legally binding cross-reference to data handling obligations. - Tier: All - Location: Terms of Service › “Consumer Terms of Service \ Anthropic” - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20Please%20read%20our,and%20use%20personal%20information. ### privacy data use — risk unknown > Anthropic is an AI safety and research company working to build reliable, interpretable, and steerable AI systems. This Privacy Policy explains how we collect, use, disclose, and process your personal data when you use our website and other places where Anthropic acts as a  data controller —for example, when you interact with Claude.ai or other products as a consumer for personal use (" Services ") or when Anthropic operates and provides our commercial customers and their end users with access to our commercial products, such as the Claude Team plan (“ Commercial Services ”). This Privacy Policy does not apply where Anthropic acts as a  data processor  and processes personal data on behalf of commercial customers using Anthropic’s Commercial Services – for example, your employer has provisioned you a Claude for Work account, or you're using an app that is powered on the back-end with Claude. In those cases, the commercial customer is the controller, and you can review their policies for more information about how they handle your personal data. Please see our Non-User Privacy Policy for information on how our large language models are ‘trained’ and how personal data obtained from third party sources, including where others may submit personal data when using our services, may be used when developing or delivering our products and services. This Privacy Policy also describes your privacy rights. More information about your rights, and how to exercise them, is set out in Section 4 (“Rights and Choices”). - Interpretation (disclaimed): This segment defines the scope of the Privacy Policy, identifying Anthropic as data controller and defining the categories of covered services (consumer Services and Commercial Services), establishing foundational definitions that govern all subsequent data processing obligations. - Tier: All - Location: Privacy Policy › “Privacy Policy \ Anthropic” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Anthropic%20is%20an,(%E2%80%9CRights%20and%20Choices%E2%80%9D).%20 ### privacy data use — risk unknown > Identity and Contact Data:  Anthropic collects identifiers, including your name, email address, and phone number when you sign up for an Anthropic account, or to receive information on our Services. We may also collect or generate indirect identifiers (e.g., “USER12345”). Payment Information:  We shall collect your payment information if you choose to purchase access to Anthropic’s products and services. Inputs and Outputs:  You are able to interact with our Services in a variety of formats, including but not limited to chat, coding, and agentic sessions ( “Prompts”  or  "Inputs" ), which generate responses and actions ( “Outputs” ) based on your Inputs. This includes third-party applications you choose to integrate with our Services. If you include personal data or reference external content in your Inputs, we will collect that information and this information may be reproduced in your Outputs. Feedback on your use of our Services:  We appreciate feedback, including ideas and suggestions for improvement or rating an Output in response to an Input (" Feedback "). If you rate an Output in response to an Input—for example, by using the thumbs up/thumbs down icon—we will store the entire related conversation as part of your Feedback. You can learn more about how we use Feedback here . Communication Information:  If you communicate with us, including via our chatbot on our Help site, we collect your name, contact information, and the contents of any messages you send. - Interpretation (disclaimed): This segment defines specific categories of personal data collected directly from users, including identity/contact data, payment information, and Inputs/Outputs (Prompts), establishing the legal definition of 'Prompts' and 'Inputs' as terms used throughout the policy and governing what data Anthropic collects and may process. - Tier: All - Location: Privacy Policy › “Personal data you provide to us directly” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Identity%20and%20Contact,any%20messages%20you%20send. ### privacy data use — risk unknown > When you use the Services, we also receive certain technical data automatically (described below, collectively “ Technical Information ”). This includes: Device and Connection Information.  Consistent with your device or browser permissions, your device or browser automatically sends us information about when and how you install, access, or use our Services. This includes information such as your device type, operating system information, browser information and web page referers, mobile network, connection information, mobile operator or internet service provider (ISP), time zone setting, IP address (including information about the location of the device derived from your IP address), identifiers (including device or advertising identifiers, probabilistic identifiers, and other unique personal or online identifiers), and device location. Usage Information.  We collect information about your use of the Services, such as the dates and times of access, browsing history, search, information about the links you click, pages you view, and other information about how you use the Services, and technology on the devices you use to access the Services. Log and Troubleshooting Information.  We collect information about how our Services are performing when you use them. This information includes log files. If you or your device experiences an error, we may collect information about the error, the time the error occurred, the feature being used, the state of the application when the error occurred, and any communications or content provided at the time the error occurred. - Interpretation (disclaimed): This segment defines 'Technical Information' and enumerates the categories of device and connection data automatically collected from users, establishing the legal scope of automatically collected personal data subject to processing obligations. - Tier: All - Location: Privacy Policy › “Personal data we receive automatically from your use of the Services” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20When%20you%20use,the%20error%20occurred.%20 ### privacy data use — risk unknown > We collect the following categories of personal data: - Interpretation (disclaimed): This segment introduces the enumeration of personal data categories collected by Anthropic, framing the definitional scope of what constitutes collected personal data under the policy. - Tier: All - Location: § 1 (Collection of Personal Data) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20We%20collect%20the,categories%20of%20personal%20data%3A ### privacy data use — risk unknown > To facilitate payments for products and services provided by Anthropic Identity and Contact Data - Interpretation (disclaimed): This segment specifies that Identity and Contact Data is processed under the contract legal basis for the purpose of facilitating payments, establishing an obligation to process this data category in connection with payment transactions for Anthropic products and services. - Tier: All - Location: Privacy Policy › “Contract” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20To%20facilitate%20payments,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > Depending on where you live and the laws that apply in your country of residence, you may enjoy certain rights regarding your personal data, as described further below. However, please be aware that these rights are limited, and that the process by which we may need to action your requests regarding our training dataset are complex. We may also decline a request if we have a lawful reason for doing so. That said, we strive to prioritize the protection of personal data, and comply with all applicable privacy laws. To exercise your rights, you or an authorized agent may submit a request by emailing us at  privacy@anthropic.com . After we receive your request, we may verify it by requesting information sufficient to confirm your identity. You may also have the right to appeal requests that we deny by emailing  privacy@anthropic.com . Anthropic will not discriminate based on the exercising of privacy rights you may have. Set out below is a summary of the rights which you may enjoy, depending on the laws that apply in your country of residence. Right to know:  the right to know what personal data Anthropic processes about you, including the categories of personal data, the categories of sources from which it is collected, the business or commercial purposes for collection, and the categories of third parties to whom we disclose it. Access & data portability: the right to request a copy of the personal data Anthropic processes about you, subject to certain exceptions and conditions. - Interpretation (disclaimed): Establishes that users have legally recognized rights regarding their personal data subject to applicable law, while noting limitations on those rights particularly with respect to training datasets, and provides a procedure for submitting rights requests via email. - Tier: All - Location: § 4 (Rights and Choices) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Depending%20on%20where,exceptions%20and%20conditions.%20 ### privacy data use — risk unknown > When you use the Services, we also receive certain technical data automatically (described below, collectively “ Technical Information ”). This includes: Device and Connection Information.  Consistent with your device or browser permissions, your device or browser automatically sends us information about when and how you install, access, or use our Services. This includes information such as your device type, operating system information, browser information and web page referers, mobile network, connection information, mobile operator or internet service provider (ISP), time zone setting, IP address (including information about the location of the device derived from your IP address), identifiers (including device or advertising identifiers, probabilistic identifiers, and other unique personal or online identifiers), and device location. Usage Information.  We collect information about your use of the Services, such as the dates and times of access, browsing history, search, information about the links you click, pages you view, and other information about how you use the Services, and technology on the devices you use to access the Services. Log and Troubleshooting Information.  We collect information about how our Services are performing when you use them. This information includes log files. If you or your device experiences an error, we may collect information about the error, the time the error occurred, the feature being used, the state of the application when the error occurred, and any communications or content provided at the time the error occurred. - Interpretation (disclaimed): Describes automatic collection of device and connection information from users, constituting an obligation to disclose and a procedural description of data collection practices for device, browser, IP, and usage data. - Tier: All - Location: Privacy Policy › “Personal data we receive automatically from your use of the Services” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20When%20you%20use,the%20error%20occurred.%20 ### privacy data use — risk unknown > If you live in the European Economic Area (EEA), UK or Switzerland (the “European Region”), the data controller responsible for your personal data is Anthropic Ireland, Limited. If you live outside the European Region, the data controller responsible for your personal data is Anthropic PBC. If you have any questions about this Privacy Policy, or have any questions, complaints or requests regarding your personal data, you can contact us as described below: Anthropic PBC with a registered address at 548 Market St, PMB 90375, San Francisco, CA 94104 (United States). Anthropic Ireland, Limited with a registered address at 6th Floor, South Bank House, Barrow Street. Dublin 4, D04 TR29 (Ireland). You can email us at  privacy@anthropic.com  and contact our Data Protection Officer at  dpo@anthropic.com . Please note that under many countries' laws, you have the right to lodge a complaint with the supervisory authority in the place in which you live or work. A full list of EU supervisory authorities’ contact details is available  here . If you live or work in the UK, you have the right to lodge a complaint with the  UK Information Commissioner’s Office . If you live in Brazil, you have the right to lodge a complaint with the  Brazilian Data Protection Authority (ANPD) .If you live in Australia, you have the right to lodge a complaint with the Office of the Australian Information Commissioner . - Interpretation (disclaimed): This segment defines the data controllers responsible for personal data depending on the user's geographic region, establishing the legal entities with obligations under applicable privacy law and providing contact information for privacy-related inquiries. - Tier: All - Location: § 9 (Contact Information) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20If%20you%20live,Australian%20Information%20Commissioner%20. ### privacy data use — risk unknown > To facilitate payments for products and services provided by Anthropic Identity and Contact Data - Interpretation (disclaimed): This segment identifies payment facilitation as a processing purpose, specifying Identity and Contact Data as a processed category and establishing Contract as the legal basis, creating an obligation to process such data for payment transactions. - Tier: All - Location: Privacy Policy › “Contract” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20To%20facilitate%20payments,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > It is in our legitimate interests to maintain continuous functioning of our services and rapid correction of problems to ensure a positive user experience that encourages engagement. To improve the Services and conduct research (excluding model training) Identity and Contact Data - Interpretation (disclaimed): Grants Anthropic permission to process Identity, Contact, Technical, and Feedback data to improve services and conduct research (excluding model training), justified by legitimate interests in service evaluation and AI safety research benefiting users and society. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > To provide, maintain and facilitate any products and services offered to you with respect to your Anthropic account, which are governed by our Terms of Service Identity and Contact Data - Interpretation (disclaimed): This segment identifies the purpose of processing personal data (providing and maintaining services governed by Terms of Service) and the associated data categories, establishing the legal basis for processing as contract performance. - Tier: All - Location: Privacy Policy › “Purpose Type of Data Legal Basis” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20To%20provide%2C%20maintain,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > Anthropic will disclose personal data to the following categories of third parties for the purposes explained in this Policy: Affiliates & corporate partners.  Anthropic discloses the categories of personal data described above between and among its affiliates and related entities. Service providers & business partners.  Anthropic may disclose the categories of personal data described above with service providers and business partners for a variety of business purposes, including website and data hosting, ensuring compliance with industry standards, research, auditing, data processing, and providing you with the services. Anthropic may also disclose personal data in the following circumstances: As part of a significant corporate event.  If Anthropic is involved in a merger, corporate transaction, bankruptcy, or other situation involving the transfer of business assets, Anthropic will disclose your personal data as part of these corporate transactions. Third-Party Websites and Services:  Our Services may involve integrations with, or may direct you to, websites, apps, and services managed by third parties. By interacting with these third parties, you are providing information directly to the third party and not Anthropic and subject to the third party’s privacy policy.If you access third-party services, such as social media sites or other sites linked through the Services (e.g., if you follow a link to our Twitter account), these third-party services will be able to collect personal data about you, including information about your activity on the Services. - Interpretation (disclaimed): This segment introduces the section on individual rights and choices regarding personal data, acknowledging that rights are limited and subject to applicable law, and describing the process for submitting data subject requests, establishing the procedural framework for exercising data subject rights. - Tier: All - Location: § 3 (How We Disclose Personal Data) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Anthropic%20will%20disclose,on%20the%20Services.%20 ### privacy data use — risk unknown > We implement appropriate technical and organizational security measures designed to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. - Interpretation (disclaimed): Establishes Anthropic's obligation to implement appropriate technical and organizational security measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. - Tier: All - Location: Privacy Policy › “Security Controls Relating to our Processing of Personal Data” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20We%20implement%20appropriate,disclosure%2C%20alteration%2C%20or%20destruction. ### privacy data use — risk unknown > It is in our legitimate interests to fully understand and make reasonable efforts to resolve customer complaints in order to improve user satisfaction. We also have a legal obligation in some cases. - Interpretation (disclaimed): This segment articulates the legitimate interest rationale for processing personal data to investigate and resolve customer complaints, as well as the legal obligation basis in certain cases, justifying the dual legal bases for dispute-related processing. - Tier: All - Location: Privacy Policy › “Legal obligation” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,in%20some%20cases.%20 ### privacy data use — risk unknown > It is in our and our users' legitimate interests to expand our product features and deliver additional services that enhance platform functionality and user experience. To communicate with you and to promote our Services Identity and Contact Data - Interpretation (disclaimed): This segment articulates the legitimate interest rationale for processing personal data to expand product features and deliver additional services, justifying the lawful basis and establishing the processing purpose for optional features. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > It is in our legitimate interests to promote our Services and to send direct marketing. To create and administer your Anthropic account Identity and Contact Data - Interpretation (disclaimed): This segment identifies Identity and Contact Data as processed under the contract legal basis for creating and administering user accounts, establishing an obligation to process this data category in connection with account management under the Terms of Service. - Tier: All - Location: Privacy Policy › “Legitimate Interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > It is in our legitimate interests to maintain continuous functioning of our services and rapid correction of problems to ensure a positive user experience that encourages engagement. To improve the Services and conduct research (excluding model training) Identity and Contact Data - Interpretation (disclaimed): Permits Anthropic to process Identity, Contact, and Technical data to improve Services and conduct research (excluding model training), grounded in legitimate interests, and identifies the categories of data used for this purpose. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > To provide, maintain and facilitate optional services and features that enhance platform functionality and user experience Identity and Contact Data - Interpretation (disclaimed): This segment identifies the purpose of processing personal data for optional services and features, specifying Identity and Contact Data as a processed category and establishing the applicable legal bases including consent and legitimate interests. - Tier: All - Location: Privacy Policy › “Contract” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20To%20provide%2C%20maintain,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > Anthropic is an AI safety and research company working to build reliable, interpretable, and steerable AI systems. This Privacy Policy explains how we collect, use, disclose, and process your personal data when you use our website and other places where Anthropic acts as a  data controller —for example, when you interact with Claude.ai or other products as a consumer for personal use (" Services ") or when Anthropic operates and provides our commercial customers and their end users with access to our commercial products, such as the Claude Team plan (“ Commercial Services ”). This Privacy Policy does not apply where Anthropic acts as a  data processor  and processes personal data on behalf of commercial customers using Anthropic’s Commercial Services – for example, your employer has provisioned you a Claude for Work account, or you're using an app that is powered on the back-end with Claude. In those cases, the commercial customer is the controller, and you can review their policies for more information about how they handle your personal data. Please see our Non-User Privacy Policy for information on how our large language models are ‘trained’ and how personal data obtained from third party sources, including where others may submit personal data when using our services, may be used when developing or delivering our products and services. This Privacy Policy also describes your privacy rights. More information about your rights, and how to exercise them, is set out in Section 4 (“Rights and Choices”). - Interpretation (disclaimed): Defines the scope and purpose of the Privacy Policy, identifying Anthropic as data controller and defining the categories of covered services (Services and Commercial Services), establishing foundational definitional terms that govern subsequent obligations and rights throughout the document. - Tier: All - Location: Privacy Policy › “Privacy Policy \ Anthropic” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Anthropic%20is%20an,(%E2%80%9CRights%20and%20Choices%E2%80%9D).%20 ### privacy data use — risk unknown > Identity and Contact Data:  Anthropic collects identifiers, including your name, email address, and phone number when you sign up for an Anthropic account, or to receive information on our Services. We may also collect or generate indirect identifiers (e.g., “USER12345”). Payment Information:  We shall collect your payment information if you choose to purchase access to Anthropic’s products and services. Inputs and Outputs:  You are able to interact with our Services in a variety of formats, including but not limited to chat, coding, and agentic sessions ( “Prompts”  or  "Inputs" ), which generate responses and actions ( “Outputs” ) based on your Inputs. This includes third-party applications you choose to integrate with our Services. If you include personal data or reference external content in your Inputs, we will collect that information and this information may be reproduced in your Outputs. Feedback on your use of our Services:  We appreciate feedback, including ideas and suggestions for improvement or rating an Output in response to an Input (" Feedback "). If you rate an Output in response to an Input—for example, by using the thumbs up/thumbs down icon—we will store the entire related conversation as part of your Feedback. You can learn more about how we use Feedback here . Communication Information:  If you communicate with us, including via our chatbot on our Help site, we collect your name, contact information, and the contents of any messages you send. - Interpretation (disclaimed): Describes Anthropic's data collection obligation and practice regarding identity, contact, payment information, and user prompts/inputs/outputs, defining the categories of personal data collected and establishing the legal basis for processing such data. - Tier: All - Location: Privacy Policy › “Personal data you provide to us directly” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Identity%20and%20Contact,any%20messages%20you%20send. ### privacy data use — risk unknown > To provide, maintain and facilitate any products and services offered to you with respect to your Anthropic account, which are governed by our Terms of Service Identity and Contact Data - Interpretation (disclaimed): This segment specifies the purpose of processing Identity and Contact Data — to provide, maintain and facilitate products and services governed by the Terms of Service — establishing a legal basis (contract) and an obligation to process such data in connection with service delivery. - Tier: All - Location: Privacy Policy › “Purpose Type of Data Legal Basis” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20To%20provide%2C%20maintain,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > Where necessary to perform a contract with you, such as processing your contact information to send you a technical announcement about the Services. Your consent when we ask for it to process your personal data for a specific purpose that we communicate to you, such as processing your contact information to send you certain forms of marketing communications. - Interpretation (disclaimed): This segment specifies two legal bases—contract performance and consent—for processing personal data for communication and marketing purposes, establishing conditions under which such processing is lawful. - Tier: All - Location: Privacy Policy › “Technical Information” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Where%20necessary%20to,forms%20of%20marketing%20communications. ### privacy data use — risk unknown > We may process personal data in an aggregated or de-identified form to analyze the effectiveness of our Services, conduct research, study user behavior, and train our AI models as permitted under applicable laws. For instance: When you submit Feedback, we disassociate Inputs and Outputs from your user ID to use them for training and improving our models. If our systems flag Inputs or Outputs for potentially violating our  Usage Policy , we disassociate the content from your user ID to train our trust and safety internal classification and generative models. However, we may re-identify the Inputs or Outputs to enforce our Usage Policy with the responsible user if necessary. To improve user experience, we may analyze and aggregate general user behavior and usage data. This information does not identify individual users. - Interpretation (disclaimed): This segment restricts Anthropic's Services from being directed at children under 18, prohibits knowing collection of their data, and establishes a remedy procedure for reporting and deleting children's data, creating legally operative restrictions and procedural obligations under child privacy law. - Tier: All - Location: Privacy Policy › “Aggregated or De-Identified Information” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20We%20may%20process,not%20identify%20individual%20users. ### privacy data use — risk unknown > Our Services are not directed towards, and we do not knowingly collect, use, disclose, sell, or share any information from children under the age of 18. If you become aware that a child under the age of 18 has provided any personal data to us while using our Services, please email us at  privacy@anthropic.com  and we will investigate the matter and, if appropriate, delete the personal data. - Interpretation (disclaimed): Restricts Anthropic's Services from being directed at children under 18 and prohibits knowing collection, use, or disclosure of their personal data, while establishing a procedure for reporting and deleting children's data if inadvertently collected. - Tier: All - Location: § 7 (Children) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Our%20Services%20are,delete%20the%20personal%20data. ### privacy data use — risk unknown > It is in our legitimate interests to protect user data and our systems from intrusion or compromise through monitoring and swift response. We also have a legal obligation to provide adequate security safeguards. To debug and to identify and repair errors that impair existing functionality Identity and Contact Data - Interpretation (disclaimed): States that Anthropic has a legal obligation to provide adequate security safeguards and a legitimate interest in protecting user data and systems through monitoring; also introduces a new processing purpose (debugging and error repair) with associated data categories, establishing both an obligation and permission to process data for those purposes. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > These supplemental disclosures contain additional information relevant to residents of Canada. This content should be read in conjunction with the rest of our Privacy Policy. In case of conflict between our Privacy Policy and these supplemental disclosures, the supplemental disclosures shall prevail in relation to residents of Canada. Consent. By expressly consenting to this Privacy Policy, you confirm you have read, understand, and consent to the collection, use, processing, and disclosure of your personal data in accordance with this Privacy Policy and understand that, in jurisdictions where it is available, Anthropic also relies on other lawful bases for the foregoing as more fully set out in this policy. We will only collect, use and disclose your personal data with your consent, unless otherwise permitted or required by law. Your consent may be given expressly or implied, depending on the circumstances and the sensitivity of the information involved. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Cross-jurisdictional Transfers. By providing us with personal data, you acknowledge and agree that your personal data may be transferred or disclosed to other jurisdictions for processing and storage outside of Canada, including to the United States and the countries listed on our  Subprocessor List , where laws regarding the protection of personal data may be less stringent than the laws in your jurisdiction. - Interpretation (disclaimed): Requires Canadian residents to read supplemental disclosures in conjunction with the main Privacy Policy, establishes that supplemental disclosures prevail in case of conflict, and records express consent to the collection, use, processing, and disclosure of personal data in accordance with the policy. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Canada” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20These%20supplemental%20disclosures,in%20your%20jurisdiction.%20 ### privacy data use — risk unknown > Where necessary to perform a contract with you, such as processing your contact information to send you a technical announcement about the Services. Your consent when we ask for it to process your personal data for a specific purpose that we communicate to you, such as processing your contact information to send you certain forms of marketing communications. - Interpretation (disclaimed): This segment defines two legal bases — contractual necessity (e.g., technical announcements) and consent (e.g., marketing communications) — applicable to processing contact information for communication purposes, distinguishing the conditions under which each basis applies. - Tier: All - Location: Privacy Policy › “Technical Information” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Where%20necessary%20to,forms%20of%20marketing%20communications. ### privacy data use — risk unknown > It is in our and our users' legitimate interests to expand our product features and deliver additional services that enhance platform functionality and user experience. To communicate with you and to promote our Services Identity and Contact Data - Interpretation (disclaimed): This segment articulates the legitimate interests rationale for expanding product features and delivering additional services, establishing the legal justification for processing Identity and Contact Data to communicate with users and promote services, and specifying this as an operative basis for processing. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > These supplemental disclosures contain additional information relevant to residents of Brazil. This content should be read in conjunction with the rest of our Privacy Policy. In case of conflict between our Privacy Policy and these supplemental disclosures, the supplemental disclosures shall prevail in relation to residents of Brazil. Legal Bases. Depending on the specific purpose of the processing, we may rely on different grounds than those listed under section 2, where permitted by and in accordance with the Brazilian General Data Protection Law (LGPD). For example, we may rely on the "exercise of legal rights" basis to process personal data associated with customer complaints and to enforce our Terms of Service and similar terms and agreements, including our Usage Policy. Data Subject's Rights. LGPD grants certain rights regarding your personal data, which differ from the ones listed under section 4. We will respond to your requests to exercise your rights below in accordance with applicable law: Confirmation of whether your data is being processed. You have the right to receive a confirmation on whether Anthropic processes your data.Access to your data. You have the right to know what personal data Anthropic processes about you. Correction of incomplete, inaccurate or outdated data. You have the right to request the correction of your data that is incomplete, inaccurate, or outdated. Anonymization, blocking or erasure of data. - Interpretation (disclaimed): Requires Brazilian residents to read supplemental disclosures in conjunction with the main Privacy Policy, establishes conflict-of-laws priority for supplemental disclosures, and specifies that lawful bases for processing may differ under Brazil's LGPD. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Brazil” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20These%20supplemental%20disclosures,erasure%20of%20data.%20 ### privacy data use — risk unknown > Anthropic may update this Privacy Policy from time to time. We will notify you of any material changes to this Privacy Policy, as appropriate, and update the Effective Date at the top of  https://www.anthropic.com/legal/privacy . You can view a summary of privacy policy changes and previous versions in our Privacy Center . - Interpretation (disclaimed): Establishes Anthropic's obligation to notify users of material changes to the Privacy Policy and to update the effective date, while providing a procedure for users to access previous versions, constituting a notification and transparency obligation. - Tier: All - Location: § 8 (Changes to Our Privacy Policy) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Anthropic%20may%20update,our%20Privacy%20Center%20. ### privacy data use — risk unknown > Cookies & Similar Technologies.  We and our service providers use cookies, scripts, or similar technologies (“ Cookies ”) to manage the Services and to collect information about you and your use of the Services. These technologies help us to recognize you, customize or personalize your experience, market additional products or services to you, and analyze the use of our Services to make them safer and more useful to you. For more details about how we use these technologies, and your opt-out controls and other options, please visit our  Cookie Policy . - Interpretation (disclaimed): This segment discloses Anthropic's use of cookies and similar technologies by itself and service providers for purposes including personalization, marketing, and analytics, and references opt-out controls in the Cookie Policy, constituting a procedural and disclosure obligation under applicable privacy law. - Tier: All - Location: Privacy Policy › “Personal data we receive automatically from your use of the Services” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Cookies%20%26%20Similar,our%20Cookie%20Policy%20. ### privacy data use — risk unknown > We collect the following categories of personal data: - Interpretation (disclaimed): Introduces the enumeration of personal data categories collected by Anthropic, serving as a definitional framing clause for the data collection practices described in subsequent segments. - Tier: All - Location: § 1 (Collection of Personal Data) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20We%20collect%20the,categories%20of%20personal%20data%3A ### privacy data use — risk unknown > Anthropic retains your personal data for as long as reasonably necessary for the purposes and criteria outlined in this Privacy Policy and explained further in our  privacy center . When the personal data collected is no longer required by us, we and our service providers will perform the necessary procedures for destroying, deleting, erasing, or converting it into an anonymous form as permitted or required under applicable laws. - Interpretation (disclaimed): This segment imposes an obligation on Anthropic to implement appropriate technical and organizational security measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. - Tier: All - Location: § 6 (Data Retention, Data Lifecycle, and Security Controls) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Anthropic%20retains%20your,required%20under%20applicable%20laws. ### privacy data use — risk unknown > Cookies & Similar Technologies.  We and our service providers use cookies, scripts, or similar technologies (“ Cookies ”) to manage the Services and to collect information about you and your use of the Services. These technologies help us to recognize you, customize or personalize your experience, market additional products or services to you, and analyze the use of our Services to make them safer and more useful to you. For more details about how we use these technologies, and your opt-out controls and other options, please visit our  Cookie Policy . - Interpretation (disclaimed): Discloses Anthropic's and its service providers' use of cookies and similar tracking technologies to collect user data, manage services, personalize experience, and analyze usage, constituting a processing obligation disclosure with a reference to opt-out controls. - Tier: All - Location: Privacy Policy › “Personal data we receive automatically from your use of the Services” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Cookies%20%26%20Similar,our%20Cookie%20Policy%20. ### privacy data use — risk unknown > Entrusted Data Name, ID, phone number, email, address, and other information that you may provide to the domestic representative - Interpretation (disclaimed): Defines the categories of personal data (name, ID, phone number, email, address) entrusted to the domestic representative, establishing the scope of data subject to the transfer arrangement. - Tier: All - Location: Privacy Policy › “Trustees and Contacts Bae, Kim & Lee LLC (02-3404-0001)” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Entrusted%20Data%20Name%2C,the%20domestic%20representative%20 ### privacy data use — risk unknown > Consent (for example for precise device location or for health app integrations) - Interpretation (disclaimed): This segment defines 'Consent' as a legal basis for optional services and features, providing examples such as precise device location or health app integrations, which establishes the definitional scope of consent-based processing for these specific data categories. - Tier: All - Location: Privacy Policy › “Technical Information” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Consent%20(for%20example,for%20health%20app%20integrations) ### privacy data use — risk unknown > It is in our legitimate interests to fully understand and make reasonable efforts to resolve customer complaints in order to improve user satisfaction. We also have a legal obligation in some cases. - Interpretation (disclaimed): This segment articulates the legitimate interests rationale for dispute processing, stating that it is in Anthropic's legitimate interests to understand and resolve customer complaints to improve user satisfaction, and acknowledging a legal obligation in some cases, thereby providing the operative justification for this processing activity. - Tier: All - Location: Privacy Policy › “Legal obligation” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,in%20some%20cases.%20 ### privacy data use — risk unknown > Restriction: the right to restrict our processing of your personal data in certain circumstances. Withdrawal of consent.  Where Anthropic’s processing of your personal data is based on consent, you have the right to withdraw your consent. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Automated decision-making : Anthropic does not engage in decision making based solely on automated processing or profiling in a manner which produces a legal effect (i.e., impacts your legal rights) or significantly affects you in a similar way (e.g., significantly affects your financial circumstances or ability to access essential goods or services). Sale & targeted Anthropic marketing of its products and services . Anthropic does not “sell” your personal data as that term is defined by applicable laws and regulations. You can opt-out of sharing your personal data for targeted advertising to promote our products and services, and we will honor global privacy controls. To learn more,  click here . Anthropic gives you access to a variety of tools to help you manage your data. You can access these in your Privacy Settings . - Interpretation (disclaimed): Establishes user rights to restrict processing, withdraw consent (with a limitation that withdrawal does not affect prior lawful processing), and declares that Anthropic does not engage in solely automated decision-making with legal or significant effects, constituting both rights and a restriction disclaimer. - Tier: All - Location: § 4 (Rights and Choices) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Restriction%3A%20the%20right,your%20Privacy%20Settings%20. ### privacy data use — risk unknown > To provide, maintain and facilitate optional services and features that enhance platform functionality and user experience Identity and Contact Data - Interpretation (disclaimed): This segment specifies the purpose of processing Identity and Contact Data for optional services and features that enhance platform functionality and user experience, establishing a permission to process this data under consent and legitimate interests legal bases. - Tier: All - Location: Privacy Policy › “Contract” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20To%20provide%2C%20maintain,Identity%20and%20Contact%20Data ### privacy data use — risk unknown > It is in our legitimate interests to protect user data and our systems from intrusion or compromise through monitoring and swift response. We also have a legal obligation to provide adequate security safeguards. To debug and to identify and repair errors that impair existing functionality Identity and Contact Data - Interpretation (disclaimed): Articulates the legitimate interest rationale for security monitoring and swift response, confirming both a legal obligation for security safeguards and a legitimate interest basis for processing personal data to debug and repair errors impairing functionality. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,Identity%20and%20Contact%20Data ### data retention — risk medium > You also are able to  delete individual conversations , which will be removed immediately from your conversation history and automatically deleted from our back-end within 30 days. - Interpretation (disclaimed): The 30-day back-end deletion window means personal data persists in Anthropic's systems for up to a month after user-initiated deletion. This window interacts with the training-use carve-outs, potentially allowing flagged content to be used for training before deletion is processed. - Tier: All - Location: § 4 (Rights and Choices) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=You%20also%20are%20able,back-end%20within%2030%20days. ### data retention — risk medium > Anthropic retains your personal data for as long as reasonably necessary for the purposes and criteria outlined in this Privacy Policy and explained further in our  privacy center . When the personal data collected is no longer required by us, we and our service providers will perform the necessary procedures for destroying, deleting, erasing, or converting it into an anonymous form as permitted or required under applicable laws. - Interpretation (disclaimed): GDPR Art. 5(1)(e) requires storage limitation with specific periods. 'Reasonably necessary' without defined timeframes is a compliance risk marker and limits user ability to predict how long their data is held. - Tier: All - Location: § 6 (Data Retention, Data Lifecycle, and Security Controls) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Anthropic%20retains%20your%20personal,required%20under%20applicable%20laws. ### data retention — risk unknown > If we terminate your Account due to inactivity, we will provide you with notice before doing so. Upon termination of these Terms, a Subscription, or your access to the Services, we may at our option delete any Materials or other data associated with your Account. Sections 6 (with respect to fees outstanding as of such expiration or termination) and 9 – 12 will survive any expiration or termination of our Terms or a Subscription. Severability.  If a particular Term or portion of these Terms is not valid or enforceable, this will have no effect on any other Terms. No waiver.  Any delay or failure on our part to enforce a provision of these Terms is not a waiver of our right to enforce them later. No assignment. These Terms may not be transferred or assigned by you without our prior written consent, but may be assigned by us without restriction. Use of our brand.  You may not, without our prior written permission, use our name, logos, or other trademarks in connection with products or services other than the Services, or in any other way that implies our affiliation, endorsement, or sponsorship. To seek permission, please email us at marketing@anthropic.com. Export Controls.  You may not export or provide access to the Services into any U.S. embargoed countries or to anyone on (i) the U.S. Treasury Department’s list of Specially Designated Nationals, (ii) any other restricted party lists identified by the Office of Foreign Asset Control, (iii) the U.S. - Interpretation (disclaimed): This segment specifies the procedure for termination due to inactivity (notice required), establishes the platform's discretionary right to delete user Materials and data upon termination, and identifies which contractual sections survive expiration or termination — directly governing data deletion and retention obligations post-termination. - Tier: All - Location: § 12 (General terms) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=If%20we%20terminate%20your,(iii)%20the%20U.S.%20 ### data retention — risk unknown > In certain cases and subject to applicable law, you have the right to port your information. Deletion: the right to request that we delete personal data collected from you when you use our Services, subject to certain exceptions. You also are able to  delete individual conversations , which will be removed immediately from your conversation history and automatically deleted from our back-end within 30 days. Learn more  here . Correction: the right to request that we correct inaccurate personal data Anthropic retains about you, subject to certain exceptions. Please note that we cannot guarantee the factual accuracy of Outputs. If Outputs contain factually inaccurate personal data relating to you, you can submit a correction request and we will make a reasonable effort to correct this information—but due to the technical complexity of our large language models, it may not always be possible for us to do so. Objection: the right to object to processing of your personal data, including profiling conducted on grounds of public or legitimate interest. In places where such a right applies, we will no longer process the personal data in case of such objection unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise or defense of legal claims. If we use your information for direct marketing, you can object and opt out of future direct marketing messages using the unsubscribe link in such communications. - Interpretation (disclaimed): This segment is a section heading introducing the data retention, lifecycle, and security controls section, contextualizing the definitions and obligations regarding retention periods and security measures that follow. - Tier: All - Location: § 4 (Rights and Choices) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=In%20certain%20cases%20and,in%20such%20communications.%20 ### data retention — risk unknown > If we link to a site or service via our Services, you should read their data usage policies or other documentation. Our linking to another site or service doesn’t mean we endorse it or speak for that third party. Pursuant to regulatory or legal requirements, safety, rights of others, and to enforce our rights or our terms.  We may disclose personal data to governmental regulatory authorities as required by law, including for legal, tax or accounting purposes, in response to their requests for such information or to assist in investigations. We may also disclose personal data to third parties in connection with claims, disputes or litigation, when otherwise permitted or required by law, or if we determine its disclosure is necessary to protect the health and safety of you or any other person, to protect against fraud or credit risk, to enforce our legal rights or the legal rights of others, to enforce contractual commitments that you have made, or as otherwise permitted or required by applicable law. With an individual's consent.  Anthropic will otherwise disclose personal data when an individual gives us permission or directs us to disclose this information, including as a part of our Services. You can find information on our  Subprocessor List  about the third parties Anthropic engages to help us process personal data provided to us where Anthropic acts as a data processor, such as with respect to personal data we receive, process, store, or host when you use Anthropic's commercial services. - Interpretation (disclaimed): This segment grants data subjects the right to data portability, the right to deletion of personal data (with a specific 30-day back-end deletion timeline for individual conversations), and the right to correction of inaccurate data, subject to exceptions, establishing enforceable individual rights and associated retention/deletion obligations. - Tier: All - Location: § 3 (How We Disclose Personal Data) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=If%20we%20link%20to,use%20Anthropic%26%23x27%3Bs%20commercial%20services. ### data retention — risk ambiguous > Retention period The period necessary to process your request - Interpretation (disclaimed): Vague retention language ('period necessary') provides no enforceable upper bound on how long the Korean subprocessor retains personal data, creating uncertainty about deletion timelines. - Tier: All - Location: Privacy Policy › “Retention period The period necessary to process your request” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Retention%20period%20The%20period,to%20process%20your%20request ### data retention — risk unknown > In certain cases and subject to applicable law, you have the right to port your information. Deletion: the right to request that we delete personal data collected from you when you use our Services, subject to certain exceptions. You also are able to  delete individual conversations , which will be removed immediately from your conversation history and automatically deleted from our back-end within 30 days. Learn more  here . Correction: the right to request that we correct inaccurate personal data Anthropic retains about you, subject to certain exceptions. Please note that we cannot guarantee the factual accuracy of Outputs. If Outputs contain factually inaccurate personal data relating to you, you can submit a correction request and we will make a reasonable effort to correct this information—but due to the technical complexity of our large language models, it may not always be possible for us to do so. Objection: the right to object to processing of your personal data, including profiling conducted on grounds of public or legitimate interest. In places where such a right applies, we will no longer process the personal data in case of such objection unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise or defense of legal claims. If we use your information for direct marketing, you can object and opt out of future direct marketing messages using the unsubscribe link in such communications. - Interpretation (disclaimed): Establishes user rights to data portability, deletion, and correction of personal data, and specifies a concrete procedure and timeline (removal from conversation history immediately, deletion from back-end within 30 days) for exercising deletion rights, constituting a data retention and deletion procedure. - Tier: All - Location: § 4 (Rights and Choices) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=In%20certain%20cases%20and,in%20such%20communications.%20 ### data retention — risk unknown > Restriction: the right to restrict our processing of your personal data in certain circumstances. Withdrawal of consent.  Where Anthropic’s processing of your personal data is based on consent, you have the right to withdraw your consent. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Automated decision-making : Anthropic does not engage in decision making based solely on automated processing or profiling in a manner which produces a legal effect (i.e., impacts your legal rights) or significantly affects you in a similar way (e.g., significantly affects your financial circumstances or ability to access essential goods or services). Sale & targeted Anthropic marketing of its products and services . Anthropic does not “sell” your personal data as that term is defined by applicable laws and regulations. You can opt-out of sharing your personal data for targeted advertising to promote our products and services, and we will honor global privacy controls. To learn more,  click here . Anthropic gives you access to a variety of tools to help you manage your data. You can access these in your Privacy Settings . - Interpretation (disclaimed): This segment establishes Anthropic's obligation to retain personal data only as long as reasonably necessary for stated purposes and to destroy, delete, erase, or anonymize data when no longer required, imposing enforceable retention and deletion obligations on Anthropic and its service providers. - Tier: All - Location: § 4 (Rights and Choices) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Restriction%3A%20the%20right,your%20Privacy%20Settings%20. ### data retention — risk unknown > Anthropic retains your personal data for as long as reasonably necessary for the purposes and criteria outlined in this Privacy Policy and explained further in our  privacy center . When the personal data collected is no longer required by us, we and our service providers will perform the necessary procedures for destroying, deleting, erasing, or converting it into an anonymous form as permitted or required under applicable laws. - Interpretation (disclaimed): Establishes Anthropic's obligation to retain personal data only as long as reasonably necessary and to destroy, delete, erase, or anonymize data when no longer required, constituting a binding data retention and deletion obligation for both Anthropic and its service providers. - Tier: All - Location: § 6 (Data Retention, Data Lifecycle, and Security Controls) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Anthropic%20retains%20your,required%20under%20applicable%20laws. ### subprocessors data sharing — risk medium > By providing us with personal data, you acknowledge and agree that your personal data may be transferred or disclosed to other jurisdictions for processing and storage outside of Canada, including to the United States and the countries listed on our  Subprocessor List , where laws regarding the protection of personal data may be less stringent than the laws in your jurisdiction. Furthermore, we may disclose your personal data in these jurisdictions in response to legal processes or where we believe in good faith that disclosure is required or permitted by law. - Interpretation (disclaimed): This clause creates broad consent to cross-border data transfers to jurisdictions potentially lacking equivalent privacy protections, and permits disclosure to authorities on a subjective 'good faith' standard—reducing user control over their data. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Canada” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=By%20providing%20us%20with,or%20permitted%20by%20law. ### subprocessors data sharing — risk medium > You acknowledge that Anthropic is a company based and headquartered in the United States. Any information we hold about you will be transferred to, used, processed, and stored in the United States and other countries and territories, which may not have data privacy or data protection laws equivalent to those in your country or territory. - Interpretation (disclaimed): Transferring personal data to jurisdictions with weaker legal protections exposes users to reduced privacy rights and enforcement options. The explicit acknowledgment of this gap is notable from a risk perspective. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Brazil” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=You%20acknowledge%20that%20Anthropic,your%20country%20or%20territory. ### subprocessors data sharing — risk medium > Affiliates & corporate partners.  Anthropic discloses the categories of personal data described above between and among its affiliates and related entities. Service providers & business partners.  Anthropic may disclose the categories of personal data described above with service providers and business partners for a variety of business purposes, including website and data hosting, ensuring compliance with industry standards, research, auditing, data processing, and providing you with the services. - Interpretation (disclaimed): Broad disclosure authority to affiliates and third-party service providers/business partners with a non-exhaustive list of purposes (including 'research') creates uncertainty about who receives personal data and for what purposes. - Tier: All - Location: § 3 (How We Disclose Personal Data) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Affiliates%20%26%20corporate%20partners.,you%20with%20the%20services. ### subprocessors data sharing — risk medium > As part of a significant corporate event.  If Anthropic is involved in a merger, corporate transaction, bankruptcy, or other situation involving the transfer of business assets, Anthropic will disclose your personal data as part of these corporate transactions. - Interpretation (disclaimed): Standard M&A data transfer clause; however, combined with the breadth of data collected (inputs, outputs, usage data), the volume and sensitivity of data transferable without user consent is notable. - Tier: All - Location: § 3 (How We Disclose Personal Data) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=As%20part%20of%20a,of%20these%20corporate%20transactions. ### subprocessors data sharing — risk medium > Standard contractual clauses.   The European Commission has approved contractual clauses under Article 46 GDPR that allows companies in the EEA to transfer data outside the EEA. These (and their approved equivalent for the UK and Switzerland) are called standard contractual clauses. We rely on standard contractual clauses to transfer information as described in “Collection of Personal Data” to certain affiliates and third parties in countries without an adequacy decision. - Interpretation (disclaimed): SCCs are a recognized GDPR Art. 46 transfer mechanism but require a Transfer Impact Assessment post-Schrems II. The policy does not specify which countries or sub-processors receive the data, limiting user ability to assess risk. - Tier: All - Location: § 5 (Data Transfers) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Standard%20contractual%20clauses.%20The,without%20an%20adequacy%20decision. ### subprocessors data sharing — risk low > You can find information on our  Subprocessor List  about the third parties Anthropic engages to help us process personal data provided to us where Anthropic acts as a data processor, such as with respect to personal data we receive, process, store, or host when you use Anthropic's commercial services. - Interpretation (disclaimed): The policy references an external subprocessor list rather than enumerating subprocessors. While common practice, it limits users' ability to assess data-sharing scope from this document alone. - Tier: All - Location: § 3 (How We Disclose Personal Data) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=You%20can%20find%20information,use%20Anthropic%26%23x27%3Bs%20commercial%20services. ### subprocessors data sharing — risk low > Trustees and Contacts Bae, Kim & Lee LLC (02-3404-0001) Entrusted Data Name, ID, phone number, email, address, and other information that you may provide to the domestic representative Purpose Assisting with the domestic representative duties Recipient Location South Korea Retention period The period necessary to process your request Times and methods of transfer Telephone, text, or email - Interpretation (disclaimed): Korean law (PIPA) requires disclosure of domestic data processing trustees. The clause is a compliance disclosure rather than a risk-generating provision, and the data shared is limited to contact/representative-related data. - Tier: All - Location: Privacy Policy › “Trustees and Contacts Bae, Kim & Lee LLC (02-3404-0001)” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Trustees%20and%20Contacts%20Bae%2C,Telephone%2C%20text%2C%20or%20email ### subprocessors data sharing — risk unknown > If you live in the European Economic Area (EEA), UK or Switzerland (the “European Region”), the data controller responsible for your personal data is Anthropic Ireland, Limited. If you live outside the European Region, the data controller responsible for your personal data is Anthropic PBC. If you have any questions about this Privacy Policy, or have any questions, complaints or requests regarding your personal data, you can contact us as described below: Anthropic PBC with a registered address at 548 Market St, PMB 90375, San Francisco, CA 94104 (United States). Anthropic Ireland, Limited with a registered address at 6th Floor, South Bank House, Barrow Street. Dublin 4, D04 TR29 (Ireland). You can email us at  privacy@anthropic.com  and contact our Data Protection Officer at  dpo@anthropic.com . Please note that under many countries' laws, you have the right to lodge a complaint with the supervisory authority in the place in which you live or work. A full list of EU supervisory authorities’ contact details is available  here . If you live or work in the UK, you have the right to lodge a complaint with the  UK Information Commissioner’s Office . If you live in Brazil, you have the right to lodge a complaint with the  Brazilian Data Protection Authority (ANPD) .If you live in Australia, you have the right to lodge a complaint with the Office of the Australian Information Commissioner . - Interpretation (disclaimed): This segment defines the data controllers responsible for processing personal data depending on the user's geographic region (EEA/UK/Switzerland vs. outside), establishing the legal identity of the responsible entity and providing contact details for privacy inquiries, which is a foundational definition for data processing accountability obligations. - Tier: All - Location: § 9 (Contact Information) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20If%20you%20live,Australian%20Information%20Commissioner%20. ### subprocessors data sharing — risk unknown > Email: [anthropicprivacy@bkl.co.kr] Data Processors: - Interpretation (disclaimed): Introduces the category 'Data Processors' for Korean residents, defining the class of third-party entities that process personal data on Anthropic's behalf and initiating required disclosures under Korean data protection law. - Tier: All - Location: Privacy Policy › “Telephone: [+82-2-6252-2080]” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Email%3A%20%5Banthropicprivacy%40bkl.co.kr%5D%0A%20Data%20Processors%3A ### subprocessors data sharing — risk unknown > If we link to a site or service via our Services, you should read their data usage policies or other documentation. Our linking to another site or service doesn’t mean we endorse it or speak for that third party. Pursuant to regulatory or legal requirements, safety, rights of others, and to enforce our rights or our terms.  We may disclose personal data to governmental regulatory authorities as required by law, including for legal, tax or accounting purposes, in response to their requests for such information or to assist in investigations. We may also disclose personal data to third parties in connection with claims, disputes or litigation, when otherwise permitted or required by law, or if we determine its disclosure is necessary to protect the health and safety of you or any other person, to protect against fraud or credit risk, to enforce our legal rights or the legal rights of others, to enforce contractual commitments that you have made, or as otherwise permitted or required by applicable law. With an individual's consent.  Anthropic will otherwise disclose personal data when an individual gives us permission or directs us to disclose this information, including as a part of our Services. You can find information on our  Subprocessor List  about the third parties Anthropic engages to help us process personal data provided to us where Anthropic acts as a data processor, such as with respect to personal data we receive, process, store, or host when you use Anthropic's commercial services. - Interpretation (disclaimed): Discloses that personal data may be shared with governmental authorities pursuant to legal requirements, safety concerns, or enforcement of rights, establishing legal compulsion and rights-enforcement as legitimate bases for third-party disclosure, including limiting Anthropic's liability for third-party linked sites. - Tier: All - Location: § 3 (How We Disclose Personal Data) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=If%20we%20link%20to,use%20Anthropic%26%23x27%3Bs%20commercial%20services. ### subprocessors data sharing — risk unknown > Email: [anthropicprivacy@bkl.co.kr] Data Processors: - Interpretation (disclaimed): Introduces 'Data Processors' as a section label for Korea-specific disclosure of subprocessors or data processors, beginning the enumeration of entities that process personal data on Anthropic's behalf as required under Korean data protection law. - Tier: All - Location: Privacy Policy › “Telephone: [+82-2-6252-2080]” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Email%3A%20%5Banthropicprivacy%40bkl.co.kr%5D%0A%20Data%20Processors%3A ### subprocessors data sharing — risk unknown > Furthermore, we may disclose your personal data in these jurisdictions in response to legal processes or where we believe in good faith that disclosure is required or permitted by law. Contact. If you have any questions or comments about our processing of your personal data, or to exercise your rights as outlined in Section 4. (“Rights and Choices”), please contact us at privacy@anthropic.com. - Interpretation (disclaimed): Permits Anthropic to disclose Canadian residents' personal data to third jurisdictions in response to legal processes or where disclosure is required or permitted by law, and provides a contact mechanism for exercising privacy rights. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Canada” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Furthermore%2C%20we%20may%20disclose,contact%20us%20at%20privacy%40anthropic.com. ### subprocessors data sharing — risk unknown > International Data Transfers. You acknowledge that Anthropic is a company based and headquartered in the United States. Any information we hold about you will be transferred to, used, processed, and stored in the United States and other countries and territories, which may not have data privacy or data protection laws equivalent to those in your country or territory. For the proper operation of the Services, Anthropic needs to carry out international transfers of personal data. In the case of Brazil, we will rely on standard contractual clauses (SCCs) for our data transfers where required and in instances where they are not covered by an adequacy decision. These SCCs have been approved by the Brazilian Data Protection Authority (ANPD), which is the "competent supervisory authority" for these transfers, as governed by Brazilian Data Protection Laws. You can view the SCCs adopted by the ANPD here . - Interpretation (disclaimed): Discloses that personal data of Brazilian residents will be transferred to and stored in the United States and other countries, and obligates Anthropic to rely on Standard Contractual Clauses (SCCs) for international data transfers where required under Brazilian law, establishing a transfer mechanism obligation. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Brazil” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20International%20Data%20Transfers.,the%20ANPD%20here%20. ### subprocessors data sharing — risk unknown > We use your personal data for the following purposes: To provide, maintain and facilitate any products and services offered to you with respect to your Anthropic account, which are governed by our Terms of Service; To provide, maintain and facilitate optional services and features that enhance platform functionality and user experience; To communicate with you, including to send you information about our Services and events; To create and administer your Anthropic account; To facilitate payments for products and services provided by Anthropic; To prevent and investigate fraud, abuse, and violations of our  Usage Policy , unlawful or criminal activity, unauthorized access to or use of personal data or Anthropic systems and networks, to protect our rights and the rights of others, and to meet legal, governmental and institutional policy obligations; To investigate and resolve disputes; To investigate and resolve security issues; To debug and to identify and repair errors that impair existing functionality To improve the Services and conduct research, including training our models; and To enforce our  Terms of Service  and similar terms and agreements, including our  Usage Policy . We may use your Inputs and Outputs to train our models and improve our Services, unless you opt out through your account settings. Even if you opt-out, we will use Inputs and Outputs for model improvement when: (1) your conversations are flagged for safety review to improve our ability to detect harmful content, enforce our policies, or advance AI safety research, or (2) you've explicitly reported the materials to us (for example via our feedback mechanisms). Please see Section 10 below for details of our legal bases for processing your personal data. - Interpretation (disclaimed): This segment discloses the categories of third parties to whom Anthropic discloses personal data, including affiliates, service providers, and business partners, and the purposes for such disclosures, establishing Anthropic's data sharing framework and obligations regarding third-party disclosures. - Tier: All - Location: § 2 - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20We%20use%20your,processing%20your%20personal%20data. ### subprocessors data sharing — risk unknown > Anthropic will disclose personal data to the following categories of third parties for the purposes explained in this Policy: Affiliates & corporate partners.  Anthropic discloses the categories of personal data described above between and among its affiliates and related entities. Service providers & business partners.  Anthropic may disclose the categories of personal data described above with service providers and business partners for a variety of business purposes, including website and data hosting, ensuring compliance with industry standards, research, auditing, data processing, and providing you with the services. Anthropic may also disclose personal data in the following circumstances: As part of a significant corporate event.  If Anthropic is involved in a merger, corporate transaction, bankruptcy, or other situation involving the transfer of business assets, Anthropic will disclose your personal data as part of these corporate transactions. Third-Party Websites and Services:  Our Services may involve integrations with, or may direct you to, websites, apps, and services managed by third parties. By interacting with these third parties, you are providing information directly to the third party and not Anthropic and subject to the third party’s privacy policy.If you access third-party services, such as social media sites or other sites linked through the Services (e.g., if you follow a link to our Twitter account), these third-party services will be able to collect personal data about you, including information about your activity on the Services. - Interpretation (disclaimed): Identifies categories of third parties to whom Anthropic discloses personal data, including affiliates and service providers/business partners, and specifies the business purposes for such disclosures, establishing the legal framework for third-party data sharing and subprocessor relationships. - Tier: All - Location: § 3 (How We Disclose Personal Data) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Anthropic%20will%20disclose,on%20the%20Services.%20 ### subprocessors data sharing — risk unknown > International Data Transfers. You acknowledge that Anthropic is a company based and headquartered in the United States. Any information we hold about you will be transferred to, used, processed, and stored in the United States and other countries and territories, which may not have data privacy or data protection laws equivalent to those in your country or territory. For the proper operation of the Services, Anthropic needs to carry out international transfers of personal data. In the case of Brazil, we will rely on standard contractual clauses (SCCs) for our data transfers where required and in instances where they are not covered by an adequacy decision. These SCCs have been approved by the Brazilian Data Protection Authority (ANPD), which is the "competent supervisory authority" for these transfers, as governed by Brazilian Data Protection Laws. You can view the SCCs adopted by the ANPD here . - Interpretation (disclaimed): Discloses that personal data of Brazilian residents will be transferred to and processed in the United States and other countries, acknowledges potential lack of equivalent data protection laws, and specifies reliance on standard contractual clauses (SCCs) as the transfer mechanism where required. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Brazil” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20International%20Data%20Transfers.,the%20ANPD%20here%20. ### subprocessors data sharing — risk unknown > Furthermore, we may disclose your personal data in these jurisdictions in response to legal processes or where we believe in good faith that disclosure is required or permitted by law. Contact. If you have any questions or comments about our processing of your personal data, or to exercise your rights as outlined in Section 4. (“Rights and Choices”), please contact us at privacy@anthropic.com. - Interpretation (disclaimed): Grants Anthropic permission to disclose personal data of Canadian residents to foreign jurisdictions in response to legal processes or where disclosure is required or permitted by law, and provides a contact mechanism for exercising rights, establishing both a disclosure permission and a procedural right. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Canada” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Furthermore%2C%20we%20may%20disclose,contact%20us%20at%20privacy%40anthropic.com. ### audit rights dpa residency — risk medium > When you access our website or Services, your personal data may be transferred to our servers in the US, or to other countries outside the European Economic Area ( “EEA” ) and the UK. This may be a direct provision of your personal data to us, or a transfer that we or a third party make. - Interpretation (disclaimed): EEA/UK users have no stated option to keep data within their jurisdiction. US storage subjects data to US government access laws (e.g., CLOUD Act, FISA 702), which is a risk factor under GDPR adequacy assessments. - Tier: All - Location: § 5 (Data Transfers) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=When%20you%20access%20our,a%20third%20party%20make. ### audit rights dpa residency — risk low > In the case of Brazil, we will rely on standard contractual clauses (SCCs) for our data transfers where required and in instances where they are not covered by an adequacy decision. These SCCs have been approved by the Brazilian Data Protection Authority (ANPD), which is the "competent supervisory authority" for these transfers, as governed by Brazilian Data Protection Laws. - Interpretation (disclaimed): Use of SCCs approved by the Brazilian data protection authority (ANPD) is a standard LGPD compliance mechanism for international transfers; this is a positive safeguard for Brazilian residents. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Brazil” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=In%20the%20case%20of,Brazilian%20Data%20Protection%20Laws. ### audit rights dpa residency — risk unknown > Depending on where you live and the laws that apply in your country of residence, you may enjoy certain rights regarding your personal data, as described further below. However, please be aware that these rights are limited, and that the process by which we may need to action your requests regarding our training dataset are complex. We may also decline a request if we have a lawful reason for doing so. That said, we strive to prioritize the protection of personal data, and comply with all applicable privacy laws. To exercise your rights, you or an authorized agent may submit a request by emailing us at  privacy@anthropic.com . After we receive your request, we may verify it by requesting information sufficient to confirm your identity. You may also have the right to appeal requests that we deny by emailing  privacy@anthropic.com . Anthropic will not discriminate based on the exercising of privacy rights you may have. Set out below is a summary of the rights which you may enjoy, depending on the laws that apply in your country of residence. Right to know:  the right to know what personal data Anthropic processes about you, including the categories of personal data, the categories of sources from which it is collected, the business or commercial purposes for collection, and the categories of third parties to whom we disclose it. Access & data portability: the right to request a copy of the personal data Anthropic processes about you, subject to certain exceptions and conditions. - Interpretation (disclaimed): This segment describes the mechanisms by which Anthropic ensures adequate protection for cross-border personal data transfers outside the EEA and UK, including adequacy decisions under GDPR Article 45, establishing procedural and compliance obligations for international data transfers. - Tier: All - Location: § 4 (Rights and Choices) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20Depending%20on%20where,exceptions%20and%20conditions.%20 ### audit rights dpa residency — risk unknown > You have the right to request the anonymisation, blocking or erasure of data that is unnecessary, excessive or processed in non-compliance with the provisions of the law. Portability of personal data to a third party. You have the right to request portability of your data to a third-party, as long as this does not infringe on our trade secrets. Information of public and private entities with which we shared data. You have the right to request information of public and private entities with which we have shared your data. Information about the possibility to refuse to provide consent and the respective consequences, when applicable. Withdrawal of your consent. You have the right to withdraw your consent. This procedure will be carried out free of charge. Request a review of decisions made solely based on automated processing of personal data. Please keep in mind that these rights are not absolute and may not apply in certain circumstances. For example, in certain cases we may continue to process and retain data regardless of your request for deletion, objection, blocking or anonymisation, in order to comply with legal, contractual and regulatory obligations, safeguard and exercise rights, including in judicial, administrative and arbitration proceedings and in other cases provided for by law. - Interpretation (disclaimed): Grants Brazilian residents specific LGPD rights including anonymisation, blocking or erasure of unnecessary or excessive data, data portability to third parties (subject to trade secret limits), information about entities with whom data was shared, and information about the right to refuse consent, establishing enforceable data subject rights. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Brazil” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=You%20have%20the%20right,provided%20for%20by%20law. ### audit rights dpa residency — risk ambiguous > You can find information on our  Subprocessor List  about the third parties Anthropic engages to help us process personal data provided to us where Anthropic acts as a data processor, such as with respect to personal data we receive, process, store, or host when you use Anthropic's commercial services. - Interpretation (disclaimed): The policy is silent on user or customer audit rights, formal DPA arrangements, and data residency controls. This is a gap relevant especially to enterprise customers and regulated-industry users. - Tier: All - Location: § 3 (How We Disclose Personal Data) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=You%20can%20find%20information,use%20Anthropic%26%23x27%3Bs%20commercial%20services. ### audit rights dpa residency — risk unknown > These supplemental disclosures contain additional information relevant to residents of Canada. This content should be read in conjunction with the rest of our Privacy Policy. In case of conflict between our Privacy Policy and these supplemental disclosures, the supplemental disclosures shall prevail in relation to residents of Canada. Consent. By expressly consenting to this Privacy Policy, you confirm you have read, understand, and consent to the collection, use, processing, and disclosure of your personal data in accordance with this Privacy Policy and understand that, in jurisdictions where it is available, Anthropic also relies on other lawful bases for the foregoing as more fully set out in this policy. We will only collect, use and disclose your personal data with your consent, unless otherwise permitted or required by law. Your consent may be given expressly or implied, depending on the circumstances and the sensitivity of the information involved. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Cross-jurisdictional Transfers. By providing us with personal data, you acknowledge and agree that your personal data may be transferred or disclosed to other jurisdictions for processing and storage outside of Canada, including to the United States and the countries listed on our  Subprocessor List , where laws regarding the protection of personal data may be less stringent than the laws in your jurisdiction. - Interpretation (disclaimed): Requires Canadian residents to expressly consent to the collection, use, processing, and disclosure of their personal data in accordance with the Privacy Policy, establishing a consent obligation and noting that the supplemental disclosures prevail over the main policy in case of conflict. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Canada” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20These%20supplemental%20disclosures,in%20your%20jurisdiction.%20 ### audit rights dpa residency — risk unknown > When you access our website or Services, your personal data may be transferred to our servers in the US, or to other countries outside the European Economic Area ( “EEA” ) and the UK. This may be a direct provision of your personal data to us, or a transfer that we or a third party make. Where information is transferred outside the EEA or the UK, we ensure it benefits from an adequate level of data protection by relying on: Adequacy decisions.   These are decisions from the European Commission under Article 45 GDPR (or equivalent decisions under other laws) where they recognise that a country outside of the EEA offers an adequate level of data protection. We transfer your information as described in “Collection of Personal Data” to some countries with adequacy decisions, such as the countries listed  here ; or Standard contractual clauses.   The European Commission has approved contractual clauses under Article 46 GDPR that allows companies in the EEA to transfer data outside the EEA. These (and their approved equivalent for the UK and Switzerland) are called standard contractual clauses. We rely on standard contractual clauses to transfer information as described in “Collection of Personal Data” to certain affiliates and third parties in countries without an adequacy decision. In certain situations, we rely on derogations provided for under applicable data protection law to transfer information to a third country. - Interpretation (disclaimed): Discloses that personal data may be transferred to the US or countries outside the EEA/UK and identifies the legal mechanisms (adequacy decisions under Article 45 GDPR) relied upon to ensure adequate data protection for international transfers, constituting a compliance obligation under data protection law. - Tier: All - Location: § 5 (Data Transfers) - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20When%20you%20access,to%20a%20third%20country. ### audit rights dpa residency — risk unknown > The domestic representative of Anthropic PBC for data protection and related regulatory purposes under Article 31-2 of the Personal Information Protection Act and Article 32-5 of the Act on Promotion of Information and Communications Network Utilization and Data Protection, Etc. in the Republic of Korea is as follows: Entity Name and Representative: Anthropic Korea, Limited (Representative Patrick Azubike Ekeruo) Registered Address: (Yeoksam-dong), 41F, 152 Teheran-ro, Gangnam-gu, Seoul, South Korea - Interpretation (disclaimed): Identifies Anthropic Korea, Limited as the mandatory domestic representative under Article 31-2 of Korea's Personal Information Protection Act and Article 32-5 of the Network Act, disclosing the entity name, representative, and registered address to satisfy Korean legal compliance obligations. - Tier: All - Location: Privacy Policy › “Domestic Representative in the Republic of Korea” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20The%20domestic%20representative,Gangnam-gu%2C%20Seoul%2C%20South%20Korea ### audit rights dpa residency — risk unknown > These supplemental disclosures contain additional information relevant to residents of Brazil. This content should be read in conjunction with the rest of our Privacy Policy. In case of conflict between our Privacy Policy and these supplemental disclosures, the supplemental disclosures shall prevail in relation to residents of Brazil. Legal Bases. Depending on the specific purpose of the processing, we may rely on different grounds than those listed under section 2, where permitted by and in accordance with the Brazilian General Data Protection Law (LGPD). For example, we may rely on the "exercise of legal rights" basis to process personal data associated with customer complaints and to enforce our Terms of Service and similar terms and agreements, including our Usage Policy. Data Subject's Rights. LGPD grants certain rights regarding your personal data, which differ from the ones listed under section 4. We will respond to your requests to exercise your rights below in accordance with applicable law: Confirmation of whether your data is being processed. You have the right to receive a confirmation on whether Anthropic processes your data.Access to your data. You have the right to know what personal data Anthropic processes about you. Correction of incomplete, inaccurate or outdated data. You have the right to request the correction of your data that is incomplete, inaccurate, or outdated. Anonymization, blocking or erasure of data. - Interpretation (disclaimed): Establishes that processing of Brazilian residents' data will rely on legal bases permitted under the LGPD, which may differ from those stated in the main policy, creating a legal obligation to comply with Brazilian data protection law and prevail over conflicting policy terms. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Brazil” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20These%20supplemental%20disclosures,erasure%20of%20data.%20 ### audit rights dpa residency — risk unknown > If you are located in Canada, Brazil, or the Republic of Korea, please read the relevant Regional Supplemental Disclosure which applies to you. If you are located in Washington or a state with similar consumer health data laws, please read our Consumer Health Data Privacy Policy which applies to you if you integrate third party health applications with Claude. - Interpretation (disclaimed): This segment incorporates by reference Regional Supplemental Disclosures for Canada, Brazil, and South Korea, as well as a Consumer Health Data Privacy Policy, directing affected users to additional legally operative supplemental documents that impose jurisdiction-specific obligations. - Tier: All - Location: Privacy Policy › “Privacy Policy \ Anthropic” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20If%20you%20are,health%20applications%20with%20Claude. ### audit rights dpa residency — risk unknown > The domestic representative of Anthropic PBC for data protection and related regulatory purposes under Article 31-2 of the Personal Information Protection Act and Article 32-5 of the Act on Promotion of Information and Communications Network Utilization and Data Protection, Etc. in the Republic of Korea is as follows: Entity Name and Representative: Anthropic Korea, Limited (Representative Patrick Azubike Ekeruo) Registered Address: (Yeoksam-dong), 41F, 152 Teheran-ro, Gangnam-gu, Seoul, South Korea - Interpretation (disclaimed): Identifies Anthropic Korea, Limited (representative Patrick Azubike Ekeruo) as the designated domestic representative under Article 31-2 of the Personal Information Protection Act and Article 32-5 of the Act on Promotion of Information and Communications Network Utilization, fulfilling a mandatory legal obligation under Korean data protection law. - Tier: All - Location: Privacy Policy › “Domestic Representative in the Republic of Korea” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20The%20domestic%20representative,Gangnam-gu%2C%20Seoul%2C%20South%20Korea ### audit rights dpa residency — risk unknown > If you are located in Canada, Brazil, or the Republic of Korea, please read the relevant Regional Supplemental Disclosure which applies to you. If you are located in Washington or a state with similar consumer health data laws, please read our Consumer Health Data Privacy Policy which applies to you if you integrate third party health applications with Claude. - Interpretation (disclaimed): Incorporates by reference Regional Supplemental Disclosures for Canada, Brazil, and Republic of Korea, and the Consumer Health Data Privacy Policy for Washington-state users, making those external documents operative parts of the privacy framework for applicable individuals. - Tier: All - Location: Privacy Policy › “Privacy Policy \ Anthropic” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20If%20you%20are,health%20applications%20with%20Claude. ### audit rights dpa residency — risk unknown > You have the right to request the anonymisation, blocking or erasure of data that is unnecessary, excessive or processed in non-compliance with the provisions of the law. Portability of personal data to a third party. You have the right to request portability of your data to a third-party, as long as this does not infringe on our trade secrets. Information of public and private entities with which we shared data. You have the right to request information of public and private entities with which we have shared your data. Information about the possibility to refuse to provide consent and the respective consequences, when applicable. Withdrawal of your consent. You have the right to withdraw your consent. This procedure will be carried out free of charge. Request a review of decisions made solely based on automated processing of personal data. Please keep in mind that these rights are not absolute and may not apply in certain circumstances. For example, in certain cases we may continue to process and retain data regardless of your request for deletion, objection, blocking or anonymisation, in order to comply with legal, contractual and regulatory obligations, safeguard and exercise rights, including in judicial, administrative and arbitration proceedings and in other cases provided for by law. - Interpretation (disclaimed): Grants Brazilian residents the right to request anonymisation, blocking, or erasure of unnecessary or excessive data; portability to third parties subject to trade secret protection; and information about entities with whom their data has been shared, as well as information about consent refusal consequences. - Tier: All - Location: Privacy Policy › “Supplemental Disclosures for Residents of Brazil” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=You%20have%20the%20right,provided%20for%20by%20law. ### indemnity liability — risk high > You agree that (a) no adequate remedy exists at law if you breach Section 3 (Use of Our Services); (b) it would be difficult to determine the damages resulting from such breach, and any such breach would cause irreparable harm; and (c) a grant of injunctive relief provides the best remedy for any such breach. You waive any opposition to such injunctive relief, as well as any demand that we prove actual damage or post a bond or other security in connection with such injunctive relief. - Interpretation (disclaimed): This clause is a pre-agreed stipulation for injunctive relief. By accepting these Terms, users concede irreparable harm and waive procedural safeguards (proof of actual damage, bond requirement) that courts would otherwise impose before granting an injunction. This materially weakens user defenses in any enforcement action related to acceptable use. - Tier: All - Location: § 13 (In case of disputes) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=You%20agree%20that%20(a),with%20such%20injunctive%20relief. ### indemnity liability — risk unknown > Our team works hard to provide great services, and we’re continuously working on improvements. However, there are certain aspects we can’t guarantee. We are using ALL CAPS to explain this, to make sure that you see it. YOUR USE OF THE SERVICES, MATERIALS, AND ACTIONS IS SOLELY AT YOUR OWN RISK. THE SERVICES, OUTPUTS, AND ACTIONS ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS AND, TO THE FULLEST EXTENT PERMISSIBLE UNDER APPLICABLE LAW, ARE PROVIDED WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY. WE AND OUR PROVIDERS EXPRESSLY DISCLAIM ANY AND ALL WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, TITLE, MERCHANTABILITY, ACCURACY, AVAILABILITY, RELIABILITY, SECURITY, PRIVACY, COMPATIBILITY, NON-INFRINGEMENT, AND ANY WARRANTY IMPLIED BY COURSE OF DEALING, COURSE OF PERFORMANCE, OR TRADE USAGE. TO THE FULLEST EXTENT PERMISSIBLE UNDER APPLICABLE LAW, IN NO EVENT WILL WE, OUR PROVIDERS, OR OUR OR THEIR RESPECTIVE AFFILIATES, INVESTORS, DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, SUCCESSORS OR ASSIGNS (COLLECTIVELY, THE “ANTHROPIC PARTIES”), BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR OTHER DAMAGES ARISING OUT OF OR IN ANY WAY RELATED TO THE SERVICES, THE MATERIALS, THE ACTIONS, OR THESE TERMS, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHER THEORY, EVEN IF ANY ANTHROPIC PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF DAMAGES, AND EVEN IF THE DAMAGES ARE FORESEEABLE. - Interpretation (disclaimed): This segment disclaims all warranties—express, implied, and statutory—with respect to the Services, Outputs, and Actions, placing all risk of use on the user and explicitly disclaiming fitness for purpose warranties on behalf of Anthropic and its Providers. - Tier: All - Location: § 11 (Disclaimer of warranties, limitations of liability, and indemnity) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20Our%20team%20works,DAMAGES%20ARE%20FORESEEABLE.%20 ### indemnity liability — risk unknown > TO THE FULLEST EXTENT PERMISSIBLE UNDER APPLICABLE LAW, THE ANTHROPIC PARTIES’ TOTAL AGGREGATE LIABILITY TO YOU FOR ALL DAMAGES, LOSSES AND CAUSES OF ACTION ARISING OUT OF OR IN ANY WAY RELATED TO THE SERVICES, THE MATERIALS, THE ACTIONS, OR THESE TERMS, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, WILL NOT EXCEED THE GREATER OF THE AMOUNT YOU PAID TO US FOR ACCESS TO OR USE OF THE SERVICES (IF ANY) IN THE SIX MONTHS PRECEDING THE DATE SUCH DAMAGES, LOSSES, AND CAUSES OF ACTION FIRST AROSE, AND $100. THE FOREGOING LIMITATIONS ARE ESSENTIAL TO THESE TERMS, AND WE WOULD NOT OFFER THE SERVICES TO YOU UNDER THESE TERMS WITHOUT THESE LIMITATIONS. YOU AGREE TO INDEMNIFY AND HOLD HARMLESS THE ANTHROPIC PARTIES FROM AND AGAINST ANY AND ALL LIABILITIES, CLAIMS, DAMAGES, EXPENSES (INCLUDING REASONABLE ATTORNEYS’ FEES AND COSTS), AND OTHER LOSSES ARISING OUT OF OR RELATED TO YOUR BREACH OR ALLEGED BREACH OF THESE TERMS; YOUR ACCESS TO, USE OF, OR ALLEGED USE OF THE SERVICES, THE MATERIALS, OR THE ACTIONS; YOUR FEEDBACK; ANY PRODUCTS OR SERVICES THAT YOU DEVELOP, OFFER, OR OTHERWISE MAKE AVAILABLE USING OR OTHERWISE IN CONNECTION WITH THE SERVICES; YOUR VIOLATION OF APPLICABLE LAW OR ANY THIRD-PARTY RIGHT; AND ANY ACTUAL OR ALLEGED FRAUD, INTENTIONAL MISCONDUCT, GROSS NEGLIGENCE, OR CRIMINAL ACTS COMMITTED BY YOU OR YOUR EMPLOYEES OR AGENTS. WE RESERVE THE RIGHT TO ENGAGE SEPARATE COUNSEL AND PARTICIPATE IN OR ASSUME THE EXCLUSIVE DEFENSE AND CONTROL OF ANY MATTER OTHERWISE SUBJECT TO INDEMNIFICATION BY YOU HEREUNDER, IN WHICH CASE YOU AGREE TO COOPERATE WITH US AND SUCH SEPARATE COUNSEL AS WE REASONABLY REQUEST. - Interpretation (disclaimed): This segment caps Anthropic's aggregate liability to the greater of fees paid in the preceding six months or $100, covering all causes of action related to the Services, Materials, Actions, or Terms, constituting a material limitation of liability essential to the contract. - Tier: All - Location: § 11 (Disclaimer of warranties, limitations of liability, and indemnity) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20TO%20THE%20FULLEST,WE%20REASONABLY%20REQUEST.%20 ### indemnity liability — risk unknown > THE LAWS OF SOME JURISDICTIONS DO NOT ALLOW THE DISCLAIMER OF IMPLIED WARRANTIES OR CERTAIN TYPES OF DAMAGES, SO SOME OR ALL OF THE DISCLAIMERS AND LIMITATIONS OF LIABILITY IN THESE TERMS MAY NOT APPLY TO YOU. OUR PROVIDERS ARE INTENDED THIRD PARTY BENEFICIARIES OF THE WARRANTY DISCLAIMERS AND LIMITATIONS OF LIABILITY CONTAINED IN THIS SECTION 11. - Interpretation (disclaimed): This segment creates a jurisdictional exception to the warranty disclaimers and liability limitations where local law prohibits them, and designates Providers as intended third-party beneficiaries of the disclaimer and limitation provisions, qualifying the scope of Section 11's restrictions. - Tier: All - Location: § 11 (Disclaimer of warranties, limitations of liability, and indemnity) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20THE%20LAWS%20OF,IN%20THIS%20SECTION%2011. ### indemnity liability — risk unknown > Our Services may use or be used in connection with third-party content (" Third-Party Content "), services, or integrations. We do not control or accept responsibility for any loss or damage that may arise from your use of any Third-Party Content, services, and integrations, for which we make no representations or warranties. Your use of any Third-Party Content, services, and integrations is at your own risk and subject to any terms, conditions, or policies (including privacy policies) applicable to such third-party content, services, and integrations. - Interpretation (disclaimed): This segment disclaims Anthropic's responsibility for third-party content, services, and integrations, places risk of use on the user, and subjects third-party use to external terms and privacy policies, functioning as a liability disclaimer limiting Anthropic's exposure from third-party integrations. - Tier: All - Location: § 7 (Third-party services and links) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20Our%20Services%20may,content%2C%20services%2C%20and%20integrations. ### governing law disputes — risk medium > Our Terms will be governed by, and construed and interpreted in accordance with, the laws of the State of California without giving effect to conflict of law principles. You and Anthropic agree that any disputes arising out of or relating to these Terms will be resolved exclusively in the state or federal courts located in San Francisco, California, and you and Anthropic submit to the personal and exclusive jurisdiction of those courts. By accessing our Services, you waive any claims that may arise under the laws of other jurisdictions. - Interpretation (disclaimed): This clause mandates California law and exclusive venue in San Francisco for all disputes, with an express waiver of other jurisdictional claims. Non-US users or users in jurisdictions with mandatory consumer-protection laws may find this clause unenforceable or disadvantageous, as it forces them to litigate far from home and potentially forfeits local law protections. - Tier: All - Location: § 13 (In case of disputes) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=Our%20Terms%20will%20be,laws%20of%20other%20jurisdictions. ### governing law disputes — risk unknown > Equitable relief.  You agree that (a) no adequate remedy exists at law if you breach Section 3 (Use of Our Services); (b) it would be difficult to determine the damages resulting from such breach, and any such breach would cause irreparable harm; and (c) a grant of injunctive relief provides the best remedy for any such breach. You waive any opposition to such injunctive relief, as well as any demand that we prove actual damage or post a bond or other security in connection with such injunctive relief. Governing law and exclusive jurisdiction.  Our Terms will be governed by, and construed and interpreted in accordance with, the laws of the State of California without giving effect to conflict of law principles. You and Anthropic agree that any disputes arising out of or relating to these Terms will be resolved exclusively in the state or federal courts located in San Francisco, California, and you and Anthropic submit to the personal and exclusive jurisdiction of those courts. By accessing our Services, you waive any claims that may arise under the laws of other jurisdictions. - Interpretation (disclaimed): This segment establishes the platform's right to seek equitable/injunctive relief for breaches of the use-of-services section without needing to prove actual damages or post a bond, and includes a user waiver of opposition to such relief. It also begins establishing governing law and exclusive jurisdiction for disputes under the Terms. - Tier: All - Location: § 13 (In case of disputes) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20Equitable%20relief.%20You,laws%20of%20other%20jurisdictions. ### governing law disputes — risk unknown > When using our Services, you agree to comply with any applicable guidelines, rules, or supplemental terms that may be posted on the Services from time to time (“Supplemental Terms”). If these Terms conflict with Supplemental Terms, the Supplemental Terms will govern for the applicable Service. Entire agreement.  These Terms and any other terms expressly incorporated by reference form the entire agreement between you and us regarding the subject matter of our Terms. Termination.  You may stop accessing the Services at any time. We may suspend or terminate your access to the Services (including any Subscriptions) at any time without notice to you if we believe that you have breached these Terms, or if we must do so in order to comply with law. If we terminate your access to the Services due to a violation of these Terms and you have a Subscription, you will not be entitled to any refund. In addition, if you have a Subscription, we may terminate the Subscription at any time for any other reason. If we exercise this right and you purchased the subscription via our website, we will refund you, on a pro rata basis, the fees you paid for the remaining portion of your Subscription after termination. Any refunds for Subscriptions purchased via an App Distributor are subject to the App Distributor’s terms and not these terms. We may also terminate your Account if you have been inactive for over a year and you do not have a paid Account. - Interpretation (disclaimed): This segment incorporates Supplemental Terms by reference, establishes that Supplemental Terms govern in cases of conflict, and defines the entire agreement scope. It also grants the platform a right to suspend or terminate user access to Services, which constitutes a procedural and rights-bearing clause affecting the user's continued use. - Tier: All - Location: § 12 (General terms) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=When%20using%20our%20Services%2C,a%20paid%20Account.%20 ### moderation enforcement — risk high > We may comply with governmental, court, and law enforcement requests or requirements relating to provision or use of the Services, or to information provided to or collected under our Terms. We reserve the right, at our sole discretion, to report information from or about you, including but not limited to Inputs, Outputs, or Actions to law enforcement. - Interpretation (disclaimed): The clause goes beyond passive compliance with lawful process: Anthropic explicitly reserves the right to voluntarily and proactively disclose user content (Inputs, Outputs, Actions) to law enforcement at its sole discretion. This creates significant privacy and due-process risk for users, as there is no requirement of a court order or other legal compulsion before disclosure. - Tier: All - Location: § 12 (General terms) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=We%20may%20comply%20with,Actions%20to%20law%20enforcement. ### moderation enforcement — risk high > he creation of a new account, use of an existing account, or providing access to a person or entity that was previously banned Access or facilitate account or API access to Claude to persons, entities, or users in violation of our Supported Regions Policy - Interpretation (disclaimed): This clause imposes affirmative compliance obligations on operators to enforce Anthropic's ban list and supported regions policy. Failure to do so creates breach-of-contract exposure. The geographic access restriction may also implicate export control laws and OFAC sanctions compliance. - Tier: All - Location: Usage Policy › “Do Not Abuse our Platform” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=he%20creation%20of%20a,our%20Supported%20Regions%20Policy ### moderation enforcement — risk high > Do Not Generate Sexually Explicit Content This includes using our products or services to: Depict or request sexual intercourse or sex acts Generate content related to sexual fetishes or fantasies Facilitate, promote, or depict incest or bestiality Engage in erotic chats - Interpretation (disclaimed): This is a categorical, non-waivable content restriction. Any product design that could foreseeably lead to such outputs places the operator in breach. Operators should implement content filters and user-facing terms that explicitly prohibit this use to reduce downstream liability. - Tier: All - Location: Usage Policy › “Do Not Generate Sexually Explicit Content” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=Do%20Not%20Generate%20Sexually,Engage%20in%20erotic%20chats ### moderation enforcement — risk medium > Materials flagged for safety, security, or policy review - Interpretation (disclaimed): Flagged content is both a basis for enforcement action and a training data source, meaning moderation triggers permanent training use regardless of user opt-out preferences. - Tier: All - Location: Privacy Policy › “Materials flagged for safety, security, or policy review” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=Materials%20flagged%20for%20safety%2C%20security%2C%20or%20policy%20review ### moderation enforcement — risk medium > All consumer-facing chatbots, including any external-facing or interactive AI agent, must disclose to users that they are interacting with AI rather than a human. This disclosure must be provided at a minimum at the beginning of each chat session. - Interpretation (disclaimed): This is an absolute, non-negotiable disclosure obligation for any external-facing deployment. Non-compliance constitutes a breach of the usage policy and may also violate consumer protection laws prohibiting deceptive practices (e.g., FTC Act Section 5, EU consumer law). Operators must build this into their UX flows. - Tier: All - Location: Usage Policy › “Additional Use Case Guidelines” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=All%20consumer-facing%20chatbots%2C%20including,of%20each%20chat%20session. ### moderation enforcement — risk medium > Coordinate malicious activity across multiple accounts to avoid detection or circumvent product guardrails or generating identical or similar inputs that otherwise violate our Usage Policy Utilize automation in account creation or to engage in spammy behavior Circumvent a ban through the use of a different account, such as the creation of a new account, use of an existing account, or providing access to a person or entity that was previously banned Access or facilitate account or API access to Claude to persons, entities, or users in violation of our Supported Regions Policy - Interpretation (disclaimed): The clause extends enforcement reach beyond the banned account to any facilitating account, creating vicarious liability risk for organizations. The phrase 'providing access to a person or entity that was previously banned' is particularly broad and could inadvertently ensnare third parties. - Tier: All - Location: Usage Policy › “Do Not Abuse our Platform” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=Coordinate%20malicious%20activity%20across,our%20Supported%20Regions%20Policy ### moderation enforcement — risk medium > Agentic use cases must still comply with the Usage Policy. We provide examples of Usage Policy prohibitions in the context of agentic use in this Help Center article . - Interpretation (disclaimed): This clause closes a potential loophole where operators might argue that agentic use cases fall outside normal policy scope. By explicitly incorporating the full Usage Policy for agentic use, Anthropic retains enforcement authority over automated, multi-step AI workflows. Operators must review the referenced Help Center article to understand specific agentic prohibitions. - Tier: All - Location: Usage Policy › “Additional Use Case Guidelines” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=Agentic%20use%20cases%20must,Help%20Center%20article%20. ### moderation enforcement — risk medium > Intentionally bypass capabilities, restrictions, or guardrails established within our products for the purposes of instructing the model to produce harmful outputs (e.g., jailbreaking or prompt injection) without prior authorization from Anthropic - Interpretation (disclaimed): This clause exposes users to suspension/termination risk for prompt engineering that Anthropic unilaterally deems as 'bypassing guardrails.' The lack of a defined authorization process creates legal uncertainty for security researchers and developers conducting legitimate adversarial testing. - Tier: All - Location: Usage Policy › “Do Not Abuse our Platform” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=Intentionally%20bypass%20capabilities%2C%20restrictions%2C,prior%20authorization%20from%20Anthropic ### moderation enforcement — risk low > To prevent and investigate fraud, abuse, and violations of our  Usage Policy , unlawful or criminal activity, unauthorized access to or use of personal data or Anthropic systems and networks, to protect our rights and the rights of others, and to meet legal, governmental and institutional policy obligations; - Interpretation (disclaimed): Anthropic reserves the right to use personal data for enforcement and investigation purposes. This is a standard clause but signals that user data may be reviewed in connection with policy enforcement without specific notice. - Tier: All - Location: § 2 - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=To%20prevent%20and%20investigate,and%20institutional%20policy%20obligations%3B ### moderation enforcement — risk low > Model Context Protocol (MCP) servers listed in our Connector Directory must comply with our Directory Policy . - Interpretation (disclaimed): This clause incorporates by reference a separate Directory Policy for MCP server operators. Non-compliance could result in removal from the directory or broader policy enforcement actions. Operators should review the Directory Policy independently before listing. - Tier: API - Location: Usage Policy › “Additional Use Case Guidelines” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=Model%20Context%20Protocol%20(MCP),our%20Directory%20Policy%20. ### moderation enforcement — risk unknown > Our Usage Policy (also referred to as our “Acceptable Use Policy” or “AUP”) applies to anyone who can submit inputs to Anthropic’s products and/or services, including via any authorized resellers or passthrough access, all of whom we refer to as “users.” The Usage Policy is intended to help our users stay safe and promote the responsible use of our products and services. The Usage Policy is categorized according to who can use our products and for what purposes. We will update our policy as our technology and the associated risks evolve or as we learn about unanticipated risks. Universal Usage Standards: Our Universal Usage Standards apply to all users and use cases. High-Risk Use Case Requirements: Our High-Risk Use Case Requirements apply to specific consumer-facing use cases that pose an elevated risk of harm. Additional Use Case Guidelines: Our Additional Use Case Guidelines apply to certain other use cases, including consumer-facing chatbots, products serving minors, agentic use, and Model Context Protocol servers. Anthropic’s Safeguards Team will implement detection and monitoring to enforce our Usage Policy, so please review this policy carefully before using our products or services. If we learn that you have violated our Usage Policy, we may throttle, suspend, or terminate your access to our products and services. We may also block or modify model outputs when inputs violate our Usage Policy. If you believe that our model outputs are potentially inaccurate, biased or harmful, please notify us at usersafety@anthropic.com, or report it directly in our product through the “report issues” thumbs down button or similar feedback features (where available). - Interpretation (disclaimed): This segment defines the scope of the Usage Policy, identifies who qualifies as a 'user,' states the policy's purpose of promoting safe and responsible use, and signals that the policy will be updated as risks evolve — establishing the foundational definitional and scope provisions that govern enforcement of platform rules. - Tier: All - Location: Usage Policy › “Usage Policy \ Anthropic” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Our%20Usage%20Policy,features%20(where%20available).%20 ### moderation enforcement — risk unknown > You can read more about our Safeguards practices and recommendations in our Safeguards Support Center . This Usage Policy is calibrated to strike an optimal balance between enabling beneficial uses and mitigating potential harms. Anthropic may enter into contracts with certain governmental customers that tailor use restrictions to that customer’s public mission and legal authorities if, in Anthropic’s judgment, the contractual use restrictions and applicable safeguards are adequate to mitigate the potential harms addressed by this Usage Policy. - Interpretation (disclaimed): This segment carves out an exception to the standard Usage Policy by permitting Anthropic to enter tailored contracts with governmental customers that modify use restrictions, subject to Anthropic's judgment that safeguards are adequate — creating a conditional exception to universal enforcement standards. - Tier: All - Location: Usage Policy › “Usage Policy \ Anthropic” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=You%20can%20read%20more,this%20Usage%20Policy.%20 ### moderation enforcement — risk unknown > Infringe, misappropriate, or violate the intellectual property rights of a third party - Interpretation (disclaimed): This segment restricts users from infringing, misappropriating, or violating third-party intellectual property rights through use of the platform, imposing an IP-related compliance obligation on users. - Tier: All - Location: Usage Policy › “Engage in or facilitate human trafficking or prostitution” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Infringe%2C%20misappropriate%2C%20or,of%20a%20third%20party ### moderation enforcement — risk unknown > Synthesize, or otherwise develop, high-yield explosives or biological, chemical, radiological, or nuclear weapons or their precursors, including modifications to evade detection or medical countermeasures - Interpretation (disclaimed): This segment restricts users from synthesizing or developing high-yield explosives or biological, chemical, radiological, or nuclear weapons or their precursors, including modifications to evade detection or countermeasures. - Tier: All - Location: Usage Policy › “Circumvent regulatory controls to acquire weapons or their precursors” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Synthesize%2C%20or%20otherwise,detection%20or%20medical%20countermeasures ### moderation enforcement — risk unknown > This includes using our products or services to: Incite, facilitate, or promote violent extremism, terrorism, or hateful behavior Provide material support for organizations or individuals associated with violent extremism, terrorism, or hateful behavior Facilitate or promote any act of violence or intimidation targeting individuals, groups, animals, or property Promote discriminatory practices or behaviors against individuals or groups on the basis of one or more protected attributes such as race, ethnicity, religion, national origin, gender, sexual orientation, or any other identifying trait - Interpretation (disclaimed): This segment enumerates specific prohibited activities including facilitating violent extremism, terrorism, hateful behavior, material support for such organizations, acts of violence or intimidation, and discriminatory practices based on protected attributes. - Tier: All - Location: Usage Policy › “Do Not Incite Violence or Hateful Behavior” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,any%20other%20identifying%20trait ### moderation enforcement — risk unknown > Promote, trivialize, or depict graphic violence or gratuitous gore, including sexual violence Develop a new product or service, or support an existing product or service that employs or facilitates deceptive techniques with the intent of causing emotional harm - Interpretation (disclaimed): This segment restricts users from promoting or depicting graphic violence, gratuitous gore, or sexual violence, and from developing products or services that employ deceptive techniques intended to cause emotional harm. - Tier: All - Location: Usage Policy › “Generate content depicting animal cruelty or abuse” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Promote%2C%20trivialize%2C%20or,of%20causing%20emotional%20harm ### moderation enforcement — risk unknown > This includes using our products or services to: Create or disseminate deceptive or misleading information about, or with the intention of targeting, a group, entity or person Create or disseminate deceptive or misleading information about laws, regulations, procedures, practices, standards established by an institution, entity or governing body Create or disseminate conspiratorial narratives meant to target a specific group, individual or entity Impersonate real entities or create fake personas to falsely attribute content or mislead others about its origin without consent or legal right Provide false or misleading information related to medical, health or science issues - Interpretation (disclaimed): This segment enumerates specific misinformation-related prohibitions including creating deceptive information about groups or entities, misleading information about laws or institutions, conspiratorial narratives, impersonation of real entities, and fake personas for false attribution. - Tier: All - Location: Usage Policy › “Do Not Create or Spread Misinformation” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,health%20or%20science%20issues ### moderation enforcement — risk unknown > Do Not Undermine Democratic Processes or Engage in Targeted Campaign Activities This includes using our products or services to: Engage in personalized vote or campaign targeting based on individual profiles or data Create artificial or deceptive political movements in which the source, scale or nature of the campaign or activities is misrepresented Generate automated communications to public officials or voters at scale that conceal their artificial origin, or engage in systematic vote solicitation that could undermine election integrity Create political content designed to deceive or mislead voters, including synthetic media of political figures Generate or disseminate false or misleading information in political and electoral contexts, including about candidates, parties, policies, voting procedures, or election security Engage in political lobbying or grassroots advocacy using false or fabricated information, or create lobbying or advocacy materials containing demonstrably false claims about facts, data, or events Incite, glorify or facilitate the disruption of electoral or civic processes, including interference with voting systems, vote counting, or certification processes Create content designed to suppress voter turnout or discourage legitimate political participation through deception or intimidation - Interpretation (disclaimed): This segment establishes a categorical restriction prohibiting users from undermining democratic processes or engaging in targeted campaign activities, and enumerates specific prohibited activities including personalized vote targeting, artificial political movements, automated deceptive communications to officials or voters, and creation of politically deceptive content. - Tier: All - Location: Usage Policy › “Do Not Create or Spread Misinformation” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Do%20Not%20Undermine,through%20deception%20or%20intimidation ### moderation enforcement — risk unknown > This includes using our products or services to: Coordinate malicious activity across multiple accounts to avoid detection or circumvent product guardrails or generating identical or similar inputs that otherwise violate our Usage Policy Utilize automation in account creation or to engage in spammy behavior Circumvent a ban through the use of a different account, such as the creation of a new account, use of an existing account, or providing access to a person or entity that was previously banned Access or facilitate account or API access to Claude to persons, entities, or users in violation of our Supported Regions Policy Intentionally bypass capabilities, restrictions, or guardrails established within our products for the purposes of instructing the model to produce harmful outputs (e.g., jailbreaking or prompt injection) without prior authorization from Anthropic Utilization of inputs and outputs to train an AI model (e.g., “model scraping” or “model distillation”) without prior authorization from Anthropic - Interpretation (disclaimed): This clause restricts users from coordinating malicious multi-account activity, using automation to create accounts or spam, circumventing bans via new or alternate accounts, and facilitating API access to banned persons or entities — all of which are prohibited uses enforceable under the platform's moderation and enforcement framework. - Tier: All - Location: Usage Policy › “Do Not Abuse our Platform” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,prior%20authorization%20from%20Anthropic ### moderation enforcement — risk unknown > This includes using our products or services to: - Interpretation (disclaimed): This introductory clause signals that the following enumerated items constitute specific prohibited uses falling under the sexually explicit content restriction, serving as an incorporation clause for the subsequent list of prohibited behaviors. - Tier: All - Location: Usage Policy › “Do Not Generate Sexually Explicit Content” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,products%20or%20services%20to%3A ### moderation enforcement — risk unknown > Some use cases pose an elevated risk of harm because they influence domains that are vital to public welfare and social equity. For these use cases, given potential risks to individuals and consumers, we believe that relevant human expertise should be integrated and that end-users should be aware when AI has been involved in producing outputs. As such, for the “High-Risk Use Cases” described below, we require that you implement these additional safety measures: Human-in-the-loop: When using our products or services to provide advice, recommendations, or in subjective decision-making directly affecting individuals or consumers , a qualified professional in that field must review the content or decision prior to dissemination or finalization. You or your organization are responsible for the accuracy and appropriateness of that information. Disclosure: If model outputs are presented directly to individuals or consumers , you must disclose to them that you are using AI to help produce your advice, decisions, or recommendations. This disclosure must be provided at a minimum at the beginning of each session. “High-Risk Use Cases” include: Legal: Use cases related to legal interpretation, legal guidance, or decisions with legal implications Healthcare: Use cases related to healthcare decisions, medical diagnosis, patient care, therapy, mental health, or other medical guidance. Wellness advice (e.g., advice on sleep, stress, nutrition, exercise, etc.) does not fall under this category Insurance: Use cases related to health, life, property, disability, or other types of insurance underwriting, claims processing, or coverage decisions Finance: Use cases related to financial decisions, including investment advice, loan approvals, and determining financial eligibility or - Interpretation (disclaimed): This clause imposes affirmative obligations on operators deploying high-risk use cases, specifically requiring integration of human expertise ('human-in-the-loop') and disclosure to end-users of AI involvement, establishing mandatory safety measures for domains affecting public welfare and social equity. - Tier: All - Location: Usage Policy › “High-Risk Use Case Requirements” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Some%20use%20cases,determining%20financial%20eligibility%20or ### moderation enforcement — risk unknown > This includes using our products or services to: Facilitate the destruction or disruption of critical infrastructure such as power grids, water treatment facilities, medical devices, telecommunication networks, or air traffic control systems Obtain unauthorized access to critical systems such as voting machines, healthcare databases, and financial markets Interfere with the operation of military bases and related infrastructure - Interpretation (disclaimed): This segment enumerates specific prohibited activities under the critical infrastructure restriction, including facilitating destruction of power grids and water facilities, gaining unauthorized access to voting machines and healthcare databases, and interfering with military infrastructure operations. - Tier: All - Location: Usage Policy › “Do Not Compromise Critical Infrastructure” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,bases%20and%20related%20infrastructure ### moderation enforcement — risk unknown > This includes using our products or services to: Facilitate, promote, or glamorize any form of suicide or self-harm, including disordered eating and unhealthy or compulsive exercise Engage in behaviors that promote unhealthy or unattainable body image or beauty standards, such as using the model to critique anyone’s body shape or size Shame, humiliate, intimidate, bully, harass, or celebrate the suffering of individuals - Interpretation (disclaimed): This segment enumerates specific prohibited psychologically harmful activities, including facilitating suicide or self-harm, promoting unhealthy body image, and shaming, humiliating, bullying, or harassing individuals. - Tier: All - Location: Usage Policy › “Do Not Create Psychologically or Emotionally Harmful Content” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,the%20suffering%20of%20individuals ### moderation enforcement — risk unknown > It is in our legitimate interests and in the interest of Anthropic users to evaluate the use of the Services and adoption of new features to inform the development of future features and improve direction and development of the Services. Our research also benefits the AI industry and society: it investigates the safety, inner workings, and societal impact of AI models so that artificial intelligence has a positive impact on society as it becomes increasingly advanced and capable. To enforce our Terms of Service  and similar terms and agreements, including our Usage Policy . Identity and Contact Data - Interpretation (disclaimed): Grants Anthropic permission to process Identity, Contact, and related data to enforce its Terms of Service, Usage Policy, and similar agreements, relying on contract and legitimate interests as legal bases, and explains the rationale of maintaining platform safety and intended functionality. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,Identity%20and%20Contact%20Data ### moderation enforcement — risk unknown > In certain circumstances outside of the performance of our contract with you, we may rely on legitimate interests. It is in our legitimate interests to enforce the rules and policies governing use of our services, to maintain intended functionality and value for users. We aim to provide a safe, useful platform. - Interpretation (disclaimed): Clarifies that outside of contract performance Anthropic may rely on legitimate interests to enforce platform rules and policies, granting a permission to process data for enforcement purposes and articulating the rationale of maintaining a safe, functional platform. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20In%20certain%20circumstances,safe%2C%20useful%20platform.%20 ### moderation enforcement — risk unknown > You may access and use our Services only in compliance with our Terms, including our  Acceptable Use Policy , the policy governing the countries and regions Anthropic currently supports ("Supported Regions Policy"), and any guidelines or supplemental terms we may post on the Services (the “ Permitted Use ”). You are responsible for all activity under the account through which you access the Services. You may not access or use, or help another person to access or use, our Services in the following ways: In any manner that violates any applicable law or regulation—including, without limitation, any laws about exporting data or software to and from the United States or other countries. To develop any products or services that compete with our Services, including to develop or train any artificial intelligence or machine learning algorithms or models or resell the Services. To decompile, reverse engineer, disassemble, or otherwise reduce our Services to human-readable form, except when these restrictions are prohibited by applicable law. To crawl, scrape, or otherwise harvest data or information from our Services other than as permitted under these Terms. To use our Services, the Materials, or the Actions to obtain unauthorized access to any system or information, or to deceive any person. To infringe, misappropriate, or violate intellectual property or other legal rights (including the rights of publicity or privacy). - Interpretation (disclaimed): This segment restricts how users may access and use the Services, requiring compliance with the Acceptable Use Policy, Supported Regions Policy, and other guidelines, and holds users responsible for all account activity, imposing binding usage restrictions enforceable against the user. - Tier: All - Location: § 3 - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20You%20may%20access,publicity%20or%20privacy).%20 ### moderation enforcement — risk unknown > creditworthiness Employment and housing: Use cases related to decisions about the employability of individuals, resume screening, hiring tools, or other employment determinations or decisions regarding eligibility for housing, including leases and home loans Academic testing, accreditation and admissions: Use cases related to standardized testing companies that administer school admissions (including evaluating, scoring or ranking prospective students), language proficiency, or professional certification exams; agencies that evaluate and certify educational institutions Media or professional journalistic content: Use cases related to using our products or services to automatically generate content and publish it for external consumption - Interpretation (disclaimed): This segment defines specific categories of 'High-Risk Use Cases,' including creditworthiness, employment and housing decisions, academic testing and admissions, and media or professional contexts, thereby establishing the scope of applications subject to heightened compliance obligations. - Tier: All - Location: Usage Policy › “High-Risk Use Case Requirements” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20creditworthiness%20Employment%20and,it%20for%20external%20consumption ### moderation enforcement — risk unknown > This includes using our products or services to: Produce, modify, design, or illegally acquire weapons, explosives, dangerous materials or other systems designed to cause harm to or loss of human life Design or develop weaponization and delivery processes for the deployment of weapons - Interpretation (disclaimed): This segment enumerates specific prohibited activities under the weapons restriction, including producing, modifying, designing, or illegally acquiring weapons or dangerous materials, and designing weaponization and deployment processes. - Tier: All - Location: Usage Policy › “Do Not Develop or Design Weapons” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,the%20deployment%20of%20weapons ### moderation enforcement — risk unknown > This includes using our products or services to: Coordinate malicious activity across multiple accounts to avoid detection or circumvent product guardrails or generating identical or similar inputs that otherwise violate our Usage Policy Utilize automation in account creation or to engage in spammy behavior Circumvent a ban through the use of a different account, such as the creation of a new account, use of an existing account, or providing access to a person or entity that was previously banned Access or facilitate account or API access to Claude to persons, entities, or users in violation of our Supported Regions Policy Intentionally bypass capabilities, restrictions, or guardrails established within our products for the purposes of instructing the model to produce harmful outputs (e.g., jailbreaking or prompt injection) without prior authorization from Anthropic Utilization of inputs and outputs to train an AI model (e.g., “model scraping” or “model distillation”) without prior authorization from Anthropic - Interpretation (disclaimed): This clause restricts users from coordinating malicious multi-account activity, using automation for spammy behavior, circumventing bans via new or alternate accounts, and facilitating API access to banned persons or entities, thereby imposing enforceable prohibitions on platform misuse. - Tier: All - Location: Usage Policy › “Do Not Abuse our Platform” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,prior%20authorization%20from%20Anthropic ### moderation enforcement — risk unknown > This includes using our products or services to: Create or disseminate deceptive or misleading information about, or with the intention of targeting, a group, entity or person Create or disseminate deceptive or misleading information about laws, regulations, procedures, practices, standards established by an institution, entity or governing body Create or disseminate conspiratorial narratives meant to target a specific group, individual or entity Impersonate real entities or create fake personas to falsely attribute content or mislead others about its origin without consent or legal right Provide false or misleading information related to medical, health or science issues - Interpretation (disclaimed): This segment enumerates specific prohibited misinformation-related activities, including creating or disseminating deceptive information targeting groups or persons, spreading false information about laws and institutions, creating conspiratorial narratives, and impersonating real entities or creating fake personas to mislead about content origin. - Tier: All - Location: Usage Policy › “Do Not Create or Spread Misinformation” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,health%20or%20science%20issues ### moderation enforcement — risk unknown > This includes using our products or services to: Facilitate the destruction or disruption of critical infrastructure such as power grids, water treatment facilities, medical devices, telecommunication networks, or air traffic control systems Obtain unauthorized access to critical systems such as voting machines, healthcare databases, and financial markets Interfere with the operation of military bases and related infrastructure - Interpretation (disclaimed): This segment enumerates specific prohibited activities under the critical infrastructure restriction, including disruption of power grids, water facilities, medical devices, voting machines, financial markets, and military infrastructure. - Tier: All - Location: Usage Policy › “Do Not Compromise Critical Infrastructure” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,bases%20and%20related%20infrastructure ### moderation enforcement — risk unknown > This includes using our products or services to: Facilitate the production, acquisition, or distribution of counterfeit or illicitly acquired goods - Interpretation (disclaimed): This segment restricts users from facilitating the production, acquisition, or distribution of counterfeit or illicitly acquired goods, constituting a specific enumerated prohibition under the fraud/abuse restriction. - Tier: All - Location: Usage Policy › “Do Not Engage in Fraudulent, Abusive, or Predatory Practices” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,or%20illicitly%20acquired%20goods ### moderation enforcement — risk unknown > Our Usage Policy (also referred to as our “Acceptable Use Policy” or “AUP”) applies to anyone who can submit inputs to Anthropic’s products and/or services, including via any authorized resellers or passthrough access, all of whom we refer to as “users.” The Usage Policy is intended to help our users stay safe and promote the responsible use of our products and services. The Usage Policy is categorized according to who can use our products and for what purposes. We will update our policy as our technology and the associated risks evolve or as we learn about unanticipated risks. Universal Usage Standards: Our Universal Usage Standards apply to all users and use cases. High-Risk Use Case Requirements: Our High-Risk Use Case Requirements apply to specific consumer-facing use cases that pose an elevated risk of harm. Additional Use Case Guidelines: Our Additional Use Case Guidelines apply to certain other use cases, including consumer-facing chatbots, products serving minors, agentic use, and Model Context Protocol servers. Anthropic’s Safeguards Team will implement detection and monitoring to enforce our Usage Policy, so please review this policy carefully before using our products or services. If we learn that you have violated our Usage Policy, we may throttle, suspend, or terminate your access to our products and services. We may also block or modify model outputs when inputs violate our Usage Policy. If you believe that our model outputs are potentially inaccurate, biased or harmful, please notify us at usersafety@anthropic.com, or report it directly in our product through the “report issues” thumbs down button or similar feedback features (where available). - Interpretation (disclaimed): This segment defines who qualifies as a 'user' subject to the AUP (anyone submitting inputs, including via resellers or passthrough access), states the policy's purpose of promoting safety and responsible use, and signals that the policy will be updated as risks evolve, establishing the scope and applicability of enforcement obligations. - Tier: All - Location: Usage Policy › “Usage Policy \ Anthropic” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Our%20Usage%20Policy,features%20(where%20available).%20 ### moderation enforcement — risk unknown > Some use cases pose an elevated risk of harm because they influence domains that are vital to public welfare and social equity. For these use cases, given potential risks to individuals and consumers, we believe that relevant human expertise should be integrated and that end-users should be aware when AI has been involved in producing outputs. As such, for the “High-Risk Use Cases” described below, we require that you implement these additional safety measures: Human-in-the-loop: When using our products or services to provide advice, recommendations, or in subjective decision-making directly affecting individuals or consumers , a qualified professional in that field must review the content or decision prior to dissemination or finalization. You or your organization are responsible for the accuracy and appropriateness of that information. Disclosure: If model outputs are presented directly to individuals or consumers , you must disclose to them that you are using AI to help produce your advice, decisions, or recommendations. This disclosure must be provided at a minimum at the beginning of each session. “High-Risk Use Cases” include: Legal: Use cases related to legal interpretation, legal guidance, or decisions with legal implications Healthcare: Use cases related to healthcare decisions, medical diagnosis, patient care, therapy, mental health, or other medical guidance. Wellness advice (e.g., advice on sleep, stress, nutrition, exercise, etc.) does not fall under this category Insurance: Use cases related to health, life, property, disability, or other types of insurance underwriting, claims processing, or coverage decisions Finance: Use cases related to financial decisions, including investment advice, loan approvals, and determining financial eligibility or - Interpretation (disclaimed): This clause imposes affirmative obligations on operators using high-risk use cases to implement human-in-the-loop safeguards and to disclose AI involvement to end-users, requiring specific procedural and transparency measures to mitigate elevated harm risk. - Tier: All - Location: Usage Policy › “High-Risk Use Case Requirements” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Some%20use%20cases,determining%20financial%20eligibility%20or ### moderation enforcement — risk unknown > Generate content for fraudulent activities, schemes, scams, phishing, or malware that can result in direct financial or psychological harm Create falsified documents including fake IDs, licenses, currency, or other government documents Develop, promote, or otherwise facilitate the sale or distribution of fraudulent or deceptive products Generate deceptive or misleading digital content such as fake reviews, comments, or media Engage in or facilitate multi-level marketing, pyramid schemes, or other deceptive business models that use high-pressure sales tactics or exploit participants Promote or facilitate payday loans, title loans, or other high-interest, short-term lending practices that exploit vulnerable individuals Engage in deceptive or abusive practices that exploit individuals based on age, disability or a specific social or economic situation Promote or facilitate the use of abusive or harassing debt collection practices Develop a product or support an existing service that deploys subliminal, manipulative, or deceptive techniques to distort behavior by impairing decision-making Engage in actions or behaviors that circumvent the guardrails or terms of other platforms or services Plagiarize or submit AI-assisted work without proper permission or attribution - Interpretation (disclaimed): This segment enumerates additional fraudulent and predatory practice prohibitions including generating content for scams or phishing, creating falsified documents, developing fraudulent products, generating fake reviews, facilitating pyramid schemes, and other deceptive business practices. - Tier: All - Location: Usage Policy › “Promote or facilitate the generation or distribution of spam” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Generate%20content%20for,proper%20permission%20or%20attribution ### moderation enforcement — risk unknown > This includes using our products or services to: Create, distribute, or promote child sexual abuse material (“CSAM”), including AI-generated CSAM Facilitate the trafficking, sextortion, or any other form of exploitation of a minor Facilitate minor grooming, including generating content designed to impersonate a minor Facilitate child abuse of any form, including instructions for how to conceal abuse Promote or facilitate pedophilic relationships, including via roleplay with the model Fetishize or sexualize minors, including in fictional settings or via roleplay with the model Note: We define a minor or child to be any individual under the age of 18 years old, regardless of jurisdiction. When we detect CSAM (including AI-generated CSAM), or coercion or enticement of a minor to engage in sexual activities, we will report to relevant authorities. - Interpretation (disclaimed): This segment enumerates specific prohibited activities related to child safety, including creating or distributing CSAM (including AI-generated), facilitating child trafficking or exploitation, grooming, abuse, pedophilic relationships, and sexualizing minors, and begins a definition of minor-related terms. - Tier: All - Location: Usage Policy › “Do Not Compromise Children’s Safety” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,to%20relevant%20authorities.%20 ### moderation enforcement — risk unknown > This includes using our products or services to: Incite, facilitate, or promote violent extremism, terrorism, or hateful behavior Provide material support for organizations or individuals associated with violent extremism, terrorism, or hateful behavior Facilitate or promote any act of violence or intimidation targeting individuals, groups, animals, or property Promote discriminatory practices or behaviors against individuals or groups on the basis of one or more protected attributes such as race, ethnicity, religion, national origin, gender, sexual orientation, or any other identifying trait - Interpretation (disclaimed): This segment enumerates specific prohibited activities under the violence/hate restriction, including inciting violent extremism or terrorism, providing material support for extremist groups, facilitating violence or intimidation, and promoting discriminatory practices against protected groups. - Tier: All - Location: Usage Policy › “Do Not Incite Violence or Hateful Behavior” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,any%20other%20identifying%20trait ### moderation enforcement — risk unknown > This includes using our products or services to: Discover or exploit vulnerabilities in systems, networks, or applications without authorization of the system owner Gain unauthorized access to systems, networks, applications, or devices through technical attacks or social engineering Create or distribute malware, ransomware, or other types of malicious code - Interpretation (disclaimed): This segment specifies prohibited activities under the computer/network systems restriction, including unauthorized vulnerability exploitation, unauthorized access, and creation or distribution of malware or ransomware. - Tier: All - Location: Usage Policy › “Do Not Compromise Computer or Network Systems” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,types%20of%20malicious%20code ### moderation enforcement — risk unknown > Do Not Undermine Democratic Processes or Engage in Targeted Campaign Activities This includes using our products or services to: Engage in personalized vote or campaign targeting based on individual profiles or data Create artificial or deceptive political movements in which the source, scale or nature of the campaign or activities is misrepresented Generate automated communications to public officials or voters at scale that conceal their artificial origin, or engage in systematic vote solicitation that could undermine election integrity Create political content designed to deceive or mislead voters, including synthetic media of political figures Generate or disseminate false or misleading information in political and electoral contexts, including about candidates, parties, policies, voting procedures, or election security Engage in political lobbying or grassroots advocacy using false or fabricated information, or create lobbying or advocacy materials containing demonstrably false claims about facts, data, or events Incite, glorify or facilitate the disruption of electoral or civic processes, including interference with voting systems, vote counting, or certification processes Create content designed to suppress voter turnout or discourage legitimate political participation through deception or intimidation - Interpretation (disclaimed): This segment establishes a categorical prohibition against using Anthropic's products or services to undermine democratic processes or engage in targeted campaign activities, and enumerates specific prohibited activities including personalized vote targeting, artificial political movements, automated communications concealing artificial origin, and political content designed to deceive voters. - Tier: All - Location: Usage Policy › “Do Not Create or Spread Misinformation” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Do%20Not%20Undermine,through%20deception%20or%20intimidation ### moderation enforcement — risk unknown > This includes using our products or services to: Create, distribute, or promote child sexual abuse material (“CSAM”), including AI-generated CSAM Facilitate the trafficking, sextortion, or any other form of exploitation of a minor Facilitate minor grooming, including generating content designed to impersonate a minor Facilitate child abuse of any form, including instructions for how to conceal abuse Promote or facilitate pedophilic relationships, including via roleplay with the model Fetishize or sexualize minors, including in fictional settings or via roleplay with the model Note: We define a minor or child to be any individual under the age of 18 years old, regardless of jurisdiction. When we detect CSAM (including AI-generated CSAM), or coercion or enticement of a minor to engage in sexual activities, we will report to relevant authorities. - Interpretation (disclaimed): This segment enumerates specific prohibitions protecting children, including creating CSAM, facilitating trafficking or exploitation of minors, grooming, child abuse facilitation, pedophilic relationships, and sexualization of minors including in fictional contexts. - Tier: All - Location: Usage Policy › “Do Not Compromise Children’s Safety” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,to%20relevant%20authorities.%20 ### moderation enforcement — risk unknown > Synthesize, or otherwise develop, high-yield explosives or biological, chemical, radiological, or nuclear weapons or their precursors, including modifications to evade detection or medical countermeasures - Interpretation (disclaimed): This segment restricts users from synthesizing or developing high-yield explosives or CBRN weapons or their precursors, including modifications to evade detection or medical countermeasures, constituting a specific enumerated prohibition under the weapons restriction. - Tier: All - Location: Usage Policy › “Circumvent regulatory controls to acquire weapons or their precursors” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Synthesize%2C%20or%20otherwise,detection%20or%20medical%20countermeasures ### moderation enforcement — risk unknown > This includes using our products or services to: - Interpretation (disclaimed): This segment introduces and incorporates the list of specific prohibited activities that fall under the preceding restriction heading, serving as a cross-reference connector for the enumerated prohibitions. - Tier: All - Location: Usage Policy › “Do Not Violate Applicable Laws or Engage in Illegal Activity” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,products%20or%20services%20to%3A ### moderation enforcement — risk unknown > Infringe, misappropriate, or violate the intellectual property rights of a third party - Interpretation (disclaimed): This segment restricts users from using Anthropic's products or services to infringe, misappropriate, or violate third-party intellectual property rights, imposing a specific IP-related usage prohibition. - Tier: All - Location: Usage Policy › “Engage in or facilitate human trafficking or prostitution” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Infringe%2C%20misappropriate%2C%20or,of%20a%20third%20party ### moderation enforcement — risk unknown > Do Not Use for Criminal Justice, Censorship, Surveillance, or Prohibited Law Enforcement Purposes This includes using our products or services to: Make determinations on criminal justice applications, including making decisions about or determining eligibility for parole or sentencing Target or track a person’s physical location, emotional state, or communication without their consent, including using our products for facial recognition, battlefield management applications or predictive policing Utilize models to assign scores or ratings to individuals based on an assessment of their trustworthiness or social behavior without notification or their consent Build or support emotional recognition systems or techniques that are used to infer emotions of a natural person, except for medical or safety reasons Analyze or identify specific content to censor on behalf of a government organization Utilize models as part of any biometric categorization system for categorizing people based on their biometric data to infer their race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation Utilize models as part of any law enforcement application that violates or impairs the liberty, civil liberties, or human rights of natural persons - Interpretation (disclaimed): This segment prohibits use of the platform for certain criminal justice applications, surveillance, censorship, or prohibited law enforcement purposes, including parole/sentencing determinations, unauthorized tracking of individuals, and social scoring systems. - Tier: All - Location: Usage Policy › “Do Not Create or Spread Misinformation” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Do%20Not%20Use,rights%20of%20natural%20persons ### moderation enforcement — risk unknown > This includes using our products or services to: Discover or exploit vulnerabilities in systems, networks, or applications without authorization of the system owner Gain unauthorized access to systems, networks, applications, or devices through technical attacks or social engineering Create or distribute malware, ransomware, or other types of malicious code - Interpretation (disclaimed): This segment enumerates specific prohibited activities under the computer/network systems restriction, including unauthorized vulnerability exploitation, unauthorized system access via technical or social engineering attacks, and creating or distributing malware or ransomware. - Tier: All - Location: Usage Policy › “Do Not Compromise Computer or Network Systems” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,types%20of%20malicious%20code ### moderation enforcement — risk unknown > Create tools designed to intercept communications or monitor devices without authorization of the system owner Develop persistent access tools designed to operate below normal system security levels, including firmware modifications or hardware implants Create automated tools designed to compromise multiple systems at scale for malicious purposes Bypass security controls such as authenticated systems, endpoint protection, or monitoring tools - Interpretation (disclaimed): This segment enumerates additional prohibited cybersecurity activities including unauthorized communication interception tools, persistent access tools, firmware or hardware implants, large-scale automated compromise tools, and security control bypass, all restricted on the platform. - Tier: All - Location: Usage Policy › “Develop tools for denial-of-service attacks or managing botnets” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Create%20tools%20designed,protection%2C%20or%20monitoring%20tools ### moderation enforcement — risk unknown > This includes using our products or services to: Facilitate the production, acquisition, or distribution of counterfeit or illicitly acquired goods - Interpretation (disclaimed): This segment restricts users from facilitating production, acquisition, or distribution of counterfeit or illicitly acquired goods via the platform. - Tier: All - Location: Usage Policy › “Do Not Engage in Fraudulent, Abusive, or Predatory Practices” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,or%20illicitly%20acquired%20goods ### moderation enforcement — risk unknown > Promote, trivialize, or depict graphic violence or gratuitous gore, including sexual violence Develop a new product or service, or support an existing product or service that employs or facilitates deceptive techniques with the intent of causing emotional harm - Interpretation (disclaimed): This segment restricts users from promoting or depicting graphic violence or gratuitous gore (including sexual violence) and from developing products or services that employ deceptive techniques intended to cause emotional harm, constituting specific enumerated prohibitions under the harmful content restriction. - Tier: All - Location: Usage Policy › “Generate content depicting animal cruelty or abuse” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Promote%2C%20trivialize%2C%20or,of%20causing%20emotional%20harm ### moderation enforcement — risk unknown > creditworthiness Employment and housing: Use cases related to decisions about the employability of individuals, resume screening, hiring tools, or other employment determinations or decisions regarding eligibility for housing, including leases and home loans Academic testing, accreditation and admissions: Use cases related to standardized testing companies that administer school admissions (including evaluating, scoring or ranking prospective students), language proficiency, or professional certification exams; agencies that evaluate and certify educational institutions Media or professional journalistic content: Use cases related to using our products or services to automatically generate content and publish it for external consumption - Interpretation (disclaimed): This segment defines specific categories of 'High-Risk Use Cases'—including creditworthiness, employment, housing, academic testing, and media/professional contexts—establishing the scope of use cases subject to the elevated safety requirements described in the preceding clause. - Tier: All - Location: Usage Policy › “High-Risk Use Case Requirements” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20creditworthiness%20Employment%20and,it%20for%20external%20consumption ### moderation enforcement — risk unknown > Do Not Use for Criminal Justice, Censorship, Surveillance, or Prohibited Law Enforcement Purposes This includes using our products or services to: Make determinations on criminal justice applications, including making decisions about or determining eligibility for parole or sentencing Target or track a person’s physical location, emotional state, or communication without their consent, including using our products for facial recognition, battlefield management applications or predictive policing Utilize models to assign scores or ratings to individuals based on an assessment of their trustworthiness or social behavior without notification or their consent Build or support emotional recognition systems or techniques that are used to infer emotions of a natural person, except for medical or safety reasons Analyze or identify specific content to censor on behalf of a government organization Utilize models as part of any biometric categorization system for categorizing people based on their biometric data to infer their race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation Utilize models as part of any law enforcement application that violates or impairs the liberty, civil liberties, or human rights of natural persons - Interpretation (disclaimed): This segment establishes a categorical prohibition against using Anthropic's products or services for criminal justice determinations, censorship, surveillance, or prohibited law enforcement purposes, and enumerates specific prohibited activities including parole/sentencing decisions, unauthorized location or emotion tracking, facial recognition, battlefield management, predictive policing, and social scoring of individuals. - Tier: All - Location: Usage Policy › “Do Not Create or Spread Misinformation” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Do%20Not%20Use,rights%20of%20natural%20persons ### moderation enforcement — risk unknown > This includes using our products or services to: Facilitate, promote, or glamorize any form of suicide or self-harm, including disordered eating and unhealthy or compulsive exercise Engage in behaviors that promote unhealthy or unattainable body image or beauty standards, such as using the model to critique anyone’s body shape or size Shame, humiliate, intimidate, bully, harass, or celebrate the suffering of individuals - Interpretation (disclaimed): This segment enumerates specific prohibited activities including facilitating suicide or self-harm, promoting unhealthy body image standards, and shaming, bullying, or harassing individuals. - Tier: All - Location: Usage Policy › “Do Not Create Psychologically or Emotionally Harmful Content” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,the%20suffering%20of%20individuals ### moderation enforcement — risk unknown > This includes using our products or services to: Produce, modify, design, or illegally acquire weapons, explosives, dangerous materials or other systems designed to cause harm to or loss of human life Design or develop weaponization and delivery processes for the deployment of weapons - Interpretation (disclaimed): This segment specifies that users are prohibited from producing, modifying, designing, or illegally acquiring weapons, explosives, or dangerous materials, or designing weaponization and delivery processes, through use of the platform. - Tier: All - Location: Usage Policy › “Do Not Develop or Design Weapons” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,the%20deployment%20of%20weapons ### moderation enforcement — risk unknown > This includes using our products or services to: - Interpretation (disclaimed): This introductory clause signals that the following enumerated items define specific prohibited activities under the sexually explicit content restriction, giving legal operative context to the list that follows. - Tier: All - Location: Usage Policy › “Do Not Generate Sexually Explicit Content” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,products%20or%20services%20to%3A ### moderation enforcement — risk unknown > This includes using our products or services to: - Interpretation (disclaimed): This segment is an introductory clause that incorporates the specific prohibited activities listed in subsequent segments under the 'Do Not Violate Applicable Laws' restriction, establishing that the following enumerated items are all covered by that prohibition. - Tier: All - Location: Usage Policy › “Do Not Violate Applicable Laws or Engage in Illegal Activity” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20This%20includes%20using,products%20or%20services%20to%3A ### moderation enforcement — risk unknown > You can read more about our Safeguards practices and recommendations in our Safeguards Support Center . This Usage Policy is calibrated to strike an optimal balance between enabling beneficial uses and mitigating potential harms. Anthropic may enter into contracts with certain governmental customers that tailor use restrictions to that customer’s public mission and legal authorities if, in Anthropic’s judgment, the contractual use restrictions and applicable safeguards are adequate to mitigate the potential harms addressed by this Usage Policy. - Interpretation (disclaimed): This segment creates an exception to the standard AUP restrictions, permitting Anthropic to enter contracts with governmental customers that tailor (i.e., modify or relax) use restrictions, conditioned on Anthropic's judgment that safeguards are adequate, thereby carving out a class of users from universal enforcement standards. - Tier: All - Location: Usage Policy › “Usage Policy \ Anthropic” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=You%20can%20read%20more,this%20Usage%20Policy.%20 ### moderation enforcement — risk unknown > Create tools designed to intercept communications or monitor devices without authorization of the system owner Develop persistent access tools designed to operate below normal system security levels, including firmware modifications or hardware implants Create automated tools designed to compromise multiple systems at scale for malicious purposes Bypass security controls such as authenticated systems, endpoint protection, or monitoring tools - Interpretation (disclaimed): This segment enumerates additional specific prohibited activities under the computer/network systems restriction, including unauthorized interception tools, persistent below-OS-level access tools, automated mass-compromise tools, and bypassing security controls. - Tier: All - Location: Usage Policy › “Develop tools for denial-of-service attacks or managing botnets” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Create%20tools%20designed,protection%2C%20or%20monitoring%20tools ### moderation enforcement — risk unknown > Generate content for fraudulent activities, schemes, scams, phishing, or malware that can result in direct financial or psychological harm Create falsified documents including fake IDs, licenses, currency, or other government documents Develop, promote, or otherwise facilitate the sale or distribution of fraudulent or deceptive products Generate deceptive or misleading digital content such as fake reviews, comments, or media Engage in or facilitate multi-level marketing, pyramid schemes, or other deceptive business models that use high-pressure sales tactics or exploit participants Promote or facilitate payday loans, title loans, or other high-interest, short-term lending practices that exploit vulnerable individuals Engage in deceptive or abusive practices that exploit individuals based on age, disability or a specific social or economic situation Promote or facilitate the use of abusive or harassing debt collection practices Develop a product or support an existing service that deploys subliminal, manipulative, or deceptive techniques to distort behavior by impairing decision-making Engage in actions or behaviors that circumvent the guardrails or terms of other platforms or services Plagiarize or submit AI-assisted work without proper permission or attribution - Interpretation (disclaimed): This segment enumerates additional specific prohibited fraudulent activities, including generating content for scams, phishing, or malware causing financial or psychological harm, creating falsified documents, developing deceptive products, generating fake reviews or media, and facilitating pyramid schemes or multi-level marketing with deceptive practices. - Tier: All - Location: Usage Policy › “Promote or facilitate the generation or distribution of spam” - Source: https://www.anthropic.com/legal/aup - Snapshot SHA-256: `14803ef6189dc1d0cd965845b0b6af7e3d3b54622129352f2d302d91dd7d29f0` - Wayback: — - Deep link: https://www.anthropic.com/legal/aup#:~:text=%20Generate%20content%20for,proper%20permission%20or%20attribution ### moderation enforcement — risk unknown > Except when you are accessing our Services via an Anthropic API Key or where we otherwise explicitly permit it, to access the Services through automated or non-human means, whether through a bot, script, or otherwise. To engage in any other conduct that restricts or inhibits any person from using or enjoying our Services, or that we reasonably believe exposes us—or any of our users, affiliates, or any other third party—to any liability, damages, or detriment of any type, including reputational harms. To rely upon the Services, the Materials, or the Actions to buy or sell securities or to provide or receive advice about securities, commodities, derivatives, or other financial products or services, as Anthropic is not a broker-dealer or a registered investment adviser under the securities laws of the United States or any other jurisdiction. - Interpretation (disclaimed): This segment restricts automated access to the Services except via API key, prohibits conduct that restricts other users' enjoyment or exposes Anthropic to liability, and prohibits using Services for securities trading decisions, constituting specific enforceable use restrictions. - Tier: All - Location: § 3 - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20Except%20when%20you,or%20any%20other%20jurisdiction. ### moderation enforcement — risk unknown > You also must not abuse, harm, interfere with, or disrupt our Services, including, for example, introducing viruses or malware, spamming or DDoSing Services, or bypassing any of our systems or protective measures. - Interpretation (disclaimed): This segment prohibits users from abusing, harming, interfering with, or disrupting the Services including introducing malware, spamming, DDoSing, or bypassing security measures, constituting an enforceable behavioral restriction. - Tier: All - Location: § 3 - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20You%20also%20must,systems%20or%20protective%20measures. ### moderation enforcement — risk unknown > Department of Commerce Denied Persons List or Entity List, or (iv) any other restricted party lists. You represent and warrant that you and anyone accessing or using the Services on your behalf, or using your Account credentials, are not such persons or entities and are not located in any such country. Legal Compliance.  We may comply with governmental, court, and law enforcement requests or requirements relating to provision or use of the Services, or to information provided to or collected under our Terms. We reserve the right, at our sole discretion, to report information from or about you, including but not limited to Inputs, Outputs, or Actions to law enforcement. U.S. Government Use.  The Services were developed solely at private expense and are commercial computer software and commercial computer software documentation within the meaning of the applicable Federal Acquisition Regulations and their agency supplements. Accordingly, U.S. Government users of the Services will have only those rights that are granted to all other end users of the Services pursuant to these Terms. - Interpretation (disclaimed): This segment imposes a representation and warranty obligation on the user confirming they are not on restricted party lists, and grants the platform permission to comply with governmental and law enforcement requests and to report user information at its sole discretion, constituting an enforcement and disclosure obligation and permission. - Tier: All - Location: § 12 (General terms) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=Department%20of%20Commerce%20Denied,pursuant%20to%20these%20Terms. ### moderation enforcement — risk unknown > Third-Party Content is the responsibility of the person or entity that provides it to our Services. Anthropic is under no obligation to host or serve Third-Party Content. Third-Party Content may appear in Inputs or Outputs and become part of Materials. If you see any Third-Party Content you believe does not comply with these Terms, including by violating the Acceptable Use Policy or the law, you can report it to us. If we become aware that any Third-Party Content (1) infringes another’s copyright or any other intellectual property or related or neighboring right, (2) is in breach of these Terms or our Acceptable Use Policy, or (3) may cause harm to Anthropic, our users, or third parties, we reserve the right to remove or take down some or all of such Third-Party Content using, where appropriate, algorithmic and human review. You can learn more about our monitoring and enforcement, including how to appeal an account suspension or termination, in our T&S Support Center . - Interpretation (disclaimed): This segment establishes that third-party content responsibility lies with its provider, disclaims Anthropic's obligation to host such content, and creates a procedure for users to report non-compliant third-party content, including copyright-infringing or terms-violating material, enabling Anthropic to take enforcement action. - Tier: All - Location: § 8 (Content Moderation) - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20Third-Party%20Content%20is,T%26S%20Support%20Center%20. ### moderation enforcement — risk unknown > It is in our legitimate interests and in the interest of Anthropic users to evaluate the use of the Services and adoption of new features to inform the development of future features and improve direction and development of the Services. Our research also benefits the AI industry and society: it investigates the safety, inner workings, and societal impact of AI models so that artificial intelligence has a positive impact on society as it becomes increasingly advanced and capable. To enforce our Terms of Service  and similar terms and agreements, including our Usage Policy . Identity and Contact Data - Interpretation (disclaimed): Articulates the legitimate interest rationale for research and model training purposes, then establishes a separate processing purpose to enforce Terms of Service and Usage Policy, permitting Anthropic to process Identity, Contact, and other data for policy enforcement against users. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,Identity%20and%20Contact%20Data ### moderation enforcement — risk unknown > To prevent and investigate fraud, abuse, and violations of our Usage Policy , unlawful or criminal activity, unauthorized access to or use of personal data or Anthropic systems and networks, to protect our rights and the rights of others, and to meet legal, governmental and institutional policy obligations Identity and Contact Data - Interpretation (disclaimed): This segment specifies the purpose of processing Identity and Contact Data to prevent and investigate fraud, abuse, and Usage Policy violations, protect Anthropic's rights, and meet legal obligations, establishing both legitimate interests and legal obligation as the bases for this enforcement-related processing activity. - Tier: All - Location: Privacy Policy › “Contract” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20To%20prevent%20and,Identity%20and%20Contact%20Data ### moderation enforcement — risk unknown > It is in our legitimate interests to protect our business, employees and users from illegal activities, inappropriate behavior or violations of terms that would be detrimental. We also have a duty to cooperate with authorities. - Interpretation (disclaimed): This segment articulates the legitimate interest and legal obligation rationale for processing personal data to protect the business, employees, and users from illegal activities and policy violations, justifying the dual legal bases for enforcement-related processing. - Tier: All - Location: Privacy Policy › “Legal obligation” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,cooperate%20with%20authorities.%20 ### moderation enforcement — risk unknown > It is in our legitimate interests to protect our business, employees and users from illegal activities, inappropriate behavior or violations of terms that would be detrimental. We also have a duty to cooperate with authorities. - Interpretation (disclaimed): This segment articulates the legitimate interests rationale for fraud prevention and enforcement processing, stating that it is in Anthropic's legitimate interests to protect its business, employees, and users from illegal activities, and that Anthropic has a duty to cooperate with authorities, thereby justifying the identified processing activities. - Tier: All - Location: Privacy Policy › “Legal obligation” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20It%20is%20in,cooperate%20with%20authorities.%20 ### moderation enforcement — risk unknown > In certain circumstances outside of the performance of our contract with you, we may rely on legitimate interests. It is in our legitimate interests to enforce the rules and policies governing use of our services, to maintain intended functionality and value for users. We aim to provide a safe, useful platform. - Interpretation (disclaimed): Explains that Anthropic may rely on legitimate interests for enforcement activities outside contractual performance, granting permission to use personal data to enforce platform rules and maintain service integrity. - Tier: All - Location: Privacy Policy › “Legitimate interests” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20In%20certain%20circumstances,safe%2C%20useful%20platform.%20 ### moderation enforcement — risk unknown > To prevent and investigate fraud, abuse, and violations of our Usage Policy , unlawful or criminal activity, unauthorized access to or use of personal data or Anthropic systems and networks, to protect our rights and the rights of others, and to meet legal, governmental and institutional policy obligations Identity and Contact Data - Interpretation (disclaimed): This segment identifies fraud prevention, abuse investigation, Usage Policy enforcement, and legal compliance as purposes for processing personal data, specifying Identity and Contact Data as a processed category and establishing the obligation to process such data for security and compliance purposes. - Tier: All - Location: Privacy Policy › “Contract” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=%20To%20prevent%20and,Identity%20and%20Contact%20Data ### tier differences — risk medium > This Privacy Policy explains how we collect, use, disclose, and process your personal data when you use our website and other places where Anthropic acts as a  data controller —for example, when you interact with Claude.ai or other products as a consumer for personal use (" Services ") or when Anthropic operates and provides our commercial customers and their end users with access to our commercial products, such as the Claude Team plan (“ Commercial Services ”). This Privacy Policy does not apply where Anthropic acts as a  data processor  and processes personal data on behalf of commercial customers using Anthropic’s Commercial Services – for example, your employer has provisioned you a Claude for Work account, or you're using an app that is powered on the back-end with Claude. In those cases, the commercial customer is the controller, and you can review their policies for more information about how they handle your personal data. - Interpretation (disclaimed): The policy distinguishes between Anthropic as controller (consumer/Claude.ai users) and Anthropic as processor (enterprise/employer-provisioned users). Enterprise end-users must look to their employer's privacy policy, not Anthropic's, for data rights—creating a potential gap in protections. - Tier: Enterprise - Location: Privacy Policy › “Privacy Policy \ Anthropic” - Source: https://www.anthropic.com/legal/privacy - Snapshot SHA-256: `68d25fe251e6a971fed543610f088cdce07e69d251a0d0a04b16eb114bfeeaf4` - Wayback: — - Deep link: https://www.anthropic.com/legal/privacy#:~:text=This%20Privacy%20Policy%20explains,handle%20your%20personal%20data. ### tier differences — risk unknown > Except as expressly provided in these Terms or where required by law, all payments are non-refundable. Please check your order carefully before confirming it, and see below for additional information about recurring charges for our subscriptions. Additional fees.  We may increase fees for our Services. If we charge additional fees in connection with our Services, we will give you an opportunity to review and accept the additional fees before you are charged. Also, additional fees may apply for additional Services or features of the Services that we may make available. If you do not accept any such additional fees, we may discontinue your access to the Services or features. You agree that we will not be held liable for any errors caused by third-party payment processors used to process fees paid by you to us. Subscriptions.  To access Claude Pro and other subscription services we may make available to individuals, you must sign up for a subscription with us (a “ Subscription ”), first by creating an Account, and then following the subscription procedure on our Services. When you sign up for a Subscription, you agree to these Terms. Subscription content, features, and services.  The content, features, and other services provided as part of your Subscription, and the duration of your Subscription, will be described in the order process. We may change the content, features, and other services from time to time, and we do not guarantee that any particular piece of content, feature, or other service will always be available through the Services. - Interpretation (disclaimed): This segment restricts refund rights by declaring payments non-refundable except as required by law or expressly provided, and establishes Anthropic's right to increase fees with prior notice and user opportunity to review, governing financial terms of paid tiers. - Tier: All - Location: § 6 - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=Except%20as%20expressly%20provided,through%20the%20Services.%20 ### tier differences — risk unknown > Subscription term and automatic renewal.  If you sign up for a paid Subscription, we or the App Distributor will automatically charge your Payment Method on each agreed-upon periodic renewal date until you cancel. If your Subscription has a minimum term (the “ Initial Term ”), we will let you know during the order process. Your Subscription will last for the Initial Term and will automatically renew, and your Payment Method will be charged, at the end of the Initial Term for an additional term equal in duration to the Initial Term and will continue to renew and incur charges for additional terms equal in duration to the Initial Term (each such additional term, a “ Renewal Term ”) until you cancel. Subscription cancellation.  If you subscribed via our website, you may cancel your Subscription for any reason by using a method we may provide to you through our products—for example, for Claude Pro, in your customer portal—or by notifying us at support@anthropic.com . If you subscribed via an app, you’ll need to cancel via the App Distributor according to the App Distributor’s terms. Learn more here . To avoid renewal and charges for the next Renewal Term, cancel your subscription at least 24 hours before the last day of the Initial Term or any Renewal Term. For example, if you subscribe on January 25th for a Subscription with a one-month Initial Term, you must cancel the Subscription per the instructions by February 23rd (24 hours before February 24th) to avoid renewal and charges for the next Renewal Term. - Interpretation (disclaimed): This segment establishes automatic renewal obligations for paid subscriptions, requiring periodic charges to the Payment Method until cancellation, and defines Initial Term and Renewal Term duration, creating binding financial obligations for subscription tiers. - Tier: All - Location: § 6 - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20Subscription%20term%20and,next%20Renewal%20Term.%20 ### tier differences — risk unknown > In the event of a cancellation, your fees will not be refunded, but your access to the Services will continue through the end of the Initial Term or any Renewal Term for which you previously paid fees. Additional cancellation rights. If you are a resident of Brazil, Mexico, South Korea, or Taiwan, you have a legal right to change your mind and cancel the Subscription within 7 days of entering into the Subscription without giving a reason. To exercise the right to cancel in the 7-day cancellation period, you must inform us of your decision to cancel the Subscription by making a clear statement to us of such decision before the cancellation period has expired. The easiest way to do this is by cancelling your subscription in the customer portal, or you may contact us at support@anthropic.com. You may also use the model cancellation form in Appendix 1 of these Terms, but it is not obligatory. For further details on how to cancel, please see support.anthropic.com. We will acknowledge your cancellation, e.g., through our online customer portal or console. If you cancel the Subscription under Section 6(4)(a), we will reimburse you all payments received from you for the cancelled Subscription. We will make the reimbursement without undue delay, and not later than 14 days after the day on which we are informed about your decision to cancel the Subscription. We will make the reimbursement using the same means of payment as you used for the initial transaction; you will not incur any fees as a result of the reimbursement. - Interpretation (disclaimed): This segment grants users in Brazil, Mexico, South Korea, and Taiwan a legal right to cancel subscriptions within 7 days without reason, and establishes that upon cancellation access continues through the paid period without refund, creating jurisdiction-specific tier rights and cancellation procedures. - Tier: All - Location: § 6 - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=In%20the%20event%20of,of%20the%20reimbursement.%20 ### tier differences — risk unknown > Evaluation and Additional Services. In some cases, we may permit you to evaluate our Services for a limited time or with limited functionality. Use of our Services for evaluation purposes are for your personal, non-commercial use only. You may need to accept additional terms to use certain Services. These additional terms will supplement our Terms for those Services and may change your rights or obligations for those Services, including your obligations to pay fees. - Interpretation (disclaimed): This segment restricts evaluation-period use to personal, non-commercial purposes only, and notes that additional terms may supplement or modify user rights and obligations for certain services including fee obligations, thereby defining limitations specific to evaluation tiers. - Tier: All - Location: § 2 - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20Evaluation%20and%20Additional,obligations%20to%20pay%20fees. ### tier differences — risk unknown > Subscription fees.  You will pay the fees, either to us or to the App Distributor, for the Initial Term and each subsequent Renewal Term up front, at the start of that Initial Term or Renewal Term, as applicable. We have the right to make changes to the fees applicable to your Subscription from time to time, although we will not make any change to the fees applicable to your Subscription during the current Initial Term or Renewal Term, as applicable. If these changes result in an increase in the fees payable by you, we will inform you at least 30 days in advance of the change. You agree to the increase in fees payable by you unless you cancel the Subscription, as described in the paragraph (Subscription cancellation) immediately above, before the Renewal Term to which the increase in fees will apply. - Interpretation (disclaimed): This segment imposes obligations on users to pay subscription fees upfront for each term, grants Anthropic the right to change subscription fees with 30 days' notice, and deems continued use after notice as acceptance of new fees, creating binding financial obligations for subscription tiers. - Tier: All - Location: § 6 - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20Subscription%20fees.%20You,in%20fees%20will%20apply. ### tier differences — risk unknown > If you would like to use the Services during the 7-day cancellation period, you may do so. If you have used the Services during the 7-day cancellation period, and wish to cancel the Subscription, you can still do so by following the process in Section (4)(a) above, but we may retain an amount which is in proportion to what has been provided until you have communicated us your withdrawal from these Terms, in comparison with the full coverage of the Subscription. The 7-day cancellation period will not reset if you change subscription tiers or cancel and then resubscribe, as you have already had an opportunity to test the Services. - Interpretation (disclaimed): This segment establishes the procedure for exercising the 7-day cancellation right during the cancellation period, including proportional retention of fees for Services used, and clarifies that the cancellation period does not reset upon tier changes or resubscription. - Tier: All - Location: § 6 - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20If%20you%20would,to%20test%20the%20Services. ### tier differences — risk unknown > Please note: Our Commercial Terms of Service  govern your use of any Anthropic API key, the Anthropic Console , or any other Anthropic offerings that reference the Commercial Terms of Service. For clarity, this does not include Claude.ai or Claude Pro use for individuals or entities. - Interpretation (disclaimed): This segment defines the boundary between consumer and commercial use terms, clarifying that the Commercial Terms of Service govern API key and Console use while excluding Claude.ai and Claude Pro individual use, thereby defining distinct service tiers with different governing documents. - Tier: All - Location: Terms of Service › “Consumer Terms of Service \ Anthropic” - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20Please%20note%3A%20Our,individuals%20or%20entities.%20 ### tier differences — risk unknown > Fees and billing.  You may be required to pay us fees to access or use our Services or certain features of our Services. You are responsible for paying any applicable fees listed for the Services on the Model Pricing Page unless otherwise communicated to you by Anthropic in writing. If you purchase access to our Services or features of our Services, you must provide complete and accurate billing information (“ Payment Method ”). You agree that we may charge the Payment Method for any applicable fees listed on our Services and any applicable tax. If the fees for these Services or features are specified to be recurring or based on usage, you agree that we may charge these fees and applicable taxes to the Payment Method on a periodic basis. If you purchase access to our Services through a distributor (e.g. an app store) ( “App Distributor” ), then you will make payment to the App Distributor, and the App Distributor’s terms in relation to payment methods, billing, and refunds will apply instead of these Terms. - Interpretation (disclaimed): This segment imposes obligations on users to pay applicable fees, provide accurate billing information, and authorizes Anthropic to charge the Payment Method for fees and taxes, establishing the financial obligations tied to paid service tiers. - Tier: All - Location: § 6 - Source: https://www.anthropic.com/legal/consumer-terms - Snapshot SHA-256: `302af768945b9867a7fa2a9480b1fdc80d85c227ffaf671e19ee2025428d0705` - Wayback: — - Deep link: https://www.anthropic.com/legal/consumer-terms#:~:text=%20Fees%20and%20billing.,instead%20of%20these%20Terms. --- # GRC Risk Assessment — ChatGPT - Platform: **ChatGPT** (openai-chatgpt) - Headline risk rating: **HIGH** - Website: https://chat.openai.com - Generated: 2026-06-14T10:36:28.721Z - Findings (verified, published): **139** > Every assertion is anchored to a verbatim quote with a SHA-256 snapshot hash and a Wayback archive URL for independent verification. Informational only; not legal advice. ## Control crosswalk (NIST AI RMF 1.0 + ISO/IEC 42001) | Surface | Risk | Confidence | NIST AI RMF | ISO/IEC 42001 | |---|---|---|---|---| | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) | | commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | commercial use | unknown | medium | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | | tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) | ## Evidence (verbatim, with provenance) ### training use — risk unknown > For information about how we collect and use training information to develop our language models that power ChatGPT and other Services, and your choices with respect to that information, please see this policy as well as this help center article ⁠ (opens in a new window) . - Interpretation (disclaimed): This segment directs users to the policy and a help center article for information about how training data is collected and used for language model development, incorporating those references as part of the governing framework for training data rights and choices. - Tier: All - Location: Privacy Policy › “US privacy policy” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20For%20information%20about,new%20window)%20.%20 ### training use — risk unknown > We also collect information from other sources, like information that is publicly available on the internet, to develop the models that power our Services. For more information on the sources of information used to develop the models that power ChatGPT and other Services, please see this help center article ⁠ (opens in a new window) . - Interpretation (disclaimed): This segment discloses that OpenAI collects publicly available internet data to develop the models powering its Services, establishing the scope of data collection for AI training purposes and incorporating a help center article for further detail. - Tier: All - Location: § 1 (Personal Data we collect) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20We%20also%20collect,new%20window)%20.%20 ### training use — risk unknown > As noted above, we may use Content you provide us to improve our Services, for example to train the models that power ChatGPT. Read our instructions ⁠ (opens in a new window) on how you can opt out of our use of your Content to train our models. - Interpretation (disclaimed): This segment states that OpenAI may use user-provided content to train its models and directs users to instructions for opting out, establishing a conditional permission for training use of content subject to user opt-out rights. - Tier: All - Location: § 2 (How we use Personal Data) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20As%20noted%20above%2C,train%20our%20models.%20 ### training use — risk unknown > You can easily choose whether your Content can be used to improve and train our models ⁠ (opens in a new window) . You can decide whether we will remember details between chats to make Content more personalized and relevant. You can export your ChatGPT history and data in your account’s data controls. You can delete or archive chats in ChatGPT, or delete your account entirely. If you enable Temporary Chat ⁠ (opens in a new window) in ChatGPT, those conversations with ChatGPT will not appear in your history or be used to improve OpenAI’s models. Depending on applicable law, you may be able to choose which cookies are used when you use our Services, and you can make choices about the use of your information for purposes of promoting our products and services to you on third-party properties (l earn more ⁠ (opens in a new window) ). For Free and Go users, you can use the advertising controls in your account settings to control what data we use to personalize the ads we show you on our Services. If you use the Atlas browser, you can delete your browsing history or choose to browse the web in incognito mode, which helps keep your browsing private from other people who use your device. You can unsubscribe from marketing communications you receive from us by using the choices provided in those communications. - Interpretation (disclaimed): Grants users the right to control whether their Content is used to train and improve OpenAI's models, and describes opt-out mechanisms including Temporary Chat which prevents content from being used for model improvement. - Tier: All - Location: § 5 (Data controls) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20You%20can%20easily,in%20those%20communications.%20 ### training use — risk unknown > For information on how to exercise your rights with respect to data we have collected from the internet to train our models, please see this help center article ⁠ (opens in a new window) . - Interpretation (disclaimed): Incorporates by reference a help center article explaining how users can exercise rights with respect to Personal Data collected from the internet for model training purposes. - Tier: All - Location: Privacy Policy › “Rectify or update your Personal Data” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20For%20information%20on,new%20window)%20.%20 ### training use — risk unknown > How your data is used to improve model performance ⁠ (opens in a new window) - Interpretation (disclaimed): Incorporates by reference an external resource specifically addressing how user data is used to improve model performance, a material training-use disclosure relevant to AI platform data practices. - Tier: All - Location: § 13 (Useful resources) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20How%20your%20data,a%20new%20window)%20 ### training use — risk unknown > Our use of content. We may use Content to provide, maintain, develop, and improve our Services, comply with applicable law, enforce our terms and policies, and keep our Services safe. If you're using ChatGPT through Apple's integrations, see this Help Center article⁠ ⁠ (opens in a new window) for how we handle your Content. - Interpretation (disclaimed): This segment grants OpenAI permission to use Content for providing, maintaining, developing, and improving Services (including model training), as well as for legal compliance, policy enforcement, and safety purposes, and incorporates a Help Center article for Apple integration by reference. - Tier: All - Location: Terms of Service › “Content” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Our%20use%20of,handle%20your%20Content.%20 ### training use — risk unknown > Opt out. If you do not want us to use your Content to train our models, you can opt out by following the instructions in this article ⁠ . Please note that in some cases this may limit the ability of our Services to better address your specific use case. - Interpretation (disclaimed): This segment provides users with the right to opt out of having their Content used for model training by following specified instructions, and notes that opting out may limit service personalization, establishing both a user right and a procedural mechanism for exercising it. - Tier: All - Location: Terms of Service › “Content” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Opt%20out.%20If,specific%20use%20case.%20 ### prompt ownership — risk unknown > Feedback. We appreciate your feedback, and you agree that we may use it without restriction or compensation to you. - Interpretation (disclaimed): This segment grants OpenAI a perpetual, unrestricted, royalty-free right to use user feedback without restriction or compensation, effectively waiving any ownership or compensation rights the user might otherwise have in submitted feedback. - Tier: All - Location: Terms of Service › “Using our Services” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Feedback.%20We%20appreciate,compensation%20to%20you.%20 ### prompt ownership — risk unknown > Your content. You may provide input to the Services (“Input”), and receive output from the Services based on the Input (“Output”). Input and Output are collectively “Content.” You are responsible for Content, including ensuring that it does not violate any applicable law or these Terms. You represent and warrant that you have all rights, licenses, and permissions needed to provide Input to our Services. - Interpretation (disclaimed): This segment defines 'Input,' 'Output,' and 'Content,' assigns responsibility to users for Content compliance with law and Terms, and requires users to warrant they hold all rights needed to provide Input, establishing the foundational ownership and liability framework for user-submitted material. - Tier: All - Location: Terms of Service › “Content” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Your%20content.%20You,to%20our%20Services.%20 ### prompt ownership — risk unknown > We and our affiliates own all rights, title, and interest in and to the Services. You may only use our name and logo in accordance with our Brand Guidelines⁠ ⁠ . - Interpretation (disclaimed): This segment asserts that OpenAI and its affiliates own all rights, title, and interest in the Services, and restricts users to using OpenAI's name and logo only in accordance with Brand Guidelines, protecting OpenAI's IP and limiting permissible use of its marks. - Tier: All - Location: Terms of Service › “Our IP rights” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20We%20and%20our,Guidelines%E2%81%A0%20%E2%81%A0%20.%20 ### output ownership — risk unknown > A note about accuracy: Services like ChatGPT generate responses by reading a user’s request and, in response, predicting the words most likely to appear next. In some cases, the words most likely to appear next may not be the most factually accurate. For this reason, you should not rely on the factual accuracy of output from our models. If you notice that ChatGPT output contains factually inaccurate information about you and you would like to request a correction or removal of the information, you can submit these requests through privacy.openai.com ⁠ (opens in a new window) or to dsar@openai.com ⁠ , and we will consider your request based on applicable law and the technical capabilities of our models. - Interpretation (disclaimed): Disclaims reliance on the factual accuracy of AI-generated output by explaining that ChatGPT predicts likely words rather than guaranteed facts, and provides a procedure for requesting correction or removal of inaccurate personal information in outputs. - Tier: All - Location: Privacy Policy › “Rectify or update your Personal Data” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20A%20note%20about,of%20our%20models.%20 ### output ownership — risk unknown > Ownership of content. As between you and OpenAI, and to the extent permitted by applicable law, you (a) retain your ownership rights in Input and (b) own the Output. We hereby assign to you all our right, title, and interest, if any, in and to Output. - Interpretation (disclaimed): This segment establishes that as between the user and OpenAI, the user retains ownership of Input and owns Output, and OpenAI assigns all its right, title, and interest in Output to the user to the extent permitted by applicable law, creating a formal IP assignment of output rights. - Tier: All - Location: Terms of Service › “Content” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Ownership%20of%20content.,and%20to%20Output.%20 ### output ownership — risk unknown > Similarity of content. Due to the nature of our Services and artificial intelligence generally, output may not be unique and other users may receive similar output from our Services. Our assignment above does not extend to other users’ output or any Third Party Output. - Interpretation (disclaimed): This segment limits the scope of the IP assignment in segment 26 by clarifying that it does not extend to other users' similar output or Third Party Output, restricting the breadth of the ownership right granted to any individual user. - Tier: All - Location: Terms of Service › “Content” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Similarity%20of%20content.,Third%20Party%20Output.%20 ### output ownership — risk unknown > YOU ACCEPT AND AGREE THAT ANY USE OF OUTPUTS FROM OUR SERVICE IS AT YOUR SOLE RISK AND YOU WILL NOT RELY ON OUTPUT AS A SOLE SOURCE OF TRUTH OR FACTUAL INFORMATION, OR AS A SUBSTITUTE FOR PROFESSIONAL ADVICE. - Interpretation (disclaimed): Disclaims reliance on service outputs as authoritative or as a substitute for professional advice, placing sole risk of output use on the user and restricting OpenAI's liability for output-related harm. - Tier: All - Location: Terms of Service › “Disclaimer of warranties” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20YOU%20ACCEPT%20AND,FOR%20PROFESSIONAL%20ADVICE.%20 ### commercial use — risk unknown > What you can do. Subject to your compliance with these Terms, you may access and use our Services. In using our Services, you must comply with all applicable laws as well as our Sharing & Publication Policy⁠ ⁠ , Usage Policies⁠ ⁠ , and any other documentation, guidelines, or policies we make available to you. - Interpretation (disclaimed): This segment grants a conditional permission to access and use the Services subject to compliance with these Terms and incorporates Usage Policies, the Sharing & Publication Policy, and other guidelines by reference, creating the scope of permitted use. - Tier: All - Location: Terms of Service › “Using our Services” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20What%20you%20can,available%20to%20you.%20 ### commercial use — risk unknown > Software. Our Services may allow you to download software, such as mobile applications, which may update automatically to ensure you’re using the latest version. Our software may include open source software that is governed by its own licenses that we’ve made available to you. - Interpretation (disclaimed): This segment defines the nature of downloadable software (including auto-updating mobile applications and open source components governed by their own licenses), establishing the legal framework applicable to software elements of the Services. - Tier: All - Location: Terms of Service › “Using our Services” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Software.%20Our%20Services,available%20to%20you.%20 ### privacy data use — risk unknown > Account Information: When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, date of birth, payment information, and transaction history, (collectively, “Account Information”). Some of our Services may also allow you to upload a profile picture, a username, or other information as part of your Account Information. User Content: We collect Personal Data that you provide in the input to our Services (“Content”), including your prompts and other content you upload, such as files ⁠ (opens in a new window) , images ⁠ (opens in a new window) , audio and video ⁠ (opens in a new window) , Sora characters ⁠ (opens in a new window) , and data from connected services ⁠ (opens in a new window) , depending on the features you use. Some of our Services allow you to interact with other users, such as post, comment, or send messages, and we treat those interactions as Content, too. Communication Information : If you communicate with us, such as via email or our pages on social media sites, we may collect Personal Data like your name, contact information, and the contents of the messages you send (“Communication Information”). Contact Data: If you choose to connect your device contacts, we upload information from your device address books and check which of your contacts also use our Services. If any of your contacts aren’t yet using our Services, we’ll update you if they sign up for our Services later. - Interpretation (disclaimed): This segment obligates OpenAI to collect specific categories of personal data including account information, credentials, payment data, transaction history, and user content (prompts and uploaded files), defining the scope of OpenAI's data collection practices. - Tier: All - Location: § 1 (Personal Data we collect) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Account%20Information%3A%20When,our%20Services%20later.%20 ### privacy data use — risk unknown > Access your Personal Data and information relating to how it is processed. - Interpretation (disclaimed): Grants users the right to access their Personal Data and information about how it is processed, which is a core data subject right under various privacy frameworks. - Tier: All - Location: § 6 (Your rights) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Access%20your%20Personal,it%20is%20processed.%20 ### privacy data use — risk unknown > Respect privacy . People are entitled to privacy. So, we don’t allow attempts to compromise the privacy of others, including to aggregate, monitor, profile, or distribute individuals’ private or sensitive information without their authorization. And, you may never use our services for: facial recognition databases without data subject consent real-time remote biometric identification in public spaces use of someone’s likeness, including their photorealistic image or voice, without their consent in ways that could confuse authenticity evaluation or classification of individuals based on their social behavior, personal traits, or biometric data (including social scoring, profiling, or inferring sensitive attributes) inference regarding an individual’s emotions in the workplace and educational settings, except when necessary for medical or safety reasons assessment or prediction of the risk of an individual committing a criminal offense based solely on their personal traits or on profiling - Interpretation (disclaimed): This segment prohibits uses of OpenAI services that compromise others' privacy, including aggregating, monitoring, profiling, or distributing private information without authorization, and specifically bans facial recognition databases without consent, real-time biometric identification in public spaces, and non-consensual use of individuals' likenesses — imposing enforceable privacy-based use restrictions. - Tier: All - Location: Usage Policy › “Usage policies” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20Respect%20privacy%20.,or%20on%20profiling%20 ### privacy data use — risk unknown > Websites and apps use cookies and other identifiers to store and retrieve information on your device. Some of this information may be shared with third parties for different purposes. Use the tool below to manage your preferences. You can change them anytime. Learn more - Interpretation (disclaimed): This segment describes how websites and apps use cookies and identifiers to store and retrieve information on devices, notes that information may be shared with third parties, and directs users to the preference management tool — establishing a procedural framework for data use and third-party sharing relevant to privacy and subprocessor disclosure. - Tier: All - Location: Usage Policy › “Cookie Preferences” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20Websites%20and%20apps,anytime.%20Learn%20more%20 ### privacy data use — risk unknown > These cookies are required for the site to work and can’t be turned off. They support essential functions like security, user authentication, and customer support. - Interpretation (disclaimed): This segment defines 'strictly necessary' cookies as required for site functionality including security, authentication, and customer support, and states they cannot be turned off — defining a category of data processing that is non-optional for users. - Tier: All - Location: Usage Policy › “Strictly necessary” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20These%20cookies%20are,and%20customer%20support.%20 ### privacy data use — risk unknown > These cookies help us understand how visitors interact with our site. They allow us to measure traffic and improve site performance. - Interpretation (disclaimed): This segment defines analytics cookies as those measuring visitor interactions, traffic, and site performance, establishing the scope of data collected under this category and the purpose for which it is processed. - Tier: All - Location: Usage Policy › “Analytics Cookies” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20These%20cookies%20help,improve%20site%20performance.%20 ### privacy data use — risk unknown > These cookies help us measure the effectiveness of our marketing campaigns. - Interpretation (disclaimed): This segment defines marketing measurement cookies as those measuring the effectiveness of marketing campaigns, establishing the purpose and scope of data collected under this category. - Tier: All - Location: Usage Policy › “Marketing measurement” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20These%20cookies%20help,our%20marketing%20campaigns.%20 ### privacy data use — risk unknown > This helps us personalize and measure OpenAI’s own marketing on third-party platforms. - Interpretation (disclaimed): This segment defines personalized marketing tracking as data used to personalize and measure OpenAI's own marketing on third-party platforms, establishing the purpose of data processing and its disclosure to third-party platforms. - Tier: All - Location: Usage Policy › “Personalized marketing” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20This%20helps%20us,on%20third-party%20platforms.%20 ### privacy data use — risk unknown > At OpenAI, our mission is to ensure that artificial general intelligence benefits everyone. We build tools like ChatGPT and Sora to help people learn, create, and solve problems. We at OpenAI (together with our affiliates, “OpenAI”, “we”, “our” or “us”) are committed to respecting your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to personal data that we collect from or about you, and how we use it when you use our website, applications, and services (collectively, “Services”). - Interpretation (disclaimed): This segment introduces OpenAI's identity, mission, affiliated entities, and the defined scope of 'Services' and 'Personal Data,' establishing the definitional framework that governs all subsequent obligations and rights in the policy. - Tier: All - Location: Privacy Policy › “US privacy policy” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20At%20OpenAI%2C%20our,services%20(collectively%2C%20%E2%80%9CServices%E2%80%9D).%20 ### privacy data use — risk unknown > This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings, such as our API. Our use of that data is governed by our customer agreements covering access to and use of those offerings. - Interpretation (disclaimed): This segment carves out business API customers' data from the scope of this Privacy Policy, stating that such processing is governed by separate customer agreements, thereby creating a legal exception to the policy's applicability. - Tier: All - Location: Privacy Policy › “US privacy policy” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20This%20Privacy%20Policy,of%20those%20offerings.%20 ### privacy data use — risk unknown > We collect personal data relating to you (“Personal Data”) as follows: - Interpretation (disclaimed): This segment introduces the defined term 'Personal Data' and signals that the following sub-sections enumerate the categories collected, establishing a definitional framework for the data collection obligations described below. - Tier: All - Location: § 1 (Personal Data we collect) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20We%20collect%20personal,Data%E2%80%9D)%20as%20follows%3A%20 ### privacy data use — risk unknown > Personal Data You Provide: We collect Personal Data if you create an account to use our Services or communicate with us as follows: - Interpretation (disclaimed): This segment defines the category of 'Personal Data You Provide' and introduces the sub-categories collected when users create accounts or communicate with OpenAI, establishing the scope of user-provided data collection. - Tier: All - Location: § 1 (Personal Data we collect) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Personal%20Data%20You,us%20as%20follows%3A%20 ### privacy data use — risk unknown > Learn more ⁠ (opens in a new window) about connecting your contacts and how we use uploaded contact information ⁠ (opens in a new window) of people who don’t use our Services. Other Information You Provide : We collect other information that you provide to us, such as when you participate in our events or surveys, or when you provide us or a vendor operating on our behalf with information to establish your identity or age (collectively, “Other Information You Provide”). - Interpretation (disclaimed): This segment describes OpenAI's collection of contact information uploaded by users (including data about non-users) and other information provided through events, surveys, or identity verification, establishing obligations regarding the scope of data collected from and about individuals. - Tier: All - Location: § 1 (Personal Data we collect) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=Learn%20more%20%E2%81%A0%20(opens,Information%20You%20Provide%E2%80%9D).%20 ### privacy data use — risk unknown > Personal Data We Receive from Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions: - Interpretation (disclaimed): This segment introduces the category 'Personal Data We Receive from Your Use of the Services,' defining the scope of automatically collected data and setting the definitional framework for the sub-categories described below. - Tier: All - Location: § 1 (Personal Data we collect) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Personal%20Data%20We,use%2C%20or%20interactions%3A%20 ### privacy data use — risk unknown > Log Data : We collect information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services. Usage Data : We collect information about your use and activity across the Services, such as the types of content that you view or engage with, the features you use and the actions you take, when you submit feedback to a model response, the people with whom you interact, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection. If you use the Atlas browser we may also collect your browser data according to your controls ⁠ (opens in a new window) and use of the service. Device Information : We collect information about the device you use to access the Services, such as the name of the device, operating system, device identifiers, and browser you are using. Information collected depends on the type of device you use and its settings. Location Information: We determine the general area from which your device accesses our Services based on information like its IP address for security reasons and to make your product experience better, for example to protect your account by detecting unusual login activity or to provide more accurate responses. In addition, some of our Services allow you to choose to provide more precise location information from your device, such as location information from your device’s GPS. - Interpretation (disclaimed): This segment describes OpenAI's automatic collection of log data (IP address, browser type, request timestamps) and usage data (content interactions, feature use, feedback submissions, time zone, access times), establishing the scope of passive data collection obligations. - Tier: All - Location: § 1 (Personal Data we collect) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Log%20Data%20%3A,your%20device%E2%80%99s%20GPS.%20 ### privacy data use — risk unknown > Cookies and Similar Technologies : We use cookies and similar technologies to operate and administer our Services, and improve your experience. We store some of the information described in this Policy with cookies, for example to help maintain your preferences across sessions if you’re not logged in, or to assist with authentication and customer support. For details about our use of cookies, please read our Cookie Notice ⁠ . - Interpretation (disclaimed): This segment describes OpenAI's use of cookies and similar technologies to operate services, maintain preferences, and support authentication, and incorporates the Cookie Notice by reference as governing the detailed use of such technologies. - Tier: All - Location: § 1 (Personal Data we collect) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Cookies%20and%20Similar,Notice%20%E2%81%A0%20.%20 ### privacy data use — risk unknown > You can find more information on data controls here ⁠ (opens in a new window) and by visiting privacy.openai.com ⁠ (opens in a new window) . - Interpretation (disclaimed): Incorporates by reference additional data control information at an external URL and privacy.openai.com, directing users to supplementary policy documentation governing their personal data rights. - Tier: All - Location: § 5 (Data controls) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20You%20can%20find,new%20window)%20.%20 ### privacy data use — risk unknown > We may receive information from advertisers and other data partners, which we use for purposes including to help us measure and improve the effectiveness of ads shown to Free and Go users on our Services. For example, we could receive information about purchases you make from these advertisers. - Interpretation (disclaimed): This segment discloses that OpenAI receives data from advertisers and data partners for ad measurement and improvement purposes for Free and Go users, establishing the scope of commercial data partnerships and their use for targeted advertising. - Tier: All - Location: § 1 (Personal Data we collect) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20We%20may%20receive,from%20these%20advertisers.%20 ### privacy data use — risk unknown > We use Personal Data for the following purposes: - Interpretation (disclaimed): This segment introduces the enumerated purposes for which personal data is used, framing the subsequent list as the exhaustive or representative set of use purposes under the policy. - Tier: All - Location: § 2 (How we use Personal Data) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20We%20use%20Personal,the%20following%20purposes%3A%20 ### privacy data use — risk unknown > To provide, analyse, and maintain our Services, for example to respond to your questions for ChatGPT; To improve and develop our Services and conduct research, for example to develop new features; To personalize and customize your experience across our Services, for example to provide you with more relevant Content; For Free and Go users, to personalize the ads you see on our Services (subject to your settings), and to measure the effectiveness of ads shown on our Services. Learn more ⁠ (opens in a new window) about ads on our services; To communicate with you, including to respond to your questions, and send you information about our Services and events, for example about changes or improvements to the Services; To promote our products and services to you through direct marketing and on third-party properties, and to assess the effectiveness of those efforts, subject to your choices and controls ( learn more ⁠ (opens in a new window) ); Identify your contacts who use our Services when you choose to connect your contacts and update you if they join our Services later; To prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services, including by monitoring any Content submitted or exchanged on our platforms (learn more here ⁠ ); and To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, OpenAI, or third parties, for instance to prevent harm to you or others, or to estimate your age to give you an age-appropriate experience. - Interpretation (disclaimed): This segment enumerates the purposes for which OpenAI is permitted to use personal data, including service provision, research, personalization, advertising for Free/Go users, and communications, establishing the legal basis and scope of OpenAI's data processing permissions. - Tier: All - Location: § 2 (How we use Personal Data) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20To%20provide%2C%20analyse%2C,an%20age-appropriate%20experience.%20 ### privacy data use — risk unknown > We also aggregate or de-identify Personal Data so that it no longer identifies you and use this information for the purposes described above, such as to analyze the way our Services are being used, to improve and add features to them, and to conduct research. We will maintain and use de-identified information in de-identified form and not attempt to reidentify the information, unless required by law. - Interpretation (disclaimed): This segment describes OpenAI's practice of aggregating or de-identifying personal data and commits to maintaining such data in de-identified form without re-identification except as required by law, creating a legal obligation regarding de-identification standards. - Tier: All - Location: § 2 (How we use Personal Data) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20We%20also%20aggregate,required%20by%20law.%20 ### privacy data use — risk unknown > Depending on where you live, you may have certain statutory rights in relation to your Personal Data. For example, you may have the right to: - Interpretation (disclaimed): Establishes that users may have statutory rights regarding their Personal Data depending on jurisdiction, framing the conditional legal basis for the rights enumerated below. - Tier: All - Location: § 6 (Your rights) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Depending%20on%20where,the%20right%20to%3A%20 ### privacy data use — risk unknown > Our Services provide you with a number of controls over your Personal Data and how it is used and retained. You can always change these settings in your account. These include the following controls: - Interpretation (disclaimed): This segment describes user rights to control their personal data through account settings, establishing that users have actionable controls over how their data is used and retained, and that these controls can be exercised at any time. - Tier: All - Location: § 5 (Data controls) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Our%20Services%20provide,the%20following%20controls%3A%20 ### privacy data use — risk unknown > Delete your Personal Data from our records. Restrict how we process your Personal Data. Transfer your Personal Data to a third party (right to data portability). Withdraw your consent—where we rely on consent as the legal basis for processing. Lodge a complaint with your local data protection authority. - Interpretation (disclaimed): Enumerates multiple data subject rights including deletion, restriction of processing, data portability, withdrawal of consent, and the right to lodge complaints with supervisory authorities. - Tier: All - Location: Privacy Policy › “Rectify or update your Personal Data” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Delete%20your%20Personal,data%20protection%20authority.%20 ### privacy data use — risk unknown > You can exercise some of these rights through your OpenAI account using the tools described in the Data controls ⁠ section, or you can submit your request through privacy.openai.com ⁠ (opens in a new window) or to dsar@openai.com ⁠ . You can contact our data protection officer at dpo@openai.com ⁠ . - Interpretation (disclaimed): Describes the procedure by which users can exercise their data subject rights, specifying the tools, web portal, email address, and DPO contact available for submitting requests. - Tier: All - Location: Privacy Policy › “Rectify or update your Personal Data” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20You%20can%20exercise,dpo%40openai.com%20%E2%81%A0%20.%20 ### privacy data use — risk unknown > We collect the following information, as described above: Identifiers, such as your name, contact details, IP address, and other device identifiers - Interpretation (disclaimed): Defines 'Commercial information' as a category of Personal Data collected, specifically transaction history, for purposes of U.S. state privacy law disclosure. - Tier: All - Location: Privacy Policy › “Disclosure of Personal Data” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20We%20collect%20the,and%20other%20device%20identifiers ### privacy data use — risk unknown > Our Services are not directed to, or intended for, children under 13. We do not knowingly collect Personal Data from children under 13. If you have reason to believe that a child under 13 has provided Personal Data to OpenAI through the Services, please email us at privacy@openai.com. We will investigate any notification and, if appropriate, delete the Personal Data from our systems. Users under 18 must have permission from their parent or guardian to use our Services. Learn more ⁠ (opens in a new window) about how teens and parents or guardians can choose to link their accounts. - Interpretation (disclaimed): Restricts Services from being directed to children under 13, prohibits knowing collection of Personal Data from such children, imposes a parental permission requirement for users under 18, and establishes a procedure for reporting and deleting children's data. - Tier: All - Location: § 7 (Children) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Our%20Services%20are,link%20their%20accounts.%20 ### privacy data use — risk unknown > We implement commercially reasonable technical, administrative, and organizational measures designed to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you provide to the Services. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites. - Interpretation (disclaimed): Section header defining the scope of U.S. state-specific privacy disclosures, structuring the obligations and rights that follow under applicable state privacy laws. - Tier: All - Location: § 8 (Security) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20We%20implement%20commercially,or%20third-party%20websites.%20 ### privacy data use — risk unknown > Some U.S. state privacy laws ⁠ (opens in a new window) require specific disclosures. The following table provides additional information about the categories of Personal Data we collect and how we use and disclose that information. You can read more about the Personal Data we collect and where we collect it from in “ Personal Data we collect ⁠ ” above, how we use Personal Data in “ How we use Personal Data ⁠ ” above, when we disclose Personal Data in “ Disclosure of Personal Data ⁠ ” above and how we retain Personal Data in “ Retention ⁠ ” above. We don’t process sensitive data for the purpose of inferring characteristics about you. - Interpretation (disclaimed): Defines the column header 'Category of Personal Data' for the U.S. state disclosure table, structuring the legal classification of data types subject to state privacy law requirements. - Tier: All - Location: § 9 (Additional U.S. state disclosures) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Some%20U.S.%20state,characteristics%20about%20you.%20 ### privacy data use — risk unknown > Network activity information, such as how you interact with our Services, including Log Data, Usage Data, and information about the device you use to access the Services Content, including your prompts and content you upload to the Services and interactions and messages with other users Communication Information, such as your contact information when you send us email - Interpretation (disclaimed): Defines 'Contact Data' as a category of Personal Data optionally collected when users connect device contacts, scoping the conditions and data types involved. - Tier: All - Location: Privacy Policy › “Commercial information, such as your transaction history” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Network%20activity%20information%2C,you%20send%20us%20email ### privacy data use — risk unknown > Geolocation data, such as the general area from which your device accesses our Services based on information like its IP address, or precise location information you choose to provide Other Account Information, such as your account credentials, and payment information, date of birth, and profile picture Other Information You Provide, such as if you choose to participate in our events or surveys or when you provide us or a vendor operating on our behalf with information to establish your identity or age. We use this information for the following purposes, as described above: - Interpretation (disclaimed): Establishes that OpenAI uses collected Personal Data to provide, analyze, and maintain its Services, constituting a statement of processing purpose that creates an obligation to limit use to those stated purposes. - Tier: All - Location: Privacy Policy › “Contact Data if you choose to connect your device contacts” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Geolocation%20data%2C%20such,purposes%2C%20as%20described%20above%3A ### privacy data use — risk unknown > Improve and develop our Services and conduct research, including using your Content to train our models (subject to your control) - Interpretation (disclaimed): Permits OpenAI to use Personal Data to personalize and customize the user experience across its Services. - Tier: All - Location: Privacy Policy › “Provide, analyze, and maintain our Services” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Improve%20and%20develop,to%20your%20control)%20 ### privacy data use — risk unknown > Parents or guardians of teen users for account linking purposes described above Other users and third parties you interact or share information with - Interpretation (disclaimed): States that OpenAI does not sell Personal Data and describes conditions under which limited data may be shared with marketing partners for targeted advertising, establishing the boundary of permissible data sharing and users' opt-out rights. - Tier: All - Location: Privacy Policy › “Business account administrators for the reasons described above” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Parents%20or%20guardians,or%20share%20information%20with ### privacy data use — risk unknown > Your Opt-Out Rights. We don’t “sell” Personal Data. Depending upon your choices, we may share limited data with select marketing partners for purposes of promoting our products and services to you on third-party properties. - Interpretation (disclaimed): Grants users the right to opt out of targeted advertising and cross-context behavioral advertising data sharing, and describes multiple mechanisms for exercising that opt-out including account settings, Global Privacy Control, and in-platform controls. - Tier: All - Location: Privacy Policy › “Business account administrators for the reasons described above” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Your%20Opt-Out%20Rights.,on%20third-party%20properties.%20 ### privacy data use — risk unknown > This is known as “targeted advertising” or sharing for “cross-context behavioral advertising” under certain state privacy laws. You can opt out using the marketing privacy control in your account settings. If you’re not logged in, you can opt out within Settings > Data Controls on ChatGPT or using the Your Privacy Choices link ⁠ on our website. You can also opt out using a legally recognized opt-out mechanism, like Global Privacy Control. You can learn more about the types of data we use and share for these purposes and controls we offer you here ⁠ (opens in a new window) . We don’t engage in these activities for users we know to be under 18 years of age. - Interpretation (disclaimed): Enumerates additional privacy rights for users under applicable U.S. state laws, including rights to know, access in portable format, deletion, correction, and freedom from retaliation for exercising those rights. - Tier: All - Location: Privacy Policy › “Business account administrators for the reasons described above” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20This%20is%20known,years%20of%20age.%20 ### privacy data use — risk unknown > Your Other Rights. Depending on where you live and subject to applicable exceptions, you may have the following privacy rights in relation to your Personal Data: - Interpretation (disclaimed): Grants users the right to correct their Personal Data held by OpenAI, as provided under applicable U.S. state privacy laws. - Tier: All - Location: Privacy Policy › “Business account administrators for the reasons described above” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Your%20Other%20Rights.,your%20Personal%20Data%3A%20 ### privacy data use — risk unknown > The right to know information about our processing of your Personal Data, including the right to access your Personal Data, often in a portable format; The right to request deletion of your Personal Data; - Interpretation (disclaimed): Grants the right to be free from retaliation for exercising privacy rights and incorporates by reference California privacy rights reporting, establishing a non-retaliation obligation on OpenAI. - Tier: All - Location: Privacy Policy › “Business account administrators for the reasons described above” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20The%20right%20to,your%20Personal%20Data%3B%20 ### privacy data use — risk unknown > The right to be free from retaliation relating to the exercise of any of your privacy rights. Review our California privacy rights reporting here ⁠ . - Interpretation (disclaimed): Establishes the procedure for submitting privacy rights requests through authorized agents, specifying the authority documentation required, the user's independent verification obligations, and the submission email address. - Tier: All - Location: Privacy Policy › “The right to correct your Personal Data; and” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20The%20right%20to,here%20%E2%81%A0%20.%20 ### privacy data use — risk unknown > We may update this policy from time to time. When we do, we will publish an updated version and effective date on this page, unless another type of notice is required by applicable law. - Interpretation (disclaimed): Establishes OpenAI's procedure and obligation for notifying users of material changes to the privacy policy, including publication of an updated version and effective date, subject to any legally required alternative notice method. - Tier: All - Location: § 10 (Changes to the privacy policy) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20We%20may%20update,by%20applicable%20law.%20 ### privacy data use — risk unknown > Please contact support ⁠ (opens in a new window) if you have any questions or concerns not already addressed in this policy. - Interpretation (disclaimed): Directs users to a support channel for questions or concerns not addressed in the policy, providing a mechanism for exercising privacy-related inquiries and complaints. - Tier: All - Location: § 12 (How to contact us) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Please%20contact%20support,in%20this%20policy.%20 ### privacy data use — risk unknown > These cookies are required for the site to work and can’t be turned off. They support essential functions like security, user authentication, and customer support. - Interpretation (disclaimed): Defines strictly necessary cookies as non-optional and restricts users from disabling them, specifying their essential functions (security, authentication, customer support) and establishing that consent controls do not apply to this category. - Tier: All - Location: Privacy Policy › “Strictly necessary” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20These%20cookies%20are,and%20customer%20support.%20 ### privacy data use — risk unknown > These cookies help us understand how visitors interact with our site. They allow us to measure traffic and improve site performance. - Interpretation (disclaimed): Discloses OpenAI's permission to use analytics cookies to collect data on user interactions with the site for traffic measurement and performance improvement purposes, subject to user consent preferences. - Tier: All - Location: Privacy Policy › “Analytics Cookies” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20These%20cookies%20help,improve%20site%20performance.%20 ### privacy data use — risk unknown > These cookies help us measure the effectiveness of our marketing campaigns. - Interpretation (disclaimed): This segment defines marketing measurement cookies by describing their function in measuring campaign effectiveness, providing definitional context for user consent decisions regarding this data-use category. - Tier: All - Location: Terms of Service › “Marketing measurement” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20These%20cookies%20help,our%20marketing%20campaigns.%20 ### privacy data use — risk unknown > Our Privacy Policy⁠ ⁠ explains how we collect and use personal information. Although it does not form part of these Terms, it is an important document that you should read. - Interpretation (disclaimed): This segment incorporates the Privacy Policy by reference, noting it explains how personal information is collected and used, and clarifies that while it does not form part of these Terms it is a material document users should read. - Tier: All - Location: Terms of Service › “Effective: January 1, 2026 ( Previous version ⁠ )” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Our%20Privacy%20Policy%E2%81%A0,you%20should%20read.%20 ### privacy data use — risk unknown > Corporate domains. If you create an account using an email address owned by an organization (for example, your employer), that account may be added to the organization's business account with us, in which case we will provide notice to you so that you can help facilitate the transfer of your account (unless your organization has already provided notice to you that it may monitor and control your account). Once your account is transferred, the organization’s administrator will be able to control your account, including being able to access Content (defined below) and restrict or remove your access to the account. - Interpretation (disclaimed): This segment describes the procedure by which accounts created with organizational email addresses may be transferred to a business account, specifies the notice requirement to the user, and defines the resulting control rights of the organization's administrator over the account and its Content, affecting data access and account governance. - Tier: All - Location: Terms of Service › “Using our Services” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Corporate%20domains.%20If,to%20the%20account.%20 ### privacy data use — risk unknown > Websites and apps use cookies and other identifiers to store and retrieve information on your device. Some of this information may be shared with third parties for different purposes. Use the tool below to manage your preferences. You can change them anytime. Learn more - Interpretation (disclaimed): This segment describes how websites and apps use cookies and other identifiers to store and retrieve information, notes that some information may be shared with third parties, and informs users of a preference-management tool, establishing a procedural framework for user consent and data-sharing disclosure. - Tier: All - Location: Terms of Service › “Cookie Preferences” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Websites%20and%20apps,anytime.%20Learn%20more%20 ### privacy data use — risk unknown > These cookies are required for the site to work and can’t be turned off. They support essential functions like security, user authentication, and customer support. - Interpretation (disclaimed): This segment defines strictly necessary cookies and their essential functions (security, user authentication, customer support), explaining why they are non-optional, serving a definitional purpose for the cookie preference framework. - Tier: All - Location: Terms of Service › “Strictly necessary” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20These%20cookies%20are,and%20customer%20support.%20 ### privacy data use — risk unknown > These cookies help us understand how visitors interact with our site. They allow us to measure traffic and improve site performance. - Interpretation (disclaimed): This segment elaborates on analytics cookies' purposes (measuring traffic and improving performance), functioning as a definitional description that informs user consent for this cookie category. - Tier: All - Location: Terms of Service › “Analytics Cookies” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20These%20cookies%20help,improve%20site%20performance.%20 ### data retention — risk unknown > We’ll retain your Personal Data for only as long as we need in order to provide our Services to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Data depends on the type of data, how we use it, and in many cases your settings: - Interpretation (disclaimed): This segment establishes OpenAI's obligation to retain personal data only as long as necessary for service provision or legitimate business purposes such as dispute resolution, safety, and legal compliance, and defines factors that determine retention duration. - Tier: All - Location: § 4 (Retention) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20We%E2%80%99ll%20retain%20your,cases%20your%20settings%3A%20 ### data retention — risk unknown > Information we retain until you delete it: Some of our Services allow you to delete Personal Data stored in your account. For example, you can delete specific, or all, of your ChatGPT conversations, delete specific Saved Memories ⁠ (opens in a new window) , or delete your account. Once you choose to delete Personal Data, we will remove it from our systems within 30 days unless we need to retain it for longer as described below, or it has already been de-identified and disassociated from your account when you allow us to use your Content to improve our models ⁠ (opens in a new window) . Information we delete automatically: In some cases, Personal Data will be deleted automatically. For example, Temporary Chats ⁠ (opens in a new window) will be automatically deleted within 30 days (unless we have to retain them for safety or legal reasons, as described further below), and your Atlas incognito browsing history ⁠ (opens in a new window) won’t be saved after you end your session. Information we retain for longer for legitimate security, safety, or legal reasons: In some cases, we need to retain Personal Data for longer even after you delete it, for example because we are legally required to, to address fraud and abuse, for security reasons, or for financial record-keeping purposes. For instance: If specific Content, or your account, is banned because of violations of our usage policies ⁠ , we may retain that data for to protect our services from fraud, abuse, or other violations of our policies; If we are legally required to retain your data (for instance, we receive a lawful subpoena) then we may retain it for the duration of the relevant legal or regulatory obligation; When we are a party to a financial transaction (for instance, when we process your payment for a - Interpretation (disclaimed): This segment describes the procedure for user-initiated deletion of personal data, specifying that deletion occurs within 30 days unless retention is otherwise required, and creates an exception for de-identified data already dissociated from the user's account. - Tier: All - Location: § 4 (Retention) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Information%20we%20retain,your%20payment%20for%20a ### data retention — risk unknown > ChatGPT Plus or Pro account, or facilitate a purchase on ChatGPT), we may retain payment and transaction related information to meet our accounting, dispute resolution, and regulatory compliance purposes; When you ask us to delete your Personal Data, we retain the audit record of the erasure request to be able to verify that we have complied with the request. - Interpretation (disclaimed): This segment establishes OpenAI's obligation to retain payment and transaction data for accounting, dispute resolution, and regulatory compliance, and to retain audit records of erasure requests to demonstrate compliance with deletion obligations. - Tier: All - Location: § 4 (Retention) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20ChatGPT%20Plus%20or,with%20the%20request.%20 ### data retention — risk unknown > In determining these retention periods, we consider a number of factors, such as: - Interpretation (disclaimed): This segment introduces the factors OpenAI considers when determining retention periods, establishing the procedural framework for retention decision-making. - Tier: All - Location: § 4 (Retention) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20In%20determining%20these,factors%2C%20such%20as%3A%20 ### data retention — risk unknown > Our purpose for processing the Personal Data (such as whether we need to retain it to provide our Services); The amount, nature, and sensitivity of the information; The potential risk of harm from unauthorized use or disclosure; Any legal requirements that we are subject to. - Interpretation (disclaimed): This segment enumerates the specific factors — processing purpose, data nature and sensitivity, risk of harm, and legal requirements — that govern retention period determinations, creating substantive criteria for OpenAI's retention obligations. - Tier: All - Location: § 4 (Retention) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Our%20purpose%20for,are%20subject%20to.%20 ### data retention — risk unknown > We also may terminate your account if it has been inactive for over a year and you do not have a paid account. If we do, we will provide you with advance notice. - Interpretation (disclaimed): Establishes that inactive accounts without a paid subscription may be terminated after one year of inactivity, with advance notice required before deletion, creating a data/account retention policy. - Tier: All - Location: Terms of Service › “Termination and suspension” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20We%20also%20may,with%20advance%20notice.%20 ### subprocessors data sharing — risk unknown > This helps us personalize and measure OpenAI’s own marketing on third-party platforms. - Interpretation (disclaimed): Discloses OpenAI's permission to use personalized marketing cookies to share user data with third-party platforms for targeted advertising and marketing measurement purposes, subject to user consent. - Tier: All - Location: Privacy Policy › “Personalized marketing” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20This%20helps%20us,on%20third-party%20platforms.%20 ### subprocessors data sharing — risk unknown > Information We Receive from Other Sources: We receive information from other sources, such as our trusted security and safety partners to protect safety and prevent fraud, abuse, and other threats to our Services, and from marketing vendors who provide us with information about potential customers of our business services. - Interpretation (disclaimed): This segment discloses that OpenAI receives personal data from third-party security/safety partners and marketing vendors, establishing the scope of third-party data flows into OpenAI's systems and the purposes for which such data is received. - Tier: All - Location: § 1 (Personal Data we collect) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Information%20We%20Receive,our%20business%20services.%20 ### subprocessors data sharing — risk unknown > We disclose your Personal Data in the following circumstances: - Interpretation (disclaimed): This segment introduces the enumerated circumstances of personal data disclosure, framing the subsequent list as the operative scope of OpenAI's data sharing practices. - Tier: All - Location: § 3 (Disclosure of Personal Data) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20We%20disclose%20your,the%20following%20circumstances%3A%20 ### subprocessors data sharing — risk unknown > Vendors, Service Providers, and Marketing Partners : To assist us in meeting business operations needs and to perform certain services and functions, we disclose Personal Data to vendors, service providers, and marketing partners, including providers of hosting services, customer service vendors, cloud services, content delivery services, support and safety services, email communication software, web analytics services, payment and transaction processors, search and shopping providers, and information technology providers. We also work with service providers who help us with age and identity verification, and you can learn more here⁠ ⁠ (opens in a new window) . When we work with Service Providers, these parties will access, process, or store Personal Data based on our instructions and only in the course of performing their duties to us. We also share limited information with select marketing partners who are not service providers in order to promote our products and services on third-party properties and help us assess the effectiveness of those efforts. Some of these partners may receive information through cookies and similar technologies. Learn more about these practices and the choices available to you here ⁠ (opens in a new window) . Business Transfers : If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Data may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets. - Interpretation (disclaimed): This segment discloses that OpenAI shares personal data with vendors, service providers, and marketing partners for business operations, naming categories of subprocessors and the functions they perform, establishing the scope of third-party data sharing obligations. - Tier: All - Location: § 3 (Disclosure of Personal Data) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Vendors%2C%20Service%20Providers%2C,with%20other%20assets.%20 ### subprocessors data sharing — risk unknown > Government Authorities or Other Third Parties : We may share your Personal Data, including information about your interaction with our Services, with government authorities, industry peers, or other third parties in compliance with the law (i) if required to do so to comply with a legal obligation, or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, users, or the public, or (vi) to protect against legal liability. Affiliates : We disclose Personal Data to our affiliates, meaning an entity that controls, is controlled by, or is under common control with OpenAI. Our affiliates may use this Personal Data in a manner consistent with this policy. Business Account Administrators : When you join a ChatGPT Enterprise or business account, the administrators of that account may access and control your OpenAI account, including being able to access your Content. In addition, if you create an account using an email address belonging to your employer or another organization, we may share the fact that you have an account and certain account information, such as your email address, with your employer or organization to, for example, enable you to be added to their business account. - Interpretation (disclaimed): This segment permits OpenAI to share personal data with government authorities and third parties for legal compliance, rights protection, policy enforcement, fraud prevention, and safety purposes, establishing the legal bases for non-consensual disclosure of personal data. - Tier: All - Location: § 3 (Disclosure of Personal Data) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Government%20Authorities%20or,their%20business%20account.%20 ### subprocessors data sharing — risk unknown > Parent or Guardian of a Teen : Teen users and their parents or guardians can choose to link their accounts, allowing the parent or guardian to manage certain settings, and receive alerts if we detect a serious safety concern. These accounts can be unlinked at any time. Learn more ⁠ (opens in a new window) about account linking. Other Users and Third Parties You Interact or Share Information With : Certain Services allow you to interact or share information with other users or third parties. For example, you can share content like ChatGPT conversations ⁠ (opens in a new window) or Sora videos ⁠ (opens in a new window) and characters ⁠ (opens in a new window) , or share information with third-party search ⁠ (opens in a new window) and shopping ⁠ (opens in a new window) partners. Information you share with third-party partners is governed by their own terms and privacy policies, and you should make sure you understand those terms and policies before sharing information with them. - Interpretation (disclaimed): This segment describes data sharing with parents/guardians of teen users for account management and safety alerts, and with other users and third parties when users choose to share content, establishing user-directed and safety-based data sharing permissions. - Tier: All - Location: § 3 (Disclosure of Personal Data) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Parent%20or%20Guardian,information%20with%20them.%20 ### subprocessors data sharing — risk unknown > We also aggregate or de-identify Personal Data so that it no longer identifies you and share it with third parties for the purposes described above, such as to help improve our Services. - Interpretation (disclaimed): This segment permits OpenAI to share aggregated or de-identified personal data with third parties to improve services, establishing a legal basis for sharing non-identifying derived data with external parties. - Tier: All - Location: § 3 (Disclosure of Personal Data) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20We%20also%20aggregate,improve%20our%20Services.%20 ### subprocessors data sharing — risk unknown > For Free and Go users, subject to your controls, to personalize the ads you see on our Services and measure the effectiveness of ads shown on our Services. Learn more. Communicate with you, including to respond to your questions, and send you information about our Services and events, for example about changes or improvements to the Services or offers or information that may interest you To identify your contacts who use our Services when you choose to connect your contacts and update you if they join our Services later. Prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services, including by monitoring any Content submitted or exchanged on our platforms (learn more here ) Comply with legal obligations and protect the rights, privacy, safety, or property of our users, OpenAI, or third parties, for instance to prevent harm to you or others, and to estimate your age to give you an age-appropriate experience We may disclose this information in the following circumstances, as described above: Vendors, service providers, and affiliates to assist us in meeting business operations needs and to perform certain services and functions described above Government authorities or other third parties for the legal reasons described above - Interpretation (disclaimed): Defines 'Parties involved in Transactions' as a category of recipients to whom Personal Data may be disclosed, forming part of the U.S. state law disclosure table. - Tier: All - Location: Privacy Policy › “To personalize and customize your experience across our Services” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20For%20Free%20and,legal%20reasons%20described%20above ### subprocessors data sharing — risk unknown > These cookies help us measure the effectiveness of our marketing campaigns. - Interpretation (disclaimed): Discloses that marketing measurement cookies are used to measure campaign effectiveness, implying data may be shared with or processed by marketing analytics third parties, subject to user consent. - Tier: All - Location: Privacy Policy › “Marketing measurement” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20These%20cookies%20help,our%20marketing%20campaigns.%20 ### subprocessors data sharing — risk unknown > Websites and apps use cookies and other identifiers to store and retrieve information on your device. Some of this information may be shared with third parties for different purposes. Use the tool below to manage your preferences. You can change them anytime. Learn more - Interpretation (disclaimed): Describes how cookies and device identifiers are used to store and retrieve information, discloses that some information may be shared with third parties for various purposes, and introduces a consent-management tool allowing users to manage and change their preferences. - Tier: All - Location: Privacy Policy › “Cookie Preferences” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Websites%20and%20apps,anytime.%20Learn%20more%20 ### subprocessors data sharing — risk unknown > This helps us personalize and measure OpenAI’s own marketing on third-party platforms. - Interpretation (disclaimed): This segment discloses that personalized marketing cookies enable OpenAI to share data with third-party platforms for the purpose of personalizing and measuring its own marketing, implicating third-party data sharing obligations relevant to subprocessor and data-sharing surfaces. - Tier: All - Location: Terms of Service › “Personalized marketing” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20This%20helps%20us,on%20third-party%20platforms.%20 ### audit rights dpa residency — risk unknown > OpenAI processes your Personal Data for the purposes described in this policy on servers located in various jurisdictions, including processing and storing your Personal Data in our facilities and servers in the United States, or in countries or territories where our affiliates and partners or our vendors and service providers are located. While data protection law varies by country, we apply the protections described in this policy to your Personal Data regardless of where it is processed, and only transfer that data pursuant to legally valid transfer mechanisms. - Interpretation (disclaimed): States that OpenAI processes Personal Data on servers in various jurisdictions including the United States, commits to applying the same protections regardless of processing location, and obligates use of legally valid transfer mechanisms for cross-border data transfers. - Tier: All - Location: Privacy Policy › “Rectify or update your Personal Data” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20OpenAI%20processes%20your,valid%20transfer%20mechanisms.%20 ### audit rights dpa residency — risk unknown > Appeals. Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights. To appeal a decision, please send your request to dsar@openai.com . - Interpretation (disclaimed): Grants data subjects a procedural right to appeal decisions made by OpenAI regarding the exercise of privacy rights, and specifies the procedure (emailing dsar@openai.com) for doing so, contingent on jurisdiction. - Tier: All - Location: Privacy Policy › “The right to correct your Personal Data; and” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20Appeals.%20Depending%20on,to%20dsar%40openai.com%20.%20 ### audit rights dpa residency — risk unknown > If you live in the European Economic Area (EEA) or Switzerland, OpenAI Ireland Limited, with its registered office at 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, is the controller and is responsible for the processing of your Personal Data as described in this policy. - Interpretation (disclaimed): Identifies OpenAI Ireland Limited as the data controller responsible for processing Personal Data of EEA and Swiss residents, establishing the legal entity accountable under GDPR for the processing activities described in the policy. - Tier: All - Location: § 11 (Data controller) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20If%20you%20live,in%20this%20policy.%20 ### audit rights dpa residency — risk unknown > If you live anywhere else, OpenAI OpCo, LLC, with its registered office at 1455 Third Street, San Francisco, California 94158, United States, is the controller and is responsible for the processing of your Personal Data as described in this policy. - Interpretation (disclaimed): Identifies OpenAI OpCo, LLC as the data controller responsible for processing Personal Data of all users outside the EEA and Switzerland, establishing the legal entity accountable for processing under applicable non-GDPR data protection laws. - Tier: All - Location: § 11 (Data controller) - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=%20If%20you%20live,in%20this%20policy.%20 ### indemnity liability — risk unknown > Third party Services. Our services may include third party software, products, or services, (“Third Party Services”) and some parts of our Services, like our browse feature, may include output from those services (“Third Party Output”). Third Party Services and Third Party Output are subject to their own terms, and we are not responsible for them. - Interpretation (disclaimed): This segment identifies Third Party Services and Third Party Output as subject to their own terms and disclaims OpenAI's responsibility for them, limiting OpenAI's liability with respect to third-party integrations. - Tier: All - Location: Terms of Service › “Using our Services” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Third%20party%20Services.,responsible%20for%20them.%20 ### indemnity liability — risk unknown > Output may not always be accurate. You should not rely on Output from our Services as a sole source of truth or factual information, or as a substitute for professional advice. You must evaluate Output for accuracy and appropriateness for your use case, including using human review as appropriate, before using or sharing Output from the Services. You must not use any Output relating to a person for any purpose that could have a legal or material impact on that person, such as making credit, educational, employment, housing, insurance, legal, medical, or other important decisions about them. Our Services may provide incomplete, incorrect, or offensive Output that does not represent OpenAI’s views. If Output references any third party products or services, it doesn’t mean the third party endorses or is affiliated with OpenAI. - Interpretation (disclaimed): This segment contains multiple user-facing disclaimers and restrictions: that Output may be inaccurate and should not be solely relied upon, that users must evaluate Output before use, and that Output must not be used to make material decisions about persons, limiting OpenAI's liability for inaccurate outputs and placing verification obligations on users. - Tier: All - Location: Terms of Service › “Content” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Output%20may%20not,affiliated%20with%20OpenAI.%20 ### indemnity liability — risk unknown > We may decide to discontinue our Services, but if we do, we will give you advance notice and a refund for any prepaid, unused Services. - Interpretation (disclaimed): Obligates OpenAI to provide advance notice and refund prepaid unused services if it discontinues its services, creating a financial and procedural obligation toward users. - Tier: All - Location: Terms of Service › “Discontinuation of Services” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20We%20may%20decide,prepaid%2C%20unused%20Services.%20 ### indemnity liability — risk unknown > OUR SERVICES ARE PROVIDED “AS IS.” EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS MAKE NO WARRANTIES (EXPRESS, IMPLIED, STATUTORY OR OTHERWISE) WITH RESPECT TO THE SERVICES, AND DISCLAIM ALL WARRANTIES INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, NON-INFRINGEMENT, AND QUIET ENJOYMENT, AND ANY WARRANTIES ARISING OUT OF ANY COURSE OF DEALING OR TRADE USAGE. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ACCURATE OR ERROR FREE, OR THAT ANY CONTENT WILL BE SECURE OR NOT LOST OR ALTERED. - Interpretation (disclaimed): Disclaims all express, implied, statutory, and other warranties for the services on an 'as is' basis, including merchantability, fitness for purpose, non-infringement, and accuracy, limiting OpenAI's and its affiliates' and licensors' legal exposure for service quality. - Tier: All - Location: Terms of Service › “Disclaimer of warranties” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20OUR%20SERVICES%20ARE,LOST%20OR%20ALTERED.%20 ### indemnity liability — risk unknown > NEITHER WE NOR ANY OF OUR AFFILIATES OR LICENSORS WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, OR DATA OR OTHER LOSSES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OUR AGGREGATE LIABILITY UNDER THESE TERMS WILL NOT EXCEED ​​THE GREATER OF THE AMOUNT YOU PAID FOR THE SERVICE THAT GAVE RISE TO THE CLAIM DURING THE 12 MONTHS BEFORE THE LIABILITY AROSE OR ONE HUNDRED DOLLARS ($100). THE LIMITATIONS IN THIS SECTION APPLY ONLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. - Interpretation (disclaimed): Caps OpenAI's aggregate liability at the greater of amounts paid in the prior 12 months or $100, and excludes indirect, incidental, special, consequential, and exemplary damages, limiting the financial remedies available to users. - Tier: All - Location: Terms of Service › “Limitation of liability” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20NEITHER%20WE%20NOR,BY%20APPLICABLE%20LAW.%20 ### indemnity liability — risk unknown > Some countries and states do not allow the disclaimer of certain warranties or the limitation of certain damages, so some or all of the terms above may not apply to you, and you may have additional rights. In that case, these Terms only limit our responsibilities to the maximum extent permissible in your country of residence. - Interpretation (disclaimed): Creates a geographic/jurisdictional exception acknowledging that certain warranty disclaimers or damage limitations may not apply in some jurisdictions, preserving users' statutory rights where local law prohibits such limitations. - Tier: All - Location: Terms of Service › “Limitation of liability” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Some%20countries%20and,country%20of%20residence.%20 ### indemnity liability — risk unknown > OPENAI’S AFFILIATES, SUPPLIERS, LICENSORS, AND DISTRIBUTORS ARE INTENDED THIRD PARTY BENEFICIARIES OF THIS SECTION. - Interpretation (disclaimed): Designates OpenAI's affiliates, suppliers, licensors, and distributors as intended third-party beneficiaries of the limitation of liability section, granting them the right to enforce these protections. - Tier: All - Location: Terms of Service › “Limitation of liability” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20OPENAI%E2%80%99S%20AFFILIATES%2C%20SUPPLIERS%2C,OF%20THIS%20SECTION.%20 ### indemnity liability — risk unknown > If you are a business or organization, to the extent permitted by law, you will indemnify and hold harmless us, our affiliates, and our personnel, from and against any costs, losses, liabilities, and expenses (including attorneys’ fees) from third party claims arising out of or relating to your use of the Services and Content or any violation of these Terms. - Interpretation (disclaimed): Obligates business or organizational users to indemnify and hold harmless OpenAI, its affiliates, and personnel from third-party claims, costs, losses, liabilities, and attorney's fees arising from the user's use of services or violation of Terms. - Tier: All - Location: Terms of Service › “Indemnity” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20If%20you%20are,of%20these%20Terms.%20 ### indemnity liability — risk unknown > Trade controls. You must comply with all applicable trade laws, including sanctions and export control laws. Our Services may not be used in or for the benefit of, or exported or re-exported to (a) any U.S. embargoed country or territory or (b) any individual or entity with whom dealings are prohibited or restricted under applicable trade laws. Our Services may not be used for any end use prohibited by applicable trade laws, and your Input may not include material or information that requires a government license for release or export. - Interpretation (disclaimed): This segment imposes a compliance obligation on users to adhere to all applicable trade laws, sanctions, and export control laws, and restricts use of the Services in embargoed territories or for prohibited end uses, creating binding legal duties and restrictions with potential liability implications. - Tier: All - Location: Terms of Service › “General Terms” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Trade%20controls.%20You,release%20or%20export.%20 ### governing law disputes — risk unknown > For individuals in the European Economic Area, United Kingdom, and Switzerland, you can read this version of our Privacy Policy. - Interpretation (disclaimed): This segment directs EEA, UK, and Switzerland individuals to a separate version of the Privacy Policy, incorporating by reference a distinct legal instrument applicable to those jurisdictions and establishing jurisdictional boundaries for the current document. - Tier: All - Location: Privacy Policy › “US privacy policy” - Source: https://openai.com/policies/privacy-policy - Snapshot SHA-256: `0795a8d53c4cef2768d2f362fcf3e5d5be423787696a3fcdfdf1a478105ea60f` - Wayback: — - Deep link: https://openai.com/policies/privacy-policy#:~:text=For%20individuals%20in%20the,our%20Privacy%20Policy.%20 ### governing law disputes — risk unknown > These Terms of Use apply to your use of ChatGPT, DALL·E, and OpenAI’s other services for individuals, along with any associated software applications and websites (all together, “Services”). These Terms form an agreement between you and OpenAI OpCo, LLC, a Delaware company, and they include our Service Terms⁠ ⁠ and important provisions for resolving disputes through arbitration. By using our Services, you agree to these Terms. - Interpretation (disclaimed): This segment defines the scope of the Terms of Use, identifies the contracting parties (user and OpenAI OpCo, LLC, a Delaware company), incorporates Service Terms by reference, and states that by using the Services the user agrees to these Terms including arbitration dispute resolution provisions, thereby establishing the contractual framework and consent mechanism. - Tier: All - Location: Terms of Service › “Effective: January 1, 2026 ( Previous version ⁠ )” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20These%20Terms%20of,to%20these%20Terms.%20 ### governing law disputes — risk unknown > If you reside in the European Economic Area, Switzerland, or the UK, your use of the Services is governed by these terms⁠ ⁠ . - Interpretation (disclaimed): This segment incorporates by reference a separate set of terms governing users in the EEA, Switzerland, or the UK, creating a jurisdictional carve-out and directing those users to different governing terms. - Tier: All - Location: Terms of Service › “Effective: January 1, 2026 ( Previous version ⁠ )” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20If%20you%20reside,terms%E2%81%A0%20%E2%81%A0%20.%20 ### governing law disputes — risk unknown > YOU AND OPENAI AGREE TO THE FOLLOWING MANDATORY ARBITRATION AND CLASS ACTION WAIVER PROVISIONS: - Interpretation (disclaimed): Incorporates and signals mandatory arbitration and class action waiver provisions applicable to both parties, establishing the dispute resolution framework as binding. - Tier: All - Location: Terms of Service › “Dispute resolution” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20YOU%20AND%20OPENAI,ACTION%20WAIVER%20PROVISIONS%3A%20 ### governing law disputes — risk unknown > MANDATORY ARBITRATION. You and OpenAI agree to resolve any claims arising out of or relating to these Terms or our Services, regardless of when the claim arose, even if it was before these Terms existed (a “Dispute”), through final and binding arbitration. You may opt out of arbitration within 30 days of account creation or of any updates to these arbitration terms within 30 days after the update has taken effect by filling out this form ⁠ . If you opt out of an update, the last set of agreed upon arbitration terms will apply. - Interpretation (disclaimed): Establishes mandatory binding arbitration as the exclusive dispute resolution mechanism for all claims, and creates a procedure allowing users to opt out within 30 days of account creation or updates to arbitration terms. - Tier: All - Location: Terms of Service › “Dispute resolution” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20MANDATORY%20ARBITRATION.%20You,terms%20will%20apply.%20 ### governing law disputes — risk unknown > Informal dispute resolution. We would like to understand and try to address your concerns prior to formal legal action. Before either of us files a claim against the other, we both agree to try to resolve the Dispute informally. You agree to do so by sending us notice through this form ⁠ . We will do so by sending you notice to the email address associated with your account. If we are unable to resolve a Dispute within 60 days, either of us has the right to initiate arbitration. We also both agree to attend an individual settlement conference if either party requests one during this time. Any statute of limitations will be tolled during this informal resolution process. - Interpretation (disclaimed): Establishes a mandatory informal dispute resolution process requiring both parties to attempt resolution for 60 days before initiating arbitration, including notice requirements and optional individual settlement conferences. - Tier: All - Location: Terms of Service › “Dispute resolution” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Informal%20dispute%20resolution.,informal%20resolution%20process.%20 ### governing law disputes — risk unknown > Arbitration forum. If we are unable to resolve the Dispute, either of us may commence arbitration with National Arbitration and Mediation (“NAM”) under its Comprehensive Dispute Resolution Rules and Procedures and/or Supplemental Rules for Mass Arbitration Filings, as applicable (available here⁠ ⁠ (opens in a new window) ). - Interpretation (disclaimed): Designates NAM as the arbitration forum and incorporates NAM's Comprehensive Dispute Resolution Rules and Supplemental Rules for Mass Arbitration Filings as the governing procedural rules for arbitration proceedings. - Tier: All - Location: Terms of Service › “Dispute resolution” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Arbitration%20forum.%20If,new%20window)%20).%20 ### governing law disputes — risk unknown > OpenAI will not seek attorneys’ fees and costs in arbitration unless the arbitrator determines that your claim is frivolous. The activities described in these Terms involve interstate commerce and the Federal Arbitration Act will govern the interpretation and enforcement of these arbitration terms and any arbitration. - Interpretation (disclaimed): Restricts OpenAI from seeking attorney's fees unless a claim is found frivolous, and designates the Federal Arbitration Act as the governing law for interpretation and enforcement of the arbitration provisions. - Tier: All - Location: Terms of Service › “Dispute resolution” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20OpenAI%20will%20not,and%20any%20arbitration.%20 ### governing law disputes — risk unknown > Arbitration procedures. The arbitration will be conducted by videoconference if possible, but if the arbitrator determines a hearing should be conducted in person, the location will be mutually agreed upon, in the county where you reside, or as determined by the arbitrator, unless the batch arbitration process applies. The arbitration will be conducted by a sole arbitrator. The arbitrator will be either a retired judge or an attorney licensed to practice law in the state of California. The arbitrator will have exclusive authority to resolve any Dispute, except the state or federal courts of San Francisco, California have the authority to determine any Dispute about enforceability, validity of the class action waiver, or requests for public injunctive relief, as set out below. Any settlement offer amounts will not be disclosed to the arbitrator by either party until after the arbitrator determines the final award, if any. The arbitrator has the authority to grant motions dispositive of all or part of any Dispute. - Interpretation (disclaimed): Specifies procedural rules for arbitration including venue (videoconference preferred or user's county), sole arbitrator qualification requirements (retired judge or California-licensed attorney), and the arbitrator's exclusive authority to resolve disputes. - Tier: All - Location: Terms of Service › “Dispute resolution” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Arbitration%20procedures.%20The,of%20any%20Dispute.%20 ### governing law disputes — risk unknown > Exceptions. This section does not require informal dispute resolution or arbitration of the following claims: (i) individual claims brought in small claims court; and (ii) injunctive or other equitable relief to stop unauthorized use or abuse of the Services or intellectual property infringement or misappropriation. - Interpretation (disclaimed): Carves out small claims court actions and requests for injunctive or equitable relief related to unauthorized use, service abuse, or intellectual property infringement from the mandatory informal dispute resolution and arbitration requirements. - Tier: All - Location: Terms of Service › “Dispute resolution” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Exceptions.%20This%20section,infringement%20or%20misappropriation.%20 ### governing law disputes — risk unknown > CLASS AND JURY TRIAL WAIVERS. You and OpenAI agree that Disputes must be brought on an individual basis only, and may not be brought as a plaintiff or class member in any purported class, consolidated, or representative proceeding. Class arbitrations, class actions, and representative actions are prohibited. Only individual relief is available. The parties agree to sever and litigate in court any request for public injunctive relief after completing arbitration for the underlying claim and all other claims. This does not prevent either party from participating in a class-wide settlement. You and OpenAI knowingly and irrevocably waive any right to trial by jury in any action, proceeding, or counterclaim. - Interpretation (disclaimed): Prohibits class arbitrations, class actions, and representative actions, requiring disputes to be brought individually only, while preserving the right to participate in class-wide settlements and permitting court litigation for public injunctive relief after arbitration. - Tier: All - Location: Terms of Service › “Dispute resolution” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20CLASS%20AND%20JURY,proceeding%2C%20or%20counterclaim.%20 ### governing law disputes — risk unknown > Batch arbitration. If 25 or more claimants represented by the same or similar counsel file demands for arbitration raising substantially similar Disputes within 90 days of each other, then you and OpenAI agree that NAM will administer them in batches of up to 50 claimants each (“Batch”), unless there are less than 50 claimants in total or after batching, which will comprise a single Batch. NAM will administer each Batch as a single consolidated arbitration with one arbitrator, one set of arbitration fees, and one hearing held by videoconference or in a location decided by the arbitrator for each Batch. If any part of this section is found to be invalid or unenforceable as to a particular claimant or Batch, it will be severed and arbitrated in individual proceedings. - Interpretation (disclaimed): Establishes a batch arbitration procedure for mass filings, requiring NAM to group 25 or more substantially similar claims filed within 90 days into batches of up to 50 for consolidated arbitration proceedings. - Tier: All - Location: Terms of Service › “Dispute resolution” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Batch%20arbitration.%20If,in%20individual%20proceedings.%20 ### governing law disputes — risk unknown > Severability. If any part of these arbitration terms is found to be illegal or unenforceable, the remainder will remain in effect, except that if a finding of partial illegality or unenforceability would allow class arbitration, class action, or representative action, this entire dispute resolution section will be unenforceable in its entirety. - Interpretation (disclaimed): Establishes a severability clause specific to the arbitration terms, providing that if any part is found unenforceable, the remainder survives, except that the entire dispute resolution section is void if severance would permit class arbitration or representative action. - Tier: All - Location: Terms of Service › “Dispute resolution” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Severability.%20If%20any,in%20its%20entirety.%20 ### governing law disputes — risk unknown > Assignment. You may not assign or transfer any rights or obligations under these Terms and any attempt to do so will be void. We may assign our rights or obligations under these Terms to any affiliate, subsidiary, or successor in interest of any business associated with our Services. - Interpretation (disclaimed): Restricts users from assigning or transferring their rights or obligations under the Terms, while permitting OpenAI to assign its rights to affiliates, subsidiaries, or successors in interest. - Tier: All - Location: Terms of Service › “General Terms” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Assignment.%20You%20may,with%20our%20Services.%20 ### governing law disputes — risk unknown > Changes to these Terms or our Services. We are continuously working to develop and improve our Services. We may update these Terms or our Services accordingly from time to time. For example, we may make changes to these Terms or the Services due to: - Interpretation (disclaimed): Establishes OpenAI's right to update the Terms or Services and provides examples of reasons for such changes, setting the procedural context for modifications to the contractual relationship. - Tier: All - Location: Terms of Service › “General Terms” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Changes%20to%20these,Services%20due%20to%3A%20 ### governing law disputes — risk unknown > Delay in enforcing these Terms. Our failure to enforce a provision is not a waiver of our right to do so later. Except as provided in the dispute resolution section above, if any portion of these Terms is determined to be invalid or unenforceable, that portion will be enforced to the maximum extent permissible and it will not affect the enforceability of any other terms. - Interpretation (disclaimed): This segment addresses waiver and severability: it clarifies that failure to enforce a provision is not a permanent waiver of rights, and that an invalid or unenforceable provision will be enforced to the maximum extent possible without affecting the remainder of the Terms, limiting the legal effect of non-enforcement and partial invalidity. - Tier: All - Location: Terms of Service › “General Terms” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Delay%20in%20enforcing,any%20other%20terms.%20 ### governing law disputes — risk unknown > Entire agreement. These Terms contain the entire agreement between you and OpenAI regarding the Services and, other than any Service-specific terms, supersedes any prior or contemporaneous agreements between you and OpenAI. - Interpretation (disclaimed): This segment defines the scope of the entire agreement between the parties, establishing that these Terms constitute the complete and superseding agreement regarding the Services and replacing any prior or contemporaneous agreements, which is an integration clause with definitional and incorporative legal effect. - Tier: All - Location: Terms of Service › “General Terms” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Entire%20agreement.%20These,you%20and%20OpenAI.%20 ### governing law disputes — risk unknown > Governing law. California law will govern these Terms except for its conflicts of laws principles. Except as provided in the dispute resolution section above, all claims arising out of or relating to these Terms will be brought exclusively in the federal or state courts of San Francisco, California. - Interpretation (disclaimed): This segment designates California law as the governing law for the Terms and mandates exclusive jurisdiction in federal or state courts in San Francisco, California for all claims, imposing a binding forum-selection and choice-of-law obligation on both parties. - Tier: All - Location: Terms of Service › “General Terms” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Governing%20law.%20California,San%20Francisco%2C%20California.%20 ### moderation enforcement — risk unknown > Keep minors safe . Children and teens deserve special protection. Our services are designed to prevent harm and support their well-being, and must never be used to exploit, endanger, or sexualize anyone under 18 years old. We report apparent child sexual abuse material and child endangerment to the National Center for Missing and Exploited Children. We prohibit use of our services for: child sexual abuse material (CSAM), whether or not any portion is AI generated grooming of minors exposing minors to age-inappropriate content, such as graphic self-harm, sexual, or violent content promoting unhealthy dieting or exercise behavior to minors shaming or otherwise stigmatizing the body type or appearance of minors dangerous challenges for minors underaged sexual or violent roleplay underaged access to age-restricted goods or activities - Interpretation (disclaimed): This segment restricts use of OpenAI services for any content or activity that exploits, endangers, or sexualizes minors, including CSAM and grooming, and discloses an obligation to report apparent CSAM to NCMEC, constituting both a use restriction and a mandatory reporting procedure. - Tier: All - Location: Usage Policy › “Usage policies” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20Keep%20minors%20safe,goods%20or%20activities%20 ### moderation enforcement — risk unknown > Empower people . People should be able to make decisions about their lives and their communities. So we don’t allow our services to be used to manipulate or deceive people, to interfere with their exercise of human rights, to exploit people’s vulnerabilities, or to interfere with their ability to get an education or access critical services, including any use for: academic dishonesty deceit, fraud, scams, spam, or impersonation political campaigning, lobbying, foreign or domestic election interference, or demobilization activities automation of high-stakes decisions in sensitive areas without human review critical infrastructure education housing employment financial activities and credit insurance legal medical essential government services product safety components national security migration law enforcement - Interpretation (disclaimed): This segment prohibits use of OpenAI services to manipulate or deceive people, interfere with human rights, exploit vulnerabilities, or impede access to education and critical services, listing specific forbidden activities including academic dishonesty, fraud, election interference, and automation of high-stakes decisions without appropriate oversight. - Tier: All - Location: Usage Policy › “Usage policies” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20Empower%20people%20.,migration%20law%20enforcement%20 ### moderation enforcement — risk unknown > 2025-10-29: We've updated our Usage Policies to reflect a universal set of policies across OpenAI products and services. 2025-01-29: We've updated our Universal Policies to clarify prohibitions under applicable laws. 2024-01-10: We've updated our Usage Policies to be clearer and provide more service-specific guidance. 2023-02-15: We’ve combined our use case and content policies into a single set of usage policies, and have provided more specific guidance on what activity we disallow in industries we’ve considered high risk. 2022-11-09: We no longer require you to register your applications with OpenAI. Instead, we'll be using a combination of automated and manual methods to monitor for policy violations. 2022-10-25: Updated App Review process (devs no longer need to wait for approval after submitting as long as they comply with our policies). Moved to an outcomes-based approach and updated Safety Best Practices. 2022-06-07: Refactored into categories of applications and corresponding requirements. 2022-03-09: Refactored into “App Review”. 2022-01-19: Simplified copywriting and article writing/editing guidelines. 2021-11-15: Addition of “Content guidelines” section; changes to bullets on almost always approved uses and disallowed uses; renaming document from “Use case guidelines” to “Usage guidelines”. 2021-08-04: Updated with information related to code generation. 2021-03-12: Added detailed case-by-case requirements; small copy and ordering edits. 2021-02-26: Clarified the impermissibility of Tweet and Instagram generators. - Interpretation (disclaimed): This segment documents the version history of the Usage Policies with dated amendments, which serves to incorporate and supersede prior versions, defines the temporal scope of each policy iteration, and clarifies what changes were made to operative restrictions and obligations over time. - Tier: All - Location: Usage Policy › “Changelog” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%202025-10-29%3A%20We've%20updated,and%20Instagram%20generators.%20 ### moderation enforcement — risk unknown > We aim for our tools to be used safely and responsibly, while maximizing your control over how you use them. In building our Usage Policies, we keep a few important things in mind. - Interpretation (disclaimed): This segment introduces the purpose and framing of the Usage Policies, defining OpenAI's intent to enable safe and responsible use while maximizing user control; it establishes the conceptual scope of the policy document that governs enforcement. - Tier: All - Location: Usage Policy › “Usage policies” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20We%20aim%20for,things%20in%20mind.%20 ### moderation enforcement — risk unknown > We empower users to innovate with AI . We build AI products that maximize helpfulness and freedom, while ensuring safety. Usage Policies are just one way we set clear expectations for the use of our products within a broader safety ecosystem that sets responsible guardrails across our services. You can learn more about our safety approach and our commitment to customizability, transparency, and intellectual freedom to explore, debate, and create with AI. - Interpretation (disclaimed): This segment defines the philosophy behind the Usage Policies — maximizing helpfulness and freedom while ensuring safety — and cross-references a broader safety ecosystem, clarifying the policy's role in governance and setting expectations that frame enforcement obligations. - Tier: All - Location: Usage Policy › “Usage policies” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20We%20empower%20users,create%20with%20AI.%20 ### moderation enforcement — risk unknown > Responsible use is a shared priority . We assume the very best of our users. Our terms and policies —including these Usage Policies—set a reasonable bar for acceptable use. Our rules are no substitute for legal requirements, professional duties, or ethical obligations that should influence how people use AI. We hold people accountable for inappropriate use of our services, and breaking or circumventing our rules and safeguards may mean you lose access to our systems or experience other penalties. - Interpretation (disclaimed): This segment imposes an obligation on users to comply with terms and policies as a baseline for acceptable use, explicitly states that users are held accountable for inappropriate use, and warns that breaking or circumventing rules and safeguards may result in loss of access or other penalties, constituting an enforcement obligation. - Tier: All - Location: Usage Policy › “Usage policies” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20Responsible%20use%20is,experience%20other%20penalties.%20 ### moderation enforcement — risk unknown > We build with safety first . We monitor and enforce policies with privacy safeguards in place and clear review processes. We give developers practical moderation tools ⁠ (opens in a new window) and guidance so they can support their end users. We publish what our systems can and can’t do, share research and updates , and provide a simple way to report misuse . - Interpretation (disclaimed): This segment describes OpenAI's procedural commitments for policy monitoring and enforcement, including privacy safeguards, review processes, developer moderation tools, transparency publishing, and misuse reporting mechanisms. - Tier: All - Location: Usage Policy › “Usage policies” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20We%20build%20with,report%20misuse%20.%20 ### moderation enforcement — risk unknown > We update as we learn . People are using our systems in new ways every day, and we update our rules to ensure they are not overly restrictive or to better protect our users. We reserve all rights to withhold access where we reasonably believe it necessary to protect our service or users or anyone else. You can appeal ⁠ if you think we have made a mistake enforcing policy, and we will work to make things right. If you’d like to keep up with Usage Policies updates, complete this form . - Interpretation (disclaimed): This segment asserts OpenAI's reserved right to withhold access where necessary to protect its service or users, establishes a user right to appeal enforcement decisions, and describes a procedure for updating policies — combining a unilateral right of access restriction with a user remedy. - Tier: All - Location: Usage Policy › “Usage policies” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20We%20update%20as,this%20form%20.%20 ### moderation enforcement — risk unknown > Your use of OpenAI services must follow these Usage Policies: - Interpretation (disclaimed): This segment imposes a binding obligation on users, stating that their use of OpenAI services must comply with the Usage Policies that follow, making the subsequent restrictions and prohibitions contractually operative. - Tier: All - Location: Usage Policy › “Usage policies” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20Your%20use%20of,these%20Usage%20Policies%3A%20 ### moderation enforcement — risk unknown > Protect people . Everyone has a right to safety and security. So you cannot use our services for: threats, intimidation, harassment, or defamation suicide, self-harm, or disordered eating promotion or facilitation sexual violence or non-consensual intimate content terrorism or violence, including hate-based violence weapons development, procurement, or use, including conventional weapons or CBRNE illicit activities, goods, or services destruction, compromise, or breach of another’s system or property, including malicious or abusive cyber activity or attempts to infringe on intellectual property rights of others real money gambling provision of tailored advice that requires a license, such as legal or medical advice, without appropriate involvement by a licensed professional unsolicited safety testing circumventing our safeguards national security or intelligence purposes without our review and approval - Interpretation (disclaimed): This segment enumerates specific prohibited uses of OpenAI services that harm people, including threats, harassment, defamation, self-harm promotion, sexual violence, terrorism, weapons development, illicit activities, and malicious cyber activity, constituting binding use restrictions. - Tier: All - Location: Usage Policy › “Usage policies” - Source: https://openai.com/policies/usage-policies - Snapshot SHA-256: `ac99512924b1bf6e38a8e71ff0a66948490ac9d1a6f96a9c1b097816003265a0` - Wayback: — - Deep link: https://openai.com/policies/usage-policies#:~:text=%20Protect%20people%20.,review%20and%20approval%20 ### moderation enforcement — risk unknown > Written claims concerning copyright infringement must include the following information: - Interpretation (disclaimed): Obligates copyright claimants to include specific required information in written copyright infringement claims, establishing the procedural prerequisites for a valid DMCA-style notice. - Tier: All - Location: Terms of Service › “Attn: General Counsel / Copyright Agent” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Written%20claims%20concerning,the%20following%20information%3A%20 ### moderation enforcement — risk unknown > What you cannot do. You may not use our Services for any illegal, harmful, or abusive activity. For example, you may not: - Interpretation (disclaimed): This segment introduces a general prohibition against illegal, harmful, or abusive activity when using the Services and signals enumerated examples to follow, establishing the primary use restriction framework. - Tier: All - Location: Terms of Service › “Using our Services” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20What%20you%20cannot,you%20may%20not%3A%20 ### moderation enforcement — risk unknown > Use our Services in a way that infringes, misappropriates or violates anyone’s rights. Modify, copy, lease, sell or distribute any of our Services. Attempt to or assist anyone to reverse engineer, decompile or discover the source code or underlying components of our Services, including our models, algorithms, or systems (except to the extent this restriction is prohibited by applicable law). Automatically or programmatically extract data or Output (defined below). Represent that Output was human-generated when it was not. Interfere with or disrupt our Services, including circumvent any rate limits or restrictions or bypass any protective measures or safety mitigations we put on our Services. Use Output to develop models that compete with OpenAI. - Interpretation (disclaimed): This segment enumerates specific prohibited activities including rights infringement, copying or distributing Services, reverse engineering, automated data extraction, misrepresenting AI-generated output as human-generated, and service disruption, constituting detailed use restrictions enforceable against users. - Tier: All - Location: Terms of Service › “Using our Services” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Use%20our%20Services,compete%20with%20OpenAI.%20 ### moderation enforcement — risk unknown > Termination. You are free to stop using our Services at any time. We reserve the right to suspend or terminate your access to our Services or delete your account if we determine: - Interpretation (disclaimed): Grants OpenAI the right to suspend, terminate access, or delete accounts, while also acknowledging the user's right to stop using the services at any time. - Tier: All - Location: Terms of Service › “Termination and suspension” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Termination.%20You%20are,if%20we%20determine%3A%20 ### moderation enforcement — risk unknown > You breached these Terms or our Usage Policies⁠ ⁠ . We must do so to comply with the law. Your use of our Services could cause risk or harm to OpenAI, our users, or anyone else. - Interpretation (disclaimed): Specifies three conditions (breach of Terms/Usage Policies, legal compliance, risk or harm) that trigger OpenAI's right or obligation to suspend or terminate user access. - Tier: All - Location: Terms of Service › “Termination and suspension” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20You%20breached%20these,or%20anyone%20else.%20 ### moderation enforcement — risk unknown > Appeals. If you believe we have suspended or terminated your account in error, you can file an appeal with us by contacting our Support team⁠ ⁠ (opens in a new window) . - Interpretation (disclaimed): Provides users with a procedural remedy to appeal account suspension or termination decisions by contacting the Support team, creating an administrative recourse mechanism. - Tier: All - Location: Terms of Service › “Termination and suspension” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Appeals.%20If%20you,new%20window)%20.%20 ### moderation enforcement — risk unknown > If you believe that your intellectual property rights have been infringed, please send notice to the address below or fill out this form ⁠ . We may delete or disable content that we believe violates these Terms or is alleged to be infringing and will terminate accounts of repeat infringers where appropriate. - Interpretation (disclaimed): Establishes the procedure for submitting intellectual property infringement notices, and grants OpenAI the right to delete or disable infringing content and terminate repeat infringers' accounts. - Tier: All - Location: Terms of Service › “Copyright complaints” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20If%20you%20believe,infringers%20where%20appropriate.%20 ### moderation enforcement — risk unknown > A physical or electronic signature of the person authorized to act on behalf of the owner of the copyright interest A description of the copyrighted work that you claim has been infringed upon A description of where the allegedly infringing material is located on our site so we can find it - Interpretation (disclaimed): Specifies the required elements of a copyright infringement notice including authorized signature, description of copyrighted work, and identification of infringing material location, establishing procedural requirements for valid claims. - Tier: All - Location: Terms of Service › “Attn: General Counsel / Copyright Agent” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20A%20physical%20or,can%20find%20it%20 ### moderation enforcement — risk unknown > A statement by you that you have a good-faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law A statement by you that the above information in your notice is accurate and, under penalty of perjury, that you are the copyright owner or authorized to act on the copyright owner’s behalf - Interpretation (disclaimed): Obligates the claimant to include a good-faith belief statement and a perjury-penalty accuracy statement in the copyright infringement notice, establishing legal accountability for the notice's contents. - Tier: All - Location: Terms of Service › “Your address, telephone number, and e-mail address” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20A%20statement%20by,copyright%20owner%E2%80%99s%20behalf%20 ### moderation enforcement — risk unknown > Changes to the law or regulatory requirements. Security or safety reasons. Circumstances beyond our reasonable control. Changes we make in the usual course of developing our Services. To adapt to new technologies. - Interpretation (disclaimed): This segment lists the permissible grounds (legal/regulatory changes, security, force majeure, product development, new technologies) that justify modifications to the Terms, functioning as exceptions that excuse OpenAI from standard change-notification obligations. - Tier: All - Location: Terms of Service › “General Terms” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Changes%20to%20the,to%20new%20technologies.%20 ### tier differences — risk unknown > Our Business Terms⁠ ⁠ govern use of ChatGPT Enterprise, our APIs, and our other services for businesses and developers. - Interpretation (disclaimed): This segment distinguishes business/developer services (ChatGPT Enterprise, APIs) from individual services and incorporates Business Terms by reference, defining the scope boundary between consumer and enterprise tiers. - Tier: All - Location: Terms of Service › “Effective: January 1, 2026 ( Previous version ⁠ )” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Our%20Business%20Terms%E2%81%A0,businesses%20and%20developers.%20 ### tier differences — risk unknown > Billing. If you purchase any Services, you will provide complete and accurate billing information, including a valid payment method. For paid subscriptions, we will automatically charge your payment method on each agreed-upon periodic renewal until you cancel. You’re responsible for all applicable taxes, and we’ll charge tax when required. If your payment cannot be completed, we may downgrade your account or suspend your access to our Services until payment is received. - Interpretation (disclaimed): This segment imposes billing obligations on paid users (accurate payment information, automatic periodic charges, tax responsibility) and establishes OpenAI's right to downgrade or suspend accounts for non-payment, creating enforceable financial obligations tied to paid service tiers. - Tier: All - Location: Terms of Service › “Paid accounts” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Billing.%20If%20you,payment%20is%20received.%20 ### tier differences — risk unknown > Service credits. You can pay for some Services in advance by purchasing service credits. All service credits are subject to our Service Credit Terms⁠ ⁠ . - Interpretation (disclaimed): This segment defines the option to purchase service credits in advance and incorporates the Service Credit Terms by reference, governing a specific paid-tier payment mechanism. - Tier: All - Location: Terms of Service › “Paid accounts” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Service%20credits.%20You,Terms%E2%81%A0%20%E2%81%A0%20.%20 ### tier differences — risk unknown > Cancellation. You can cancel⁠ ⁠ (opens in a new window) your paid subscription at any time. Payments are non-refundable, except where required by law. These Terms do not override any mandatory local laws regarding your cancellation rights. - Interpretation (disclaimed): This segment grants users the right to cancel paid subscriptions at any time, states that payments are generally non-refundable except as required by law, and preserves mandatory local cancellation rights, balancing platform cancellation policy against applicable consumer protection laws. - Tier: All - Location: Terms of Service › “Paid accounts” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Cancellation.%20You%20can,your%20cancellation%20rights.%20 ### tier differences — risk unknown > Changes. We may change our prices from time to time. If we increase our subscription prices, we will give you at least 30 days’ notice and any price increase will take effect on your next renewal so that you can cancel if you do not agree to the price increase. - Interpretation (disclaimed): This segment establishes OpenAI's right to change prices and imposes a procedural obligation to provide at least 30 days' notice before subscription price increases, with price changes taking effect at the next renewal cycle, giving users an opportunity to cancel before being bound by new pricing. - Tier: All - Location: Terms of Service › “Paid accounts” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20Changes.%20We%20may,the%20price%20increase.%20 ### tier differences — risk unknown > We will give you at least 30 days advance notice of changes to these Terms that materially adversely impact you either via email or an in-product notification. All other changes will be effective as soon as we post them to our website. If you do not agree to the changes, you must stop using our Services. - Interpretation (disclaimed): This segment establishes the procedure for notifying users of material adverse changes (30 days advance notice via email or in-product notification), the effective date of other changes, and the consequence of non-acceptance (cessation of service use), creating a binding notice-and-acceptance mechanism. - Tier: All - Location: Terms of Service › “General Terms” - Source: https://openai.com/policies/terms-of-use - Snapshot SHA-256: `8723dc661c7b368af58307cefec344bc56f066add527e7c4c59aad500891b8be` - Wayback: — - Deep link: https://openai.com/policies/terms-of-use#:~:text=%20We%20will%20give,using%20our%20Services.%20