# AI Stack GRC Compliance Report — 2 platforms

- Generated: 2026-06-14T10:22:06.848Z
- Source: AIRIN verified findings (gate-verified, verbatim-cited, SHA-256-anchored)

> Automated assessment against a published rubric — not legal advice.

## Stack summary

| Platform | Headline risk | Verified findings | Dealbreakers |
|---|---|---|---|
| Midjourney | HIGH | 200 | Third-party sublicensing |
| DALL-E (OpenAI) | MEDIUM | 214 | none detected |

---

# GRC Risk Assessment — Midjourney

- Platform: **Midjourney** (midjourney)
- Headline risk rating: **HIGH**
- Website: https://www.midjourney.com
- Generated: 2026-06-14T10:22:06.848Z
- Findings (verified, published): **200**

> Every assertion is anchored to a verbatim quote with a SHA-256 snapshot hash and a Wayback archive URL for independent verification. Informational only; not legal advice.

## Control crosswalk (NIST AI RMF 1.0 + ISO/IEC 42001)

| Surface | Risk | Confidence | NIST AI RMF | ISO/IEC 42001 |
|---|---|---|---|---|
| training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| prompt ownership | low | medium | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) |
| prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) |
| prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) |
| prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) |
| output ownership | high | medium | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) |
| commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) |
| commercial use | unknown | high | MANAGE-1.3 (use limitations) | ISO 42001 A.9.2 (intended use) |
| privacy data use | high | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | high | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | high | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | high | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | high | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| data retention | medium | low | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | ambiguous | low | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| subprocessors data sharing | high | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | high | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | medium | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | medium | low | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| audit rights dpa residency | low | medium | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) |
| audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) |
| audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) |
| audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) |
| audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) |
| audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) |
| audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) |
| indemnity liability | high | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | high | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | high | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) |
| confidentiality | unknown | high | MEASURE-2.7 (confidentiality) | ISO 42001 A.7.5 (information handling) |
| governing law disputes | medium | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | medium | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| moderation enforcement | high | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | high | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | medium | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | medium | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| tier differences | medium | low | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |

## Evidence (verbatim, with provenance)

### training use — risk unknown

> By using the Services, You grant to Midjourney, its affiliates, successors, and assigns a perpetual, worldwide, non-exclusive, sublicensable no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute the Content You input into the Services, as well as any Assets produced by You through the Service. This license survives termination of this Agreement by any party, for any reason.

- Interpretation (disclaimed): Grants Midjourney a perpetual, worldwide, non-exclusive, sublicensable, royalty-free, irrevocable copyright license to reproduce, create derivative works of, display, perform, sublicense, and distribute the customer's Content and Assets, including for training purposes, surviving termination of the agreement.
- Tier: All
- Location: Terms of Service › “Rights You give to Midjourney”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=By%20using%20the%20Services%2C,party%2C%20for%20any%20reason.

### prompt ownership — risk low

> You are responsible for all content, including any images, videos, and prompts, that you input or generate when using Editor and/or Video.

- Interpretation (disclaimed): This clause assigns user responsibility for inputs without explicitly granting rights to Midjourney over those inputs in this section; however, the absence of an explicit ownership statement for prompts creates ambiguity about whether broader license terms apply.
- Tier: All
- Location: Terms of Service › “Content”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20are%20responsible%20for,using%20Editor%20and%2For%20Video.

### prompt ownership — risk unknown

> You are responsible for all content, including any images, videos, and prompts, that you input or generate when using Editor and/or Video.

- Interpretation (disclaimed): Places full responsibility for all content—images, videos, and prompts—input or generated via Editor and Video on the user, establishing a user-side obligation of accountability for that content.
- Tier: All
- Location: Terms of Service › “Content”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20are%20responsible%20for,using%20Editor%20and%2For%20Video.

### prompt ownership — risk unknown

> Inputs, Assets, and other content such as messages, photos, videos, and documents that you may provide to the Services (such as through uploading, posting, sharing, or chat messages) are collectively, “Content”. You are responsible for all Content that you provide or generate, including ensuring that it does not violate any applicable laws or this Agreement, and that you have all necessary rights and permissions to provide the Content.

- Interpretation (disclaimed): Defines 'Content' broadly (inputs, assets, messages, photos, videos, documents) and imposes an obligation on the customer to ensure Content does not violate laws or the Agreement and that they hold all necessary rights and permissions.
- Tier: All
- Location: Terms of Service › “Your Rights and Obligations”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Inputs%2C%20Assets%2C%20and%20other,to%20provide%20the%20Content.

### prompt ownership — risk unknown

> - Prompts that you provide (including text, images, and those generated from spoken input and summarized into text), and other content such as photos, videos, documents, and messages that you input into the Services

- Interpretation (disclaimed): Identifies user-submitted prompts (text, images, spoken input converted to text) and other content (photos, videos, documents, messages) as personally identifiable information collected by Midjourney, directly implicating prompt ownership and privacy data use obligations by characterising user inputs as collected personal data.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20Prompts%20that%20you,input%20into%20the%20Services

### output ownership — risk high

> You hereby irrevocably assign, transfer, and convey to Midjourney and Midjourney accepts, all rights, title, and interest (including all intellectual property and proprietary rights) in and to the Translations, and waive any moral rights you may have therein. To the extent any rights in any Translations cannot be assigned to Midjourney under applicable law, You grant to Midjourney a perpetual, irrevocable, exclusive, worldwide, sublicensable, transferable, royalty-free, and fully paid-up license to host, store, adapt, monetize, reproduce, copy, modify, prepare derivative works of, publicly display, publicly perform, and distribute the Translations for any purpose.

- Interpretation (disclaimed): The irrevocable full assignment of all IP in Translations, combined with waiver of moral rights and a broad fallback license, means contributors to Community Localization permanently lose all rights in their submissions with no remuneration.
- Tier: All
- Location: Terms of Service › “Right to Translations”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20hereby%20irrevocably%20assign%2C,Translations%20for%20any%20purpose.

### output ownership — risk unknown

> You own all Assets You create with the Services to the fullest extent possible under applicable law. There are some exceptions:

- Interpretation (disclaimed): Grants the customer ownership of all Assets created with the Services to the fullest extent possible under applicable law, subject to stated exceptions.
- Tier: All
- Location: Terms of Service › “Your Rights and Obligations”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20own%20all%20Assets,There%20are%20some%20exceptions%3A

### output ownership — risk unknown

> - If you upscale the images of others, these images remain owned by the original creators.

- Interpretation (disclaimed): Restricts ownership when upscaling others' images, specifying that such images remain owned by the original creators rather than the person performing the upscale.
- Tier: All
- Location: Terms of Service › “Your Rights and Obligations”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=-%20If%20you%20upscale,by%20the%20original%20creators.

### output ownership — risk unknown

> Please consult Your own lawyer if You want more information about the state of current intellectual property law in Your jurisdiction. Your ownership of the Assets you created persists even if in subsequent months You downgrade or cancel Your membership.

- Interpretation (disclaimed): Affirms that the customer's ownership of Assets persists even after downgrading or cancelling membership, and recommends consulting a lawyer regarding IP law, establishing the durability of the ownership right.
- Tier: All
- Location: Terms of Service › “Your Rights and Obligations”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Please%20consult%20Your%20own,or%20cancel%20Your%20membership.

### output ownership — risk unknown

> You hereby irrevocably assign, transfer, and convey to Midjourney and Midjourney accepts, all rights, title, and interest (including all intellectual property and proprietary rights) in and to the Translations, and waive any moral rights you may have therein. To the extent any rights in any Translations cannot be assigned to Midjourney under applicable law, You grant to Midjourney a perpetual, irrevocable, exclusive, worldwide, sublicensable, transferable, royalty-free, and fully paid-up license to host, store, adapt, monetize, reproduce, copy, modify, prepare derivative works of, publicly display, publicly perform, and distribute the Translations for any purpose. This Section 12 survives the termination of this Agreement by any party, for any reason.

- Interpretation (disclaimed): Effects an irrevocable assignment of all rights, title, and interest in Translations to Midjourney, including a waiver of moral rights, and grants a perpetual, irrevocable, exclusive, worldwide, sublicensable, royalty-free license as a fallback to the extent assignment is not permitted by law, giving Midjourney full ownership and exploitation rights over user-submitted Translations.
- Tier: All
- Location: Terms of Service › “Right to Translations”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20hereby%20irrevocably%20assign%2C,party%2C%20for%20any%20reason.

### output ownership — risk unknown

> - Your ownership is subject to any obligations imposed by this Agreement and the rights of any third-parties.

- Interpretation (disclaimed): Qualifies the customer's ownership of Assets by subjecting it to obligations imposed by the Agreement and third-party rights, limiting the scope of ownership granted.
- Tier: All
- Location: Terms of Service › “Your Rights and Obligations”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=-%20Your%20ownership%20is,rights%20of%20any%20third-parties.

### output ownership — risk unknown

> 03. Respect others’ creations. Do not distribute or publicly repost the creations of others without their permission.

- Interpretation (disclaimed): Restricts users from distributing or publicly reposting other users' creations without permission, imposing an obligation to respect intellectual property and content rights of other platform users.
- Tier: All
- Location: Terms of Service › “9\. Community Guidelines”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=03.%20Respect%20others%E2%80%99%20creations.,others%20without%20their%20permission.

### output ownership — risk unknown

> By submitting Translations to the Community Localization program, You represent and warrant: (i) that You have all rights necessary to submit the Translations and to grant the rights to Midjourney as described below, (ii) that Your Translations do not and will not violate any third party intellectual property rights, privacy rights, publicity rights, or applicable law, and (iii) Midjourney’s exercise of its rights in the Translations as contemplated by this Section 12 will not violate any applicable law or contractual obligation.

- Interpretation (disclaimed): Requires users to represent and warrant that they hold all necessary rights to submit Translations, that Translations do not violate third-party rights, and that Midjourney's exercise of its rights in the Translations will not violate applicable law or contractual obligations.
- Tier: All
- Location: Terms of Service › “Participating in Community Localization”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=By%20submitting%20Translations%20to,law%20or%20contractual%20obligation.

### output ownership — risk unknown

> Midjourney may use, host, store, publicly display, create derivative works of, copy, adapt, modify, reject, remove, or stop use of any Translations at any time and for any reason, and may suspend or terminate Your participation in the Community Localization program at any time for any reason. You understand that Translations are provided voluntarily, and without expectation of any compensation or attribution.

- Interpretation (disclaimed): Grants Midjourney broad permission to use, host, store, display, adapt, copy, modify, reject, remove, or stop use of any Translations at any time for any reason, and to suspend or terminate user participation, while clarifying Translations are provided voluntarily without expectation of compensation or attribution.
- Tier: All
- Location: Terms of Service › “Participating in Community Localization”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Midjourney%20may%20use%2C%20host%2C,any%20compensation%20or%20attribution.

### output ownership — risk unknown

> Midjourney may make available certain programs or features that allow users to submit translations relating to the Midjourney Site and Services (“Community Localization”). The translations, localization suggestions, updates, and other language-related content that You submit as part of the Community Localization program are the “Translations”. By submitting any Translations to Midjourney, You agree to the terms and conditions set forth in this Section 12. If You do not agree to these terms and conditions, You must not submit any Translations to the Community Localization program.

- Interpretation (disclaimed): Defines the Community Localization program and the term 'Translations,' establishes that submission of Translations constitutes agreement to Section 12's terms, and conditions participation on acceptance of those terms.
- Tier: All
- Location: Terms of Service › “12\. Community Localization”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Midjourney%20may%20make%20available,the%20Community%20Localization%20program.

### commercial use — risk unknown

> Please note: Midjourney is an open community which allows others to use and remix Your Content whenever they are posted in a public setting. By default, Your Content is publicly viewable and remixable. As described below, You grant Midjourney a license to allow this.

- Interpretation (disclaimed): Informs customers that by default their Content is publicly viewable and remixable in the open community, and that the license granted to Midjourney enables this remixing by others.
- Tier: All
- Location: Terms of Service › “Remixing and Stealth Mode”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Please%20note%3A%20Midjourney%20is,license%20to%20allow%20this.

### commercial use — risk unknown

> 04. You may not use the Services to generate images for political campaigns, or to try to influence the outcome of an election.

- Interpretation (disclaimed): Prohibits use of the Services to generate images for political campaigns or to influence election outcomes, restricting a specific category of commercial and political use of AI-generated outputs.
- Tier: All
- Location: Terms of Service › “9\. Community Guidelines”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=04.%20You%20may%20not,outcome%20of%20an%20election.

### commercial use — risk unknown

> 05. You may not use the Services or the Assets to attempt to or to actually deceive or defraud anyone.

- Interpretation (disclaimed): Prohibits use of the Services or Assets to deceive or defraud anyone, restricting fraudulent commercial or other deceptive applications of AI-generated content.
- Tier: All
- Location: Terms of Service › “9\. Community Guidelines”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=05.%20You%20may%20not,deceive%20or%20defraud%20anyone.

### privacy data use — risk high

> | 1 | **Identifiers.** Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers | YES | YES |

- Interpretation (disclaimed): Under the CCPA table, Midjourney confirms collection AND disclosure of highly sensitive identifiers. The breadth of identifiers collected and shared with third parties represents significant privacy risk to users.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%201%20%7C%20**Identifiers.**,YES%20%7C%20YES%20%7C

### privacy data use — risk high

> | 2 | **Personal information categories under the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).** A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | YES | YES |

- Interpretation (disclaimed): Confirmed collection and third-party disclosure of sensitive financial and health data categories under California law creates elevated risk, particularly because users may not anticipate such data collection when using an image-generation service.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%202%20%7C%20**Personal,YES%20%7C%20YES%20%7C

### privacy data use — risk high

> Prompts that you provide (including text, images, and those generated from spoken input and summarized into text), and other content such as photos, videos, documents, and messages that you input into the Services

- Interpretation (disclaimed): By categorizing prompts and all input content as personal data subject to this policy, Midjourney reserves the right to use this data for any of the enumerated purposes in §2.2, including service improvement, marketing, and business transfers.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Prompts%20that%20you%20provide,input%20into%20the%20Services

### privacy data use — risk high

> Midjourney may use Personal Data for the following purposes:

- **To provide, maintain, and improve our Service,** including to monitor the usage of our Service.
- **To manage Your account:** to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
- **For the performance of a contract:** the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
- **To contact You:** To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
- **To provide You** with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
- **For marketing and advertising purposes**, including through cookies and similar technologies with your consent where applicable.
- **To manage Your requests:** To attend and manage Your requests to Us.
- **For business transfers:** We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
- **For other purposes:** We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

- Interpretation (disclaimed): The 'other purposes' catch-all and the explicit inclusion of marketing, advertising, and business-transfer uses give Midjourney wide discretion to process personal data (including user prompts classified as personal data) for purposes that may not align with user expectations.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Midjourney%20may%20use%20Personal,marketing%20and%20your%20experience.

### privacy data use — risk high

> | 11 | **Inferences** Conclusions that could be used to create a profile reflecting an individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, aptitude. | YES. | YES |

- Interpretation (disclaimed): The confirmed collection and disclosure of inferences covering psychological trends, predispositions, attitudes, and intelligence represents significant profiling activity, creating meaningful privacy risk for users who may be unaware their data is being used to build behavioral profiles.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%2011%20%7C%20**Inferences**,YES.%20%7C%20YES%20%7C

### privacy data use — risk medium

> Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

- Interpretation (disclaimed): Broad consent-by-policy-acceptance for cross-border transfers may not satisfy GDPR adequacy requirements for EEA users and removes the user's ability to meaningfully object to specific transfer destinations.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Your%20information%2C%20including%20Personal,agreement%20to%20that%20transfer.

### privacy data use — risk medium

> | 8 | **Sensory data.** Audio, electronic, visual, thermal, olfactory, or similar information. | YES (only images you upload to our services) | YES |

- Interpretation (disclaimed): User-uploaded images are confirmed collected and shared with third parties. This is material for users uploading personal or proprietary images, as those images may be shared beyond the platform.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%208%20%7C%20**Sensory,services)%20%7C%20YES%20%7C

### privacy data use — risk medium

> | 4 | **Commercial information.** Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES | YES |

- Interpretation (disclaimed): Disclosure of commercial/purchasing data to third parties raises risk of commercial profiling and targeted marketing by parties outside the platform's direct control.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%204%20%7C%20**Commercial,YES%20%7C%20YES%20%7C

### privacy data use — risk medium

> | 3 | **Protected classification characteristics under California or federal law.** Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | YES (only the information you share upon consent as part of an applicable survey) | YES |

- Interpretation (disclaimed): Even though collection is consent-based and survey-limited, subsequent disclosure of this highly sensitive category of data to third parties is confirmed. Users consenting to a survey may not anticipate third-party disclosure of their protected characteristics.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%203%20%7C%20**Protected,survey)%20%7C%20YES%20%7C

### privacy data use — risk medium

> | 6 | **Internet or other similar network activity.** Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES | YES |

- Interpretation (disclaimed): Collection and third-party disclosure of browsing/search history and ad-interaction data adds to the overall surveillance profile built on users and is shared externally.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%206%20%7C%20**Internet,YES%20%7C%20YES%20%7C

### privacy data use — risk medium

> We may update this Policy from time-to-time to reflect changes in legal, regulatory, operational requirements, our practices, and other factors. Please check this Policy periodically for updates. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will notify you of any changes to this Policy.

- Interpretation (disclaimed): A unilateral amendment clause with a 'stop using the service' opt-out is a weak user protection. Notification obligations are conditioned on legal requirement rather than being a baseline commitment, meaning material privacy changes may occur without user awareness.
- Tier: All
- Location: Privacy Policy › “1\. Introduction”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=We%20may%20update%20this,changes%20to%20this%20Policy.

### privacy data use — risk unknown

> As used in this Policy, “personal data” means any information that relates to, describes, or could be used to identify an individual, directly or indirectly.

- Interpretation (disclaimed): Defines 'personal data' as any information that relates to, describes, or could identify an individual directly or indirectly, which is the foundational term governing all subsequent data collection, use, and sharing obligations in the policy.
- Tier: All
- Location: Privacy Policy › “1\. Introduction”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=As%20used%20in%20this,individual%2C%20directly%20or%20indirectly.

### privacy data use — risk unknown

> This Policy does not apply to the following information:

- Interpretation (disclaimed): Introduces exceptions to the Policy's applicability, carving out categories of personal data to which the Policy does not apply, thereby limiting the scope of data subject rights and company obligations.
- Tier: All
- Location: Privacy Policy › “1\. Introduction”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=This%20Policy%20does%20not,to%20the%20following%20information%3A

### privacy data use — risk unknown

> - Personal Data about Midjourney employees and candidates, and certain contractors and agents acting in similar roles.

- Interpretation (disclaimed): Specifies that the Policy does not apply to personal data about Midjourney employees, candidates, and certain contractors, creating an explicit carve-out from the data subject rights and obligations otherwise established by the Policy.
- Tier: All
- Location: Privacy Policy › “1\. Introduction”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20Personal%20Data%20about,acting%20in%20similar%20roles.

### privacy data use — risk unknown

> **Definitions:** Through this Policy, You, or Your means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Midjourney LLC. Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

- Interpretation (disclaimed): Defines key terms used throughout the Policy—'You/Your,' 'Company,' and 'Usage Data'—which are operative definitions that determine the legal subjects and data categories governed by all downstream obligations and restrictions.
- Tier: All
- Location: Privacy Policy › “1\. Introduction”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**Definitions%3A**%20Through%20this%20Policy%2C,of%20a%20page%20visit).

### privacy data use — risk unknown

> - Usage Data

- Interpretation (disclaimed): Identifies Usage Data as a category of personally identifiable information collected, incorporating the earlier definition of Usage Data into the list of data types subject to collection and use obligations.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20Usage%20Data

### privacy data use — risk unknown

> - Organizational Information like your company title

- Interpretation (disclaimed): Identifies organizational information such as company title as a category of personally identifiable information collected, contributing to the enumeration of data types subject to the Policy's obligations.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20Organizational%20Information%20like%20your%20company%20title

### privacy data use — risk unknown

> - Your Email

- Interpretation (disclaimed): Identifies email addresses as a category of personally identifiable information collected, contributing to the enumeration of data types subject to the Policy's obligations.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20Your%20Email

### privacy data use — risk unknown

> - Cookies

- Interpretation (disclaimed): Identifies cookies as a discrete category of collected data, contributing to the enumeration of personal data types subject to the Policy's collection and use obligations.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20Cookies

### privacy data use — risk unknown

> - Other data that you elect to send to Midjourney, such as your survey responses or information you include in communications to us

- Interpretation (disclaimed): Identifies a residual category of voluntarily submitted data (survey responses, communications) as personally identifiable information collected, using an open-ended enumeration that broadens the scope of data subject to the Policy's obligations.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20Other%20data%20that,in%20communications%20to%20us

### privacy data use — risk unknown

> Midjourney may use Personal Data for the following purposes:

- Interpretation (disclaimed): Grants Midjourney permission to use personal data for the enumerated purposes that follow, establishing the legal basis for the company's data processing activities.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Midjourney%20may%20use%20Personal,for%20the%20following%20purposes%3A

### privacy data use — risk unknown

> - **To manage Your account:** to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.

- Interpretation (disclaimed): Permits Midjourney to use personal data to manage user account registration and provide access to Service functionalities, establishing a lawful basis for account-related data processing.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**To%20manage%20Your,as%20a%20registered%20user.

### privacy data use — risk unknown

> - **For marketing and advertising purposes**, including through cookies and similar technologies with your consent where applicable.

- Interpretation (disclaimed): Permits Midjourney to use personal data for marketing and advertising purposes via cookies and similar technologies, conditioning such use on applicable consent requirements, establishing a consent-gated basis for targeted advertising data processing.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**For%20marketing%20and,your%20consent%20where%20applicable.

### privacy data use — risk unknown

> - **To manage Your requests:** To attend and manage Your requests to Us.

- Interpretation (disclaimed): Permits Midjourney to use personal data to manage and respond to user requests, establishing a lawful basis for customer service-related data processing.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**To%20manage%20Your,Your%20requests%20to%20Us.

### privacy data use — risk unknown

> - **With Your consent:** We may disclose Your personal information for any other purpose with Your consent.

- Interpretation (disclaimed): Grants Midjourney permission to disclose personal information to third parties for any purpose when the user provides explicit consent, establishing consent as a lawful basis for otherwise unpermitted disclosures.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**With%20Your%20consent%3A**,purpose%20with%20Your%20consent.

### privacy data use — risk unknown

> The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

- Interpretation (disclaimed): Disclaims absolute security guarantees for personal data, acknowledging that no internet transmission or electronic storage method is 100% secure while stating the Company's commitment to commercially acceptable protective measures.
- Tier: All
- Location: § 2.6 (Security of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=The%20security%20of%20Your,guarantee%20its%20absolute%20security.

### privacy data use — risk unknown

> We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

- Interpretation (disclaimed): Establishes the procedure by which Midjourney will notify users of Privacy Policy changes, namely by posting the updated policy on this page, and reserves the right to make such updates at any time.
- Tier: All
- Location: Privacy Policy › “5\. Changes to this Privacy Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=We%20may%20update%20Our,Policy%20on%20this%20page.

### privacy data use — risk unknown

> Additionally You have the following data protection rights:

- Interpretation (disclaimed): Introduces the enumerated list of data protection rights applicable to EEA/Swiss/UK users, marking the scope of the individual rights provisions that follow.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Additionally%20You%20have%20the%20following%20data%20protection%20rights%3A

### privacy data use — risk unknown

> We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

- Interpretation (disclaimed): Imposes an obligation on Midjourney to notify users via email and/or prominent notice prior to changes becoming effective and to update the 'Last updated' date, establishing a pre-change notification requirement.
- Tier: All
- Location: Privacy Policy › “5\. Changes to this Privacy Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=We%20will%20let%20You,of%20this%20Privacy%20Policy.

### privacy data use — risk unknown

> If You are located in the European Economic Area (the “EEA”), Switzerland, or the United Kingdom (the “UK”) Our legal basis for collecting and using the Personal Data described in this Policy will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal data from you.

- Interpretation (disclaimed): Establishes the legal bases under which Midjourney collects and processes personal data for EEA, Switzerland, and UK residents — consent, contractual necessity, or legitimate interests — creating jurisdiction-specific data processing obligations and rights tied to GDPR and equivalent frameworks.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=If%20You%20are%20located,personal%20data%20from%20you.

### privacy data use — risk unknown

> Midjourney uses cookies and similar technologies for analytics and advertising purposes, including to help tailor content and ads. These non-essential cookies will only be used with your explicit consent. You can manage or withdraw your consent at any time by visiting the [Privacy Settings](https://www.midjourney.com/profile-settings) page. Essential cookies, which are necessary for the website and our Services to function, are always active. Please refer to our [Cookie Policy](https://docs.midjourney.com/hc/en-us/articles/37012090959245-Cookie-Policy) for more information.

- Interpretation (disclaimed): Establishes that non-essential cookies require explicit user consent for EEA/Swiss/UK users and grants users the right to manage or withdraw consent via Privacy Settings, imposing a consent-first obligation for analytics and advertising cookies while defining essential cookies as always active.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Midjourney%20uses%20cookies%20and,Policy%5D(https%3A%2F%2Fdocs.midjourney.com%2Fhc%2Fen-us%2Farticles%2F37012090959245-Cookie-Policy)%20for%20more%20information.

### privacy data use — risk unknown

> - You can object to our processing of your Personal Data, ask us to restrict processing of your Personal Data or request portability of your Personal Data.

- Interpretation (disclaimed): Grants users the right to object to processing, request restriction of processing, and request data portability, establishing additional GDPR-derived individual rights that restrict Midjourney's freedom to process data.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20You%20can%20object,of%20your%20Personal%20Data.

### privacy data use — risk unknown

> - You have the right to complain to a data protection authority about our collection and use of your Personal Data.

- Interpretation (disclaimed): Grants users the right to lodge a complaint with a data protection supervisory authority regarding Midjourney's collection and use of personal data, establishing an administrative remedy right.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20You%20have%20the,of%20your%20Personal%20Data.

### privacy data use — risk unknown

> | **#** | **Category** | **Collected?** | **Disclosed?** |

- Interpretation (disclaimed): This segment is a table header defining the structure of a data collection and disclosure classification table, establishing the categorical framework used to disclose what personal information is collected and shared.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%20**%23**%20%7C%20**Category**,**Collected%3F**%20%7C%20**Disclosed%3F**%20%7C

### privacy data use — risk unknown

> | 3 | **Protected classification characteristics under California or federal law.** Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | YES (only the information you share upon consent as part of an applicable survey) | YES |

- Interpretation (disclaimed): This segment defines protected classification characteristics under California and federal law (age, race, disability, sex, etc.), discloses that such data is collected only with consent via surveys and is disclosed, constituting a conditional permission and transparency obligation.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%203%20%7C%20**Protected,survey)%20%7C%20YES%20%7C

### privacy data use — risk unknown

> | 4 | **Commercial information.** Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES | YES |

- Interpretation (disclaimed): This segment defines commercial information (purchasing histories, product records) and discloses that it is both collected and shared, establishing the scope of commercial data use and third-party disclosure.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%204%20%7C%20**Commercial,YES%20%7C%20YES%20%7C

### privacy data use — risk unknown

> | 6 | **Internet or other similar network activity.** Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | YES | YES |

- Interpretation (disclaimed): This segment defines internet and network activity data (browsing history, interaction data) and discloses that it is both collected and shared, establishing the scope of behavioral tracking and third-party disclosure obligations.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%206%20%7C%20**Internet,YES%20%7C%20YES%20%7C

### privacy data use — risk unknown

> | 10 | **Education Information under California Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99)** Information that is not “publicly available personally identifiable information” as defined in the California Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99). Includes education records directly related to a student maintained by an educational institution or party acting on its behalf, like grades, transcripts, class lists and student schedules, identification codes, financial information, or disciplinary records. | NO | NO |

- Interpretation (disclaimed): This segment defines education information under FERPA and states it is neither collected nor disclosed, establishing a restriction on education record processing and providing required statutory transparency.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%2010%20%7C%20**Education,NO%20%7C%20NO%20%7C

### privacy data use — risk unknown

> You have the right to request that Midjourney disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once Midjourney receives and confirms your verifiable information access request, Midjourney must disclose to you: (i) the categories of Personal Information we collected about you; (ii) the categories of sources for the Personal Information we collected about you; (iii) our business or commercial purpose for collecting or, if applicable, selling that Personal Information; (iv) the categories of third parties with whom we share that Personal Information; (v) the specific data points or pieces of Personal Information we collected about you. If we disclosed for a business purpose or sold your Personal Information, Midjourney must also provide separate lists that: (x) identify the personal information categories that were sold to each category of recipient in connection with sales of your Personal Information; and (y) identify the personal information categories that were provided to each category of recipient in connection with business purposes disclosures of your Personal Information..

- Interpretation (disclaimed): This segment grants California residents the right to request disclosure of specific information about Midjourney's collection and use of their personal information over the prior 12 months, and enumerates the categories of information Midjourney must disclose upon a verified request, creating an obligation on Midjourney to respond.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=You%20have%20the%20right,of%20your%20Personal%20Information..

### privacy data use — risk unknown

> To exercise your access, data portability, and deletion or do not sell opt-out rights described above, please visit [www.midjourney.com/account](https://www.midjourney.com/account) and follow the instructions listed at the bottom of the page to delete your account and data (including any survey responses), or go [here](https://docs.midjourney.com/hc/en-us/articles/32084927086861) and follow the instructions listed to access or review your account information.

- Interpretation (disclaimed): This segment describes the specific mechanisms by which users can exercise their CCPA rights (access, portability, deletion, opt-out), directing them to account settings and linked instructions, establishing the procedural pathway for rights exercise.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=To%20exercise%20your%20access%2C,review%20your%20account%20information.

### privacy data use — risk unknown

> You may only make a verifiable consumer request for access or data portability up to two times within a 12-month period. You may make a verifiable do not sell opt-out request at any time. Any such request must: (i) provide sufficient information that allows Us to reasonably verify that you are the person about whom we collected personal information or an authorized representative thereof; and (ii) describe your request with sufficient detail such that we may understand, evaluate, and respond to it. Midjourney cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with Midjourney. Midjourney will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

- Interpretation (disclaimed): This segment establishes procedural limitations on consumer requests, including a cap of two access/portability requests per 12-month period, requirements for verifiable identity or authorized representative status, and sufficient request detail, conditioning Midjourney's obligation to respond on compliance with these requirements.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=You%20may%20only%20make,of%20your%20minor%20child.

### privacy data use — risk unknown

> We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you in writing of the extension period and the reason for it. Midjourney will deliver any required or requested responses or other communications in writing to you by email. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. If applicable, the response we provide will also explain any reasons we cannot comply with a request. For data portability requests, Midjourney will provide your personal information in a format that is readily usable and transferable. Midjourney does not charge a fee to process or respond to your verifiable consumer request unless such requests become excessive, repetitive, or manifestly unfounded or as otherwise permitted by the CCPA. If we determine that a request warrants charging a fee, we will notify you and provide you with a cost estimate before completing your request.

- Interpretation (disclaimed): This segment establishes the 45-day response timeline (extendable to 90 days with notice), the written email delivery format, the 12-month look-back period for disclosures, the requirement to explain denials, and the format for data portability responses, creating procedural obligations on Midjourney for responding to verified consumer requests.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=We%20endeavor%20to%20respond,before%20completing%20your%20request.

### privacy data use — risk unknown

> - [<%= section.name %>](https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy)

- Interpretation (disclaimed): Hyperlink reference to Midjourney's Privacy Policy, serving as an incorporation by reference to the privacy policy document.
- Tier: All
- Location: Privacy Policy › “Categories”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%20-%20%5B%3C%25%3D%20section.name%20%25%3E%5D(https%3A%2F%2Fdocs.midjourney.com%2Fhc%2Fen-us%2Farticles%2F32083472637453-Privacy-Policy)

### privacy data use — risk unknown

> 08. Respect others’ rights. Do not upload others’ private information.

- Interpretation (disclaimed): Restricts users from uploading others' private information to the platform, establishing a privacy protection obligation for user-generated content submitted to the Services.
- Tier: All
- Location: Terms of Service › “9\. Community Guidelines”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=08.%20Respect%20others%E2%80%99%20rights.,upload%20others%E2%80%99%20private%20information.

### privacy data use — risk unknown

> By using the Services, You may provide Midjourney with personal information like Your email address, user name, billing information, favorites, outputs, and text prompts that You enter, or sample images or other content that You upload to the Service. Our privacy policy can be found [here](https://docs.midjourney.com/hc/en-us/articles/32083472637453).

- Interpretation (disclaimed): Identifies categories of personal information customers may provide to Midjourney (email, username, billing info, prompts, outputs, uploaded content) and incorporates the privacy policy by reference, establishing the basis for data collection.
- Tier: All
- Location: Terms of Service › “3\. Your Information”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=By%20using%20the%20Services%2C,can%20be%20found%20%5Bhere%5D(https%3A%2F%2Fdocs.midjourney.com%2Fhc%2Fen-us%2Farticles%2F32083472637453).

### privacy data use — risk unknown

> We reserve the right to investigate complaints or reported violations of this Agreement and to take any action we deem appropriate including but not limited to reporting any suspected unlawful activity to law enforcement officials, regulators, or other third parties and disclosing any information necessary or appropriate to such persons or entities relating to user profiles, e-mail addresses, usage history, posted materials, IP addresses and traffic information.

- Interpretation (disclaimed): Reserves Midjourney's right to investigate reported violations and disclose user data (profiles, email addresses, usage history, IP addresses, traffic information) to law enforcement, regulators, or other third parties as deemed appropriate.
- Tier: All
- Location: Terms of Service › “1\. Service Availability and Quality”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=We%20reserve%20the%20right,addresses%20and%20traffic%20information.

### privacy data use — risk unknown

> - [<%= category.name %>](https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy)

- Interpretation (disclaimed): Hyperlink reference to Midjourney's Privacy Policy document, incorporating it by reference into the document structure.
- Tier: All
- Location: Privacy Policy › “Categories”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%20-%20%5B%3C%25%3D%20category.name%20%25%3E%5D(https%3A%2F%2Fdocs.midjourney.com%2Fhc%2Fen-us%2Farticles%2F32083472637453-Privacy-Policy)

### privacy data use — risk unknown

> | 11 | **Inferences** Conclusions that could be used to create a profile reflecting an individual’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, aptitude. | YES. | YES |

- Interpretation (disclaimed): This segment defines inferred data (conclusions about preferences, psychological trends, behavior, abilities) and discloses that such inferences are both collected and disclosed, establishing the scope of profiling activity and third-party sharing obligations.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%2011%20%7C%20**Inferences**,YES.%20%7C%20YES%20%7C

### privacy data use — risk unknown

> You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

- Interpretation (disclaimed): Advises users to periodically review the Privacy Policy and establishes that changes become effective upon posting, defining the operative effective date for policy amendments.
- Tier: All
- Location: Privacy Policy › “5\. Changes to this Privacy Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=You%20are%20advised%20to,posted%20on%20this%20page.

### privacy data use — risk unknown

> - Your user name for the Services

- Interpretation (disclaimed): Identifies usernames as a category of personally identifiable information collected from users, contributing to the enumeration of data types subject to the Policy's collection and use obligations.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20Your%20user%20name%20for%20the%20Services

### privacy data use — risk unknown

> - **For business transfers:** We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.

- Interpretation (disclaimed): Permits Midjourney to use personal data in connection with business transfer transactions such as mergers, acquisitions, and bankruptcy proceedings, and identifies such data as a transferable asset, establishing a lawful basis for M&A-related data processing.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**For%20business%20transfers%3A**,among%20the%20assets%20transferred.

### privacy data use — risk unknown

> **Applicability:** This Policy applies to personal data that Midjourney collects, uses, and discloses and which may include: (i) data collected through the Services, (ii) data collected through the process of training Midjourney machine learning algorithms, (iii) data collected through Midjourney websites, and (iv) data collected from third party sources. Third party sources may include, but not be limited to: public databases, commercial data sources, and the public internet. When you make purchases, we use third-party payment processors to collect credit card or other financial information. Midjourney does not store the credit card or payment information you provide, only confirmation that payment was made.

- Interpretation (disclaimed): Defines the applicability of the Policy by enumerating four categories of personal data covered, including data collected through the Services, through ML training processes, through websites, and from third-party sources, thereby scoping the legal obligations for data handling across all collection channels.
- Tier: All
- Location: Privacy Policy › “1\. Introduction”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**Applicability%3A**%20This%20Policy%20applies,that%20payment%20was%20made.

### privacy data use — risk unknown

> Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

- Interpretation (disclaimed): Establishes that the user's consent to the Privacy Policy and submission of information constitutes agreement to cross-border data transfer, creating a consent-based legal mechanism for international data transfers.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Your%20consent%20to%20this,agreement%20to%20that%20transfer.

### privacy data use — risk unknown

> **Changes:** We may update this Policy from time-to-time to reflect changes in legal, regulatory, operational requirements, our practices, and other factors. Please check this Policy periodically for updates. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will notify you of any changes to this Policy.

- Interpretation (disclaimed): Establishes the procedure for Policy amendments, specifying that Midjourney may update the Policy and obligating users to monitor it periodically, while also conditioning notification requirements on applicable law and providing that continued interaction constitutes acceptance.
- Tier: All
- Location: Privacy Policy › “1\. Introduction”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**Changes%3A**%20We%20may%20update,changes%20to%20this%20Policy.

### privacy data use — risk unknown

> **Response Timing and Format**

- Interpretation (disclaimed): This heading introduces the response timing and format subsection, defining the procedural standards for how Midjourney must respond to consumer rights requests under the CCPA.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**Response%20Timing%20and%20Format**

### privacy data use — risk unknown

> The CCPA provides individuals residing in California or whose Personal Information was collected in California with specific rights regarding their Personal information. The below describes your rights and how you may exercise them.

- Interpretation (disclaimed): This segment identifies California residents as having specific rights under the CCPA regarding their personal information and introduces the enumeration of those rights, establishing the legal basis for the consumer rights described in subsequent segments.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=The%20CCPA%20provides%20individuals,you%20may%20exercise%20them.

### privacy data use — risk unknown

> | 1 | **Identifiers.** Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers | YES | YES |

- Interpretation (disclaimed): This segment defines the category of Identifiers (name, IP address, email, SSN, passport number, etc.) and affirmatively discloses that this category of personal information is both collected and disclosed to third parties, creating a legal obligation of transparency under applicable privacy law.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%201%20%7C%20**Identifiers.**,YES%20%7C%20YES%20%7C

### privacy data use — risk unknown

> - **For other purposes:** We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

- Interpretation (disclaimed): Grants Midjourney a broad residual permission to use personal data for additional purposes including data analysis, trend identification, campaign effectiveness evaluation, and service improvement, extending the lawful basis for data processing beyond the specifically enumerated uses.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**For%20other%20purposes%3A**,marketing%20and%20your%20experience.

### privacy data use — risk unknown

> | 9 | **Professional or employment-related information.** Current or past employment history or performance evaluations. | NO | NO |

- Interpretation (disclaimed): This segment defines professional and employment-related information and states it is neither collected nor disclosed, providing a transparency restriction on employment data processing.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%209%20%7C%20**Professional,NO%20%7C%20NO%20%7C

### privacy data use — risk unknown

> - Your IP address

- Interpretation (disclaimed): Identifies IP addresses as a category of personally identifiable information collected from users, establishing this data type as subject to the Policy's collection and use obligations.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20Your%20IP%20address

### privacy data use — risk unknown

> If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

- Interpretation (disclaimed): Imposes a conditional obligation to obtain parental consent before collecting and processing information where the user's country requires it and consent is the legal basis for processing, establishing an age-gated data collection requirement.
- Tier: All
- Location: Privacy Policy › “3\. Children's Privacy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=If%20We%20need%20to,and%20use%20that%20information.

### privacy data use — risk unknown

> - **To provide You** with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.

- Interpretation (disclaimed): Permits Midjourney to use personal data to send marketing communications about similar goods and services, subject to user opt-out rights, establishing a lawful basis for marketing data processing.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**To%20provide%20You**,to%20receive%20such%20information.

### privacy data use — risk unknown

> <% } else { %>
[<%= article.title %>](https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy)
<% } %>

- Interpretation (disclaimed): Conditional rendering of article title as hyperlink to Privacy Policy, incorporating the privacy policy by reference in the navigation structure.
- Tier: All
- Location: Privacy Policy › “[](https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy)”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%3C%25%20%7D%20else%20%7B,%25%3E%5D(https%3A%2F%2Fdocs.midjourney.com%2Fhc%2Fen-us%2Farticles%2F32083472637453-Privacy-Policy)%20%3C%25%20%7D%20%25%3E

### privacy data use — risk unknown

> | 8 | **Sensory data.** Audio, electronic, visual, thermal, olfactory, or similar information. | YES (only images you upload to our services) | YES |

- Interpretation (disclaimed): This segment defines sensory data and discloses that images uploaded to the service are collected and disclosed, establishing the scope of visual data processing and third-party sharing with a conditional permission tied to user uploads.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%208%20%7C%20**Sensory,services)%20%7C%20YES%20%7C

### privacy data use — risk unknown

> | 7 | **Geolocation data.** Physical location or movements. | NO | NO |

- Interpretation (disclaimed): This segment defines geolocation data and states it is neither collected nor disclosed, serving as a transparency restriction clarifying that physical location data is not processed.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%207%20%7C%20**Geolocation,NO%20%7C%20NO%20%7C

### privacy data use — risk unknown

> - Contact Information

- Interpretation (disclaimed): Identifies contact information as a category of personally identifiable information collected, contributing to the enumeration of data types subject to the Policy's obligations.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20Contact%20Information

### privacy data use — risk unknown

> - **To contact You:** To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.

- Interpretation (disclaimed): Permits Midjourney to use personal data to contact users via email, phone, SMS, and push notifications for service-related and security communications, establishing a lawful basis for communication-related data processing.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**To%20contact%20You%3A**,reasonable%20for%20their%20implementation.

### privacy data use — risk unknown

> **INFORMATION WE COLLECT**

- Interpretation (disclaimed): Sub-section heading introducing the enumeration of personal data categories Midjourney collects from California residents, marking the scope of the CCPA-mandated disclosure of collected information types.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**INFORMATION%20WE%20COLLECT**

### privacy data use — risk unknown

> This privacy policy (the “Policy”) describes Midjourney, Inc. (“Midjourney”)’s practices with respect to personal data that is collected when you access midjourney.com (the “Site”), or access or use the Midjourney services, applications, or platform through the Site, Discord servers administered by Midjourney, or by any other means (collectively, the “Services”) . Midjourney is a communications technology incubator that provides image generation services to augment human creativity and foster social connection.

- Interpretation (disclaimed): Defines the scope and subject matter of the Privacy Policy, identifying Midjourney as the data controller and specifying the channels (Site, Discord, other means) through which personal data is collected, thereby establishing the legal framework for all downstream data use obligations.
- Tier: All
- Location: Privacy Policy › “1\. Introduction”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=This%20privacy%20policy%20(the,and%20foster%20social%20connection.

### privacy data use — risk unknown

> **YOUR RIGHTS AND CHOICES**

- Interpretation (disclaimed): This heading introduces the section governing individual rights and choices under applicable privacy law, defining the scope of the rights framework that follows.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**YOUR%20RIGHTS%20AND%20CHOICES**

### privacy data use — risk unknown

> | 2 | **Personal information categories under the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).** A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | YES | YES |

- Interpretation (disclaimed): This segment defines personal information categories under California Civil Code §1798.80(e) including financial, medical, and identifying information, and discloses collection and disclosure status, fulfilling a statutory transparency obligation under the CCPA.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%202%20%7C%20**Personal,YES%20%7C%20YES%20%7C

### privacy data use — risk unknown

> **EXERCISING YOUR RIGHTS**

- Interpretation (disclaimed): This heading introduces the procedural section for exercising CCPA rights, defining the subsection that describes how users may submit access, portability, deletion, and opt-out requests.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**EXERCISING%20YOUR%20RIGHTS**

### privacy data use — risk unknown

> | 5 | **Biometric information.** Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO | NO |

- Interpretation (disclaimed): This segment defines biometric information and affirmatively states it is neither collected nor disclosed, which is a restriction on data collection and a transparency disclosure clarifying the absence of biometric data processing.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%205%20%7C%20**Biometric,NO%20%7C%20NO%20%7C

### privacy data use — risk unknown

> Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

- Interpretation (disclaimed): Restricts collection of personally identifiable information from children under 13, establishes a procedure for parental reporting, and imposes an obligation to delete data collected from minors without verified parental consent.
- Tier: All
- Location: Privacy Policy › “3\. Children's Privacy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Our%20Service%20does%20not,information%20from%20Our%20servers.

### privacy data use — risk unknown

> - [<%= article.title %>](https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy)

- Interpretation (disclaimed): Hyperlink reference to Midjourney's Privacy Policy document within article navigation, serving as an incorporation by reference.
- Tier: All
- Location: Privacy Policy › “Categories”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%20%20%20-%20%5B%3C%25%3D%20article.title%20%25%3E%5D(https%3A%2F%2Fdocs.midjourney.com%2Fhc%2Fen-us%2Farticles%2F32083472637453-Privacy-Policy)

### privacy data use — risk unknown

> In order to exercise Your rights please visit [www.midjourney.com/account](https://www.midjourney.com/account) and follow the instructions listed at the bottom of the page to delete your account and data. Survey data that you may have submitted can also be accessed and deleted at this link. To access or review your account information, please follow the instructions listed [here.](https://docs.midjourney.com/hc/en-us/articles/32084927086861)

- Interpretation (disclaimed): Establishes the procedure for exercising data protection rights, directing users to a specific account management page to delete accounts and data, access survey data, and review account information via provided links.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=In%20order%20to%20exercise,the%20instructions%20listed%20%5Bhere.%5D(https%3A%2F%2Fdocs.midjourney.com%2Fhc%2Fen-us%2Farticles%2F32084927086861)

### privacy data use — risk unknown

> | --- | --- | --- | --- |

- Interpretation (disclaimed): This segment is the separator row of the table header, forming part of the structural definition of the personal information classification table used to disclose collection and disclosure practices.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%7C%20---%20%7C%20---,---%20%7C%20---%20%7C

### privacy data use — risk unknown

> **Access to Specific Information and Data Portability Rights**

- Interpretation (disclaimed): This heading introduces the specific right of access and data portability, defining the subsection that describes the scope and procedure for exercising information access rights under the CCPA.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**Access%20to%20Specific%20Information%20and%20Data%20Portability%20Rights**

### privacy data use — risk unknown

> - **To provide, maintain, and improve our Service,** including to monitor the usage of our Service.

- Interpretation (disclaimed): Permits Midjourney to use personal data to provide, maintain, and improve the Service, including monitoring usage, establishing a lawful basis for ongoing operational data processing.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**To%20provide%2C%20maintain%2C,usage%20of%20our%20Service.

### privacy data use — risk unknown

> While interacting with the Services, You may provide certain personally identifiable information that could be used to contact or identify You. Personally identifiable information may include, but is not limited to:

- Interpretation (disclaimed): Introduces and scopes the category of personally identifiable information that users may provide when interacting with the Services, establishing the definitional basis for the data types subject to collection and use obligations.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=While%20interacting%20with%20the,is%20not%20limited%20to%3A

### privacy data use — risk unknown

> - Tracking Technologies and Cookies

- Interpretation (disclaimed): Identifies tracking technologies and cookies as categories of data collected from users, establishing these as personal data types subject to the Policy's collection and use obligations.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20Tracking%20Technologies%20and%20Cookies

### privacy data use — risk unknown

> - **For the performance of a contract:** the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.

- Interpretation (disclaimed): Permits Midjourney to use personal data for contract performance purposes, including fulfillment of purchases and other contractual obligations, establishing a lawful basis for transactional data processing.
- Tier: All
- Location: Privacy Policy › “2\. Collecting and Using Your Personal Data”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**For%20the%20performance,Us%20through%20the%20Service.

### privacy data use — risk unknown

> - If we have collected and processed your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.

- Interpretation (disclaimed): Grants users the right to withdraw consent at any time where consent is the legal basis for processing, while clarifying that withdrawal does not affect the lawfulness of prior processing or processing conducted on other lawful grounds.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20If%20we%20have,grounds%20other%20than%20consent.

### privacy data use — risk unknown

> - You can request access, correction, updates or deletion of your Personal Data.

- Interpretation (disclaimed): Grants users the right to request access, correction, updates, or deletion of their personal data, establishing subject access and erasure rights consistent with GDPR obligations.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20You%20can%20request,of%20your%20Personal%20Data.

### data retention — risk medium

> The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

- Interpretation (disclaimed): Absence of concrete retention timelines means users cannot predict when their data (including prompts) will be deleted. Exceptions for 'improve the functionality of Our Service' effectively allow extended retention of usage data for operational purposes.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=The%20Company%20will%20retain,for%20longer%20time%20periods.

### data retention — risk ambiguous

> Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt.

- Interpretation (disclaimed): The 12-month disclosure window is a CCPA procedural requirement, not a retention limit. The absence of any explicit retention period in this document means users cannot determine how long their data is stored, which is a meaningful ambiguity from a risk perspective.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Any%20disclosures%20we%20provide,verifiable%20consumer%20request%E2%80%99s%20receipt.

### data retention — risk unknown

> The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

- Interpretation (disclaimed): Imposes an obligation on the Company to retain personal data only as long as necessary for stated purposes and as required by legal obligations, dispute resolution, and enforcement of agreements, defining the operative retention period and its triggers.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=The%20Company%20will%20retain,legal%20agreements%20and%20policies.

### data retention — risk unknown

> **Deletion Request Rights**

- Interpretation (disclaimed): This heading introduces the data deletion rights subsection, defining the scope of the right to request erasure of personal information retained by Midjourney.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**Deletion%20Request%20Rights**

### data retention — risk unknown

> You have the right to request that Midjourney delete any of your Personal Information that we collected from you and/or retained. Unless subject to a certain limited exception, once Midjourney receives and confirms your verifiable data deletion request, we will delete (and direct our service providers to delete) your personal information from our records. Midjourney will notify you promptly if it determines it must deny your deletion request.

- Interpretation (disclaimed): This segment grants California residents the right to request deletion of their personal information, imposes an obligation on Midjourney to delete data and direct service providers to do the same upon verification, and requires notification if the deletion request is denied, subject to limited exceptions.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=You%20have%20the%20right,deny%20your%20deletion%20request.

### data retention — risk unknown

> The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

- Interpretation (disclaimed): Establishes a specific obligation regarding the retention of Usage Data, providing that it is generally held for shorter periods but may be retained longer for security, functionality improvement, or legal compliance purposes.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=The%20Company%20will%20also,for%20longer%20time%20periods.

### data retention — risk unknown

> **2.4 Retention of Your Personal Data**

- Interpretation (disclaimed): Section heading that introduces and defines the scope of the data retention provisions that follow, signaling that the subsequent clauses govern how long personal data is kept.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**2.4%20Retention%20of%20Your%20Personal%20Data**

### subprocessors data sharing — risk high

> For business transfers:** We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.

- Interpretation (disclaimed): In M&A scenarios, user personal data (including prompts) becomes a transferable asset. There is no clause requiring the successor entity to honor the same privacy commitments, creating post-transfer risk.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=For%20business%20transfers%3A**%20We,business%20to%20another%20company.

### subprocessors data sharing — risk high

> With Service Providers, Third Party Vendors, Consultants, and other Business Partners:** We may share Your personal information with these parties in order to provide the Services to You on our behalf, monitor and analyze the use of our Services, contact You, and for other purposes stated in the Agreement. This may also include third party analytics and advertising partners that use cookies or similar technologies to help measure performance and deliver more relevant ads, where permitted by law.

- Interpretation (disclaimed): The clause permits sharing with a broad, unnamed class of third parties for purposes including advertising. Combined with prompt data being classified as personal data, this creates a risk that creative inputs could be exposed to advertising technology ecosystems.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=With%20Service%20Providers%2C%20Third,where%20permitted%20by%20law.

### subprocessors data sharing — risk medium

> We may invoice You for Your use of the Services through a third party payment service provider. The third party service provider’s terms of service shall govern and supersede this Agreement in case of conflict, solely with respect to payment processing.

- Interpretation (disclaimed): By deferring to unnamed third-party payment processor terms without identifying the processor or linking to their terms, users cannot easily assess the data handling and liability implications of payment processing.
- Tier: Paid
- Location: Terms of Service › “8\. Payment and Billing”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=We%20may%20invoice%20You,respect%20to%20payment%20processing.

### subprocessors data sharing — risk medium

> While, Midjourney does not sell your information, we may share it, for example, through advertising cookies that allow our third party partners to deliver relevant and personalized ads. You can opt-out of such sharing at any time by updating your preferences in the [Privacy Settings](htt

- Interpretation (disclaimed): The distinction between 'selling' and 'sharing' under CCPA is narrow. Sharing personal data with advertising partners for targeted advertising may constitute a 'sale' under CCPA's broad definition. The default is sharing unless the user affirmatively opts out, which places the burden on users.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=While%2C%20Midjourney%20does%20not,in%20the%20%5BPrivacy%20Settings%5D(htt

### subprocessors data sharing — risk unknown

> - **With Service Providers, Third Party Vendors, Consultants, and other Business Partners:** We may share Your personal information with these parties in order to provide the Services to You on our behalf, monitor and analyze the use of our Services, contact You, and for other purposes stated in the Agreement. This may also include third party analytics and advertising partners that use cookies or similar technologies to help measure performance and deliver more relevant ads, where permitted by law.

- Interpretation (disclaimed): Permits Midjourney to share personal information with service providers, third-party vendors, consultants, business partners, and analytics/advertising partners for service delivery, monitoring, and advertising purposes, thereby identifying the categories of subprocessors and establishing the legal basis for onward data transfers.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**With%20Service%20Providers%2C,where%20permitted%20by%20law.

### subprocessors data sharing — risk unknown

> - Protect against legal liability

- Interpretation (disclaimed): Permits disclosure of personal data to other parties to protect the Company against legal liability, establishing legal defense as a lawful basis for data sharing.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%20%20-%20Protect%20against%20legal%20liability

### subprocessors data sharing — risk unknown

> - **For business transfers:** We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.

- Interpretation (disclaimed): Permits Midjourney to share or transfer personal information in connection with mergers, asset sales, financing, or acquisitions, establishing the lawful basis for data sharing in corporate transaction contexts where user data is treated as a transferable asset.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**For%20business%20transfers%3A**,business%20to%20another%20company.

### subprocessors data sharing — risk unknown

> - Protect and defend the rights or property of the Company

- Interpretation (disclaimed): Permits disclosure of personal data to other parties for the purpose of protecting and defending the rights or property of the Company, establishing a legitimate-interest basis for data sharing.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%20-%20Protect%20and,property%20of%20the%20Company

### subprocessors data sharing — risk unknown

> - Protect the personal safety of Users of the Service or the public

- Interpretation (disclaimed): Permits disclosure of personal data to other parties to protect the personal safety of users or the public, establishing a public-safety basis for third-party data disclosure.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%20-%20Protect%20the,Service%20or%20the%20public

### subprocessors data sharing — risk unknown

> We may invoice You for Your use of the Services through a third party payment service provider. The third party service provider’s terms of service shall govern and supersede this Agreement in case of conflict, solely with respect to payment processing.

- Interpretation (disclaimed): States that Midjourney may invoice users through a third-party payment service provider and that the third party's terms of service govern and supersede this Agreement with respect to payment processing, incorporating third-party terms and disclosing use of a payment subprocessor.
- Tier: All
- Location: Terms of Service › “8\. Payment and Billing”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=We%20may%20invoice%20You,respect%20to%20payment%20processing.

### subprocessors data sharing — risk unknown

> - **With Other Parties in order to:**  - Comply with a legal obligation

- Interpretation (disclaimed): Permits disclosure of personal data to other parties for the purpose of complying with a legal obligation, identifying one of several enumerated lawful bases for third-party data sharing.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**With%20Other%20Parties,with%20a%20legal%20obligation

### subprocessors data sharing — risk unknown

> - Prevent or investigate possible wrongdoing in connection with the Service

- Interpretation (disclaimed): Permits disclosure of personal data to other parties for the purpose of investigating or preventing possible wrongdoing in connection with the Service, providing a safety/fraud-prevention basis for data sharing.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=%20-%20Prevent%20or,connection%20with%20the%20Service

### subprocessors data sharing — risk unknown

> You have the right to opt-out of any “sale” or “sharing”, as defined by the CCPA, of Personal Information by Midjourney. While, Midjourney does not sell your information, we may share it, for example, through advertising cookies that allow our third party partners to deliver relevant and personalized ads. You can opt-out of such sharing at any time by updating your preferences in the [Privacy Settings](https://www.midjourney.com/profile-settings) page.

- Interpretation (disclaimed): This segment grants users the right to opt out of the sale or sharing of personal information under the CCPA, clarifies that Midjourney does not sell data but may share it via advertising cookies with third-party partners, and provides a procedure to opt out via Privacy Settings, creating both a user right and a restriction on sharing absent opt-out.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=You%20have%20the%20right,the%20%5BPrivacy%20Settings%5D(https%3A%2F%2Fwww.midjourney.com%2Fprofile-settings)%20page.

### subprocessors data sharing — risk unknown

> - **With Law Enforcement:** Under certain circumstances, Midjourney may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). To the extent we receive a request from Law Enforcement for Your personal data, we will promptly notify You and provide You with a copy of the request, unless we are legally prohibited from doing so.

- Interpretation (disclaimed): Establishes Midjourney's legal obligation to disclose personal data to law enforcement when required by law or valid public authority request, and imposes a further obligation to promptly notify the user and provide a copy of the request unless legally prohibited.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=-%20**With%20Law%20Enforcement%3A**,prohibited%20from%20doing%20so.

### subprocessors data sharing — risk unknown

> We may share Your personal information in the following situations:

- Interpretation (disclaimed): Introduces the categories of situations in which Midjourney may share personal information with third parties, establishing the general framework for third-party data sharing permissions that follow.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=We%20may%20share%20Your,in%20the%20following%20situations%3A

### subprocessors data sharing — risk unknown

> Midjourney may share information internally or with third parties, as further described in this Policy. When we share Personal Data of individuals in the EEA, Switzerland or UK with third parties, we make use of a variety of legal mechanisms to safeguard the transfer including the European Commission-approved standard contractual clauses, as well as additional safeguards where appropriate.

- Interpretation (disclaimed): Imposes an obligation on Midjourney to use legally adequate mechanisms such as EU Standard Contractual Clauses and additional safeguards when sharing EEA/Switzerland/UK personal data with third parties, establishing transfer-compliance requirements.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Midjourney%20may%20share%20information,additional%20safeguards%20where%20appropriate.

### subprocessors data sharing — risk unknown

> Third party sites and services (including Discord) have separate practices regarding the protection of personal data that you provide to them. We have no control over and assume no responsibility for the content, privacy policies or practices of these third party sites or services.

- Interpretation (disclaimed): Disclaims Midjourney's control over and responsibility for the privacy practices of third-party sites and services including Discord, limiting Midjourney's legal liability for data shared with those parties.
- Tier: All
- Location: Privacy Policy › “4\. Links to Other Websites”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Third%20party%20sites%20and,party%20sites%20or%20services.

### subprocessors data sharing — risk unknown

> **Do Not Sell or Share Opt-Out Rights**

- Interpretation (disclaimed): This heading introduces the opt-out rights subsection for sale or sharing of personal information under the CCPA, defining the scope of the opt-out mechanism.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**Do%20Not%20Sell%20or%20Share%20Opt-Out%20Rights**

### subprocessors data sharing — risk unknown

> Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

- Interpretation (disclaimed): Disclaims Midjourney's responsibility for third-party websites linked from the Service and advises users to review those sites' privacy policies, limiting Midjourney's accountability for third-party data practices.
- Tier: All
- Location: Privacy Policy › “4\. Links to Other Websites”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Our%20Service%20may%20contain,every%20site%20You%20visit.

### audit rights dpa residency — risk low

> When we share Personal Data of individuals in the EEA, Switzerland or UK with third parties, we make use of a variety of legal mechanisms to safeguard the transfer including the European Commission-approved standard contractual clauses, as well as additional safeguards where appropriate.

- Interpretation (disclaimed): While SCCs are a recognized GDPR transfer mechanism, the policy does not offer a data processing agreement, audit rights, or sub-processor list, which enterprise buyers typically require for compliance.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=When%20we%20share%20Personal,additional%20safeguards%20where%20appropriate.

### audit rights dpa residency — risk unknown

> **2.5 Transfer of Your Personal Data**

- Interpretation (disclaimed): Section heading introducing the data transfer provisions, signaling that the following clauses address cross-border transfer of personal data and associated residency considerations.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**2.5%20Transfer%20of%20Your%20Personal%20Data**

### audit rights dpa residency — risk unknown

> Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in Your jurisdiction.

- Interpretation (disclaimed): Discloses that personal data may be transferred to and processed in locations outside the user's jurisdiction where data protection laws may differ, informing users of the geographic scope of processing and applicable legal frameworks.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=Your%20information%2C%20including%20Personal,those%20in%20Your%20jurisdiction.

### audit rights dpa residency — risk unknown

> **California**

- Interpretation (disclaimed): Sub-section heading identifying that the following provisions apply specifically to California residents, demarcating the geographic scope of the CCPA-specific data protection obligations.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**California**

### audit rights dpa residency — risk unknown

> **Europe**

- Interpretation (disclaimed): Sub-section heading identifying that the following provisions apply specifically to users located in Europe (EEA, Switzerland, UK), demarcating the geographic scope of the EU/UK data protection obligations.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=**Europe**

### audit rights dpa residency — risk unknown

> This Statement applies solely to residents of California or individuals whose information has been collected in California. Midjourney has adopted and included this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms used in this Statement that are defined in the CCPA have the same meaning given therein.

- Interpretation (disclaimed): Incorporates the California Consumer Privacy Act (CCPA) by reference, establishing that the Statement applies to California residents, that it is adopted to comply with the CCPA, and that CCPA-defined terms carry their statutory meanings within this notice.
- Tier: All
- Location: Privacy Policy › “6\. Supplemental Terms and Conditions for Certain Regions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=This%20Statement%20applies%20solely,same%20meaning%20given%20therein.

### audit rights dpa residency — risk unknown

> The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

- Interpretation (disclaimed): Imposes an obligation on the Company to take reasonably necessary steps to ensure secure and policy-compliant data treatment and prohibits transfer to organizations or countries lacking adequate data protection controls.
- Tier: All
- Location: § 2.3 (Sharing of Your Personal Data)
- Source: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy
- Snapshot SHA-256: `abe6a8d3b3fd3d108d4af892ea659512eda451a9a06766549603bcaebbb03a5c`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083472637453-Privacy-Policy#:~:text=The%20Company%20will%20take,and%20other%20personal%20information.

### indemnity liability — risk high

> To the extent permitted by law, you will indemnify and hold us harmless, our affiliates, and our personnel, from and against any costs, losses, liabilities, and expenses (including attorneys’ fees) from third party claims arising out of or relating to your use of the Services and Assets or any violation of these Terms.

- Interpretation (disclaimed): User bears full indemnification exposure for any third-party claim arising from use of the platform or its outputs ('Assets'), with no monetary ceiling on indemnity unlike the platform's own liability cap of 12-month fees paid.
- Tier: All
- Location: Terms of Service › “10\. Limitation of Liability and Indemnity”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=To%20the%20extent%20permitted,violation%20of%20these%20Terms.

### indemnity liability — risk high

> You understand and agree that we will not be liable to You or any third party for any loss of profits, use, goodwill, or data, or for any incidental, indirect, special, consequential or exemplary damages, however they arise. Our aggregate liability under this Agreement will not exceed the amount You paid for the Services that gave rise to the claim during the 12 months before the claim.

- Interpretation (disclaimed): The broad exclusion of consequential, indirect, and data-loss damages combined with a 12-month fee cap creates an asymmetric risk allocation heavily favoring Midjourney.
- Tier: All
- Location: Terms of Service › “10\. Limitation of Liability and Indemnity”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20understand%20and%20agree,months%20before%20the%20claim.

### indemnity liability — risk high

> You and Midjourney agree that any cause of action arising out of or related to the Services must commence within one (1) year after the cause of action accrues. Otherwise, such cause of action is permanently barred.

- Interpretation (disclaimed): Shortening the limitations period to one year restricts users' ability to bring claims and may be unenforceable in some jurisdictions, but creates significant risk where enforced.
- Tier: All
- Location: Terms of Service › “10\. Limitation of Liability and Indemnity”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20and%20Midjourney%20agree,action%20is%20permanently%20barred.

### indemnity liability — risk unknown

> Midjourney tries to make its Services PG-13 and family friendly, but the Assets are generated by an artificial intelligence system based on user queries. This is new technology and it does not always work as expected. No guarantees are made as to the suitability of the Assets for the Customer.

- Interpretation (disclaimed): Disclaims guarantees as to the suitability of AI-generated Assets for the customer, noting the technology may not work as expected despite best-effort content moderation.
- Tier: All
- Location: Terms of Service › “2\. Age Requirements”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Midjourney%20tries%20to%20make,Assets%20for%20the%20Customer.

### indemnity liability — risk unknown

> You understand and agree that we will not be liable to You or any third party for any loss of profits, use, goodwill, or data, or for any incidental, indirect, special, consequential or exemplary damages, however they arise. Our aggregate liability under this Agreement will not exceed the amount You paid for the Services that gave rise to the claim during the 12 months before the claim.

- Interpretation (disclaimed): Excludes liability for consequential, indirect, and other specified damages and caps aggregate liability to amounts paid in the prior 12 months, limiting the monetary remedy available to users.
- Tier: All
- Location: Terms of Service › “10\. Limitation of Liability and Indemnity”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20understand%20and%20agree,months%20before%20the%20claim.

### indemnity liability — risk unknown

> 1. Force Majeure. Neither party will be liable for failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, terrorism, riots, or war.

- Interpretation (disclaimed): Creates a force majeure exception excusing both parties from liability for failure or delay in performance caused by circumstances beyond their reasonable control, including specified events such as natural disasters and war.
- Tier: All
- Location: Terms of Service › “13\. Miscellaneous”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=1.%20Force%20Majeure.%20Neither,terrorism%2C%20riots%2C%20or%20war.

### indemnity liability — risk unknown

> To the extent permitted by law, you will indemnify and hold us harmless, our affiliates, and our personnel, from and against any costs, losses, liabilities, and expenses (including attorneys’ fees) from third party claims arising out of or relating to your use of the Services and Assets or any violation of these Terms.

- Interpretation (disclaimed): Obligates the user to indemnify and hold harmless Midjourney, its affiliates, and personnel against third-party claims, costs, losses, and attorneys' fees arising from the user's use of the Services or violation of the Terms.
- Tier: All
- Location: Terms of Service › “10\. Limitation of Liability and Indemnity”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=To%20the%20extent%20permitted,violation%20of%20these%20Terms.

### indemnity liability — risk unknown

> 8. Please be aware that if you knowingly materially misrepresent that material or activity on the Services was removed or disabled by mistake or misidentification, you may be held liable for damages (including costs and attorney’s; fees) under Section 512(f) of the DMCA.

- Interpretation (disclaimed): Warns that knowingly misrepresenting in a counter-notification that material was removed by mistake may expose the submitter to liability for damages including costs and attorneys' fees under Section 512(f) of the DMCA, creating a legal risk disclosure for counter-notifiers.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=8.%20Please%20be%20aware,512(f)%20of%20the%20DMCA.

### indemnity liability — risk unknown

> You are responsible for Your use of the service. If You harm someone else or get into a dispute with someone else, we will not be involved.

- Interpretation (disclaimed): Places responsibility for service use on the user and disclaims Midjourney's involvement in disputes or harms caused to third parties, functioning as a liability disclaimer.
- Tier: All
- Location: Terms of Service › “10\. Limitation of Liability and Indemnity”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20are%20responsible%20for,will%20not%20be%20involved.

### indemnity liability — risk unknown

> Please be aware that if you knowingly misrepresent that material or activity on the Services is infringing your copyright, you may be held liable for damages (including costs and attorneys’ fees) under Section 512(f) of the DMCA.

- Interpretation (disclaimed): Warns that knowingly misrepresenting copyright infringement in a DMCA notice may result in the notifier being held liable for damages including costs and attorneys' fees under Section 512(f) of the DMCA, creating a legal risk disclosure for submitters.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Please%20be%20aware%20that,512(f)%20of%20the%20DMCA.

### indemnity liability — risk unknown

> We are constantly improving the Services to make them better. The Services are subject to modification and change, including but not limited to the art style of Assets, the algorithms used to generate the Assets, and features available to the Customer. No guarantees are made with respect to the Services’ quality, stability, uptime or reliability. Please do not create any dependencies on any attributes of the Services or the Assets. We will not be liable to You or Your downstream customers for any harm caused by Your dependency on the Service.

- Interpretation (disclaimed): Disclaims any liability to the customer or downstream customers for harm caused by dependency on the Services or Assets, and disclaims guarantees of quality, stability, uptime, or reliability.
- Tier: All
- Location: Terms of Service › “1\. Service Availability and Quality”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=We%20are%20constantly%20improving,dependency%20on%20the%20Service.

### indemnity liability — risk unknown

> We provide the service as is, and we make no promises or guarantees about it.

- Interpretation (disclaimed): Disclaims all promises and guarantees about the service, establishing an as-is basis that limits Midjourney's legal exposure for service quality or fitness.
- Tier: All
- Location: Terms of Service › “10\. Limitation of Liability and Indemnity”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=We%20provide%20the%20service,or%20guarantees%20about%20it.

### indemnity liability — risk unknown

> Both the Services and the Assets are provided to Customer on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Assets and assume any risks associated with use of the Services.

- Interpretation (disclaimed): Provides an 'AS IS' warranty disclaimer excluding all express and implied warranties (title, non-infringement, merchantability, fitness for purpose), and allocates risk of use entirely to the customer.
- Tier: All
- Location: Terms of Service › “1\. Service Availability and Quality”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Both%20the%20Services%20and,use%20of%20the%20Services.

### confidentiality — risk unknown

> Please be aware that any Assets You make in a shared or open space, such as a Discord chatroom, is viewable by anyone in that chatroom, regardless of whether Stealth mode is engaged.

- Interpretation (disclaimed): Disclaims any confidentiality protection for Assets created in shared or open spaces (e.g., Discord chatrooms), noting they are viewable by all participants regardless of Stealth mode status.
- Tier: All
- Location: Terms of Service › “Remixing and Stealth Mode”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Please%20be%20aware%20that,Stealth%20mode%20is%20engaged.

### confidentiality — risk unknown

> 5. Survival. The sections and obligations in this Agreement that a reasonable person would expect to survive this agreement, will. Particularly the IP and privacy stuff.

- Interpretation (disclaimed): Survival clause specifying that obligations a reasonable person would expect to survive termination—particularly IP and privacy provisions—remain in effect after the Agreement ends, preserving ongoing legal obligations.
- Tier: All
- Location: Terms of Service › “13\. Miscellaneous”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=5.%20Survival.%20The%20sections,IP%20and%20privacy%20stuff.

### governing law disputes — risk medium

> The arbitral award will be final and binding on the parties and its execution may be presented in any competent court, including any court with jurisdiction over either party or any of its property.

Each party will bear its own lawyers’ and experts’ fees and expenses, regardless of the arbitrator’s final decision regarding the Dispute.

- Interpretation (disclaimed): The 'loser pays nothing' fee structure combined with mandatory binding arbitration creates a barrier to user claims, particularly for low-value disputes where legal costs may exceed recovery.
- Tier: All
- Location: Terms of Service › “6\. Dispute Resolution and Governing Law”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=The%20arbitral%20award%20will,decision%20regarding%20the%20Dispute.

### governing law disputes — risk medium

> Governing Law. This Agreement shall be governed by the laws of the State of California, USA, without reference to conflict of law rules. All disputes will be governed by the arbitration agreement above.

- Interpretation (disclaimed): California governing law combined with mandatory arbitration may disadvantage non-US users and limits access to local courts or consumer protection regimes.
- Tier: All
- Location: Terms of Service › “13\. Miscellaneous”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Governing%20Law.%20This%20Agreement,the%20arbitration%20agreement%20above.

### governing law disputes — risk unknown

> 5. A statement that you will consent to the jurisdiction of the Federal District Court for the judicial district in which your address is located (or if you reside outside the United States for any judicial district in which the Services may be found) and that you will accept service from the person (or an agent of that person) who provided us with the complaint at issue.

- Interpretation (disclaimed): Requires as part of the counter-notification that the submitter consent to jurisdiction of the relevant Federal District Court and accept service of process from the original complainant, establishing jurisdictional and service procedural requirements.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=5.%20A%20statement%20that,the%20complaint%20at%20issue.

### governing law disputes — risk unknown

> Each party will bear its own lawyers’ and experts’ fees and expenses, regardless of the arbitrator’s final decision regarding the Dispute.

- Interpretation (disclaimed): Imposes an obligation that each party bear its own legal and expert fees and expenses regardless of the arbitrator's final decision, allocating litigation cost responsibility in dispute resolution.
- Tier: All
- Location: Terms of Service › “6\. Dispute Resolution and Governing Law”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Each%20party%20will%20bear,decision%20regarding%20the%20Dispute.

### governing law disputes — risk unknown

> 6. Governing Law. This Agreement shall be governed by the laws of the State of California, USA, without reference to conflict of law rules. All disputes will be governed by the arbitration agreement above.

- Interpretation (disclaimed): Specifies that California law governs the Agreement without reference to conflict-of-law rules and that all disputes are subject to the arbitration agreement, establishing the legal framework and forum for dispute resolution.
- Tier: All
- Location: Terms of Service › “13\. Miscellaneous”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=6.%20Governing%20Law.%20This,the%20arbitration%20agreement%20above.

### governing law disputes — risk unknown

> **In the event a dispute, controversy, or claim arises out of or relating to these Terms (“Dispute”), the Dispute will be resolved by binding arbitration rather than in court.** The parties will first try in good faith to settle any Dispute within 30 days after the Dispute arises. If the Dispute is not resolved within 30 days, it shall be resolved by binding arbitration by the American Arbitration Association’s International Centre for Dispute Resolution in accordance with its Expedited Commercial Rules in force as of the date of this Agreement ("Rules"). The parties will mutually select one arbitrator. The arbitration will be conducted in English in Santa Clara County, California, USA. By agreeing to mandatory arbitration as set forth herein, You and Midjourney knowingly and irrevocably waive any right to trial by jury in any action, proceeding, or counterclaim, except that either party may apply to any competent court for injunctive relief necessary to protect its rights pending resolution of the arbitration. The arbitrator may order equitable or injunctive relief consistent with the remedies and limitations in the Agreement. The arbitral award will be final and binding on the parties and its execution may be presented in any competent court, including any court with jurisdiction over either party or any of its property.

- Interpretation (disclaimed): Establishes a binding obligation that disputes arising from the Terms must be resolved through binding arbitration administered by the American Arbitration Association's International Centre for Dispute Resolution under its Expedited Commercial Rules, after a 30-day good-faith negotiation period, restricting access to court proceedings.
- Tier: All
- Location: Terms of Service › “6\. Dispute Resolution and Governing Law”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=**In%20the%20event%20a,any%20of%20its%20property.

### governing law disputes — risk unknown

> You and Midjourney agree that any cause of action arising out of or related to the Services must commence within one (1) year after the cause of action accrues. Otherwise, such cause of action is permanently barred.

- Interpretation (disclaimed): Imposes a one-year statute of limitations on any cause of action related to the Services, permanently barring claims not commenced within that period and restricting users' rights to bring legal action.
- Tier: All
- Location: Terms of Service › “10\. Limitation of Liability and Indemnity”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20and%20Midjourney%20agree,action%20is%20permanently%20barred.

### moderation enforcement — risk high

> Midjourney reserves the right to remove any content that you upload or generate using Editor and/or Video, or suspend or ban your access to them at any time, and for any reason.

- Interpretation (disclaimed): Unfettered discretion to remove content or terminate access to specific tools with no notice requirement or recourse process creates operational risk for users relying on these tools.
- Tier: All
- Location: Terms of Service › “Access and Restrictions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Midjourney%20reserves%20the%20right,and%20for%20any%20reason.

### moderation enforcement — risk high

> We also reserve the right to terminate Your access to the Service for any reason, including for violation of the Community Guidelines or other inappropriate use of the Service. Any violation of Community Guidelines is a breach of this Agreement. You will not be refunded for the current subscription period, but You will not be charged after the current subscription period has ended.

- Interpretation (disclaimed): Termination 'for any reason' with no refund obligation for the current period creates significant financial and access risk for paid subscribers with no meaningful appeal mechanism stated.
- Tier: All
- Location: Terms of Service › “8\. Payment and Billing”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=We%20also%20reserve%20the,subscription%20period%20has%20ended.

### moderation enforcement — risk medium

> Banhammer. Any violations of these rules may lead to bans from our services. We are not a democracy. Behave respectfully or lose Your rights to use the Service.

- Interpretation (disclaimed): While colloquially stated, this clause reinforces that enforcement actions are entirely at Midjourney's discretion with no procedural protections for users.
- Tier: All
- Location: Terms of Service › “9\. Community Guidelines”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Banhammer.%20Any%20violations%20of,to%20use%20the%20Service.

### moderation enforcement — risk unknown

> US

- Interpretation (disclaimed): Provides the country designation as part of the designated mailing address for DMCA takedown notices, completing the procedural contact information.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=US

### moderation enforcement — risk unknown

> By accessing the Services, You confirm that You are at least 13 years old and meet the minimum age of digital consent in Your country. If You are old enough to access the Services in Your country, but not old enough to have authority to consent to our terms, Your parent or guardian must agree to our terms on Your behalf.

- Interpretation (disclaimed): Imposes an age requirement obligation confirming the user must be at least 13 years old and meet the minimum digital consent age in their country, and requires parental/guardian agreement for users below the age of consent.
- Tier: All
- Location: Terms of Service › “2\. Age Requirements”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=By%20accessing%20the%20Services%2C,terms%20on%20Your%20behalf.

### moderation enforcement — risk unknown

> Please ask Your parent or guardian to read these terms with You. If You are a parent or legal guardian, and You allow Your teenager to use the Services, then these terms also apply to You and You are responsible for Your teenager’s activity on the Services.

- Interpretation (disclaimed): Places responsibility on parents and legal guardians who allow their minor children to use the Services, making the Terms binding on the guardian and making them responsible for the teenager's activity.
- Tier: All
- Location: Terms of Service › “2\. Age Requirements”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Please%20ask%20Your%20parent,activity%20on%20the%20Services.

### moderation enforcement — risk unknown

> 1. Your physical or electronic signature.

- Interpretation (disclaimed): Specifies that a takedown notice must include the physical or electronic signature of the complainant, as a required procedural element for a valid DMCA notification.
- Tier: All
- Location: Terms of Service › “5\. DMCA and Takedowns Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=1.%20Your%20physical%20or%20electronic%20signature.

### moderation enforcement — risk unknown

> 611 Gateway Blvd. Ste 120

- Interpretation (disclaimed): Provides the street address as part of the designated mailing address for DMCA takedown notices, forming part of the procedural contact information.
- Tier: All
- Location: Terms of Service › “Attn: Takedowns Department”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=611%20Gateway%20Blvd.%20Ste%20120

### moderation enforcement — risk unknown

> 4. Adequate information by which we can contact you (including your name, postal address, telephone number, and, if available, email address).

- Interpretation (disclaimed): Requires the complainant to provide adequate contact information (name, postal address, phone number, email) as a procedural requirement for processing a takedown request.
- Tier: All
- Location: Terms of Service › “5\. DMCA and Takedowns Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=4.%20Adequate%20information%20by,if%20available%2C%20email%20address).

### moderation enforcement — risk unknown

> 6. A statement that the information in the written notice is accurate.

- Interpretation (disclaimed): Requires a statement of accuracy in the written notice as a procedural and legal requirement for a valid DMCA takedown notification, consistent with statutory requirements.
- Tier: All
- Location: Terms of Service › “5\. DMCA and Takedowns Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=6.%20A%20statement%20that,written%20notice%20is%20accurate.

### moderation enforcement — risk unknown

> 7. A statement, under penalty of perjury, that you are authorized to act on behalf of the copyright owner.

- Interpretation (disclaimed): Specifies a procedural requirement for DMCA takedown notices, mandating a statement under penalty of perjury confirming authorization to act on behalf of the copyright owner as part of the infringement notification process.
- Tier: All
- Location: Terms of Service › “5\. DMCA and Takedowns Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=7.%20A%20statement%2C%20under,of%20the%20copyright%20owner.

### moderation enforcement — risk unknown

> You may also send notices containing the above-required information to the following Address:

- Interpretation (disclaimed): Directs submitters to send DMCA takedown notices containing required information to a specified address, establishing the procedural channel for infringement notifications.
- Tier: All
- Location: Terms of Service › “5\. DMCA and Takedowns Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20may%20also%20send,to%20the%20following%20Address%3A

### moderation enforcement — risk unknown

> Upon receipt of a notice that complies with the foregoing, we reserve the right to remove or disable access to the accused material or disable any links to the material; notify the party accused of infringement that we have removed or disabled access to the identified material; and terminate access to and use of the Services for any user who engages in repeated acts of infringement.

- Interpretation (disclaimed): Reserves Midjourney's right upon receipt of a compliant DMCA notice to remove or disable access to accused material, notify the accused party, and terminate service access for repeat infringers, establishing enforcement powers available to the platform.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Upon%20receipt%20of%20a,repeated%20acts%20of%20infringement.

### moderation enforcement — risk unknown

> _Counter-Notification Procedures_

- Interpretation (disclaimed): Introduces the counter-notification procedure section header, signaling the start of procedural rules governing how users may contest removal of their material under the DMCA.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=_Counter-Notification%20Procedures_

### moderation enforcement — risk unknown

> 1. Your physical or electronic signature.

- Interpretation (disclaimed): Specifies the procedural requirement that a counter-notification must include the physical or electronic signature of the submitter.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=1.%20Your%20physical%20or%20electronic%20signature.

### moderation enforcement — risk unknown

> 4. A statement under penalty of perjury by you that you have a good faith belief that the material identified above was removed or disabled as a result of a mistake or misidentification of the material to be removed or disabled.

- Interpretation (disclaimed): Requires a sworn statement under penalty of perjury in the counter-notification asserting a good faith belief that material was removed or disabled by mistake or misidentification, as a mandatory procedural element.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=4.%20A%20statement%20under,be%20removed%20or%20disabled.

### moderation enforcement — risk unknown

> 01. Be kind and respect each other and staff. Do not create Assets, use prompts, or submit content that are inherently disrespectful, aggressive, hateful, or otherwise abusive. Violence or harassment of any kind will not be tolerated.

- Interpretation (disclaimed): Restricts users from creating assets, using prompts, or submitting content that is disrespectful, aggressive, hateful, abusive, violent, or harassing, establishing behavioral obligations enforceable through the platform's moderation policies.
- Tier: All
- Location: Terms of Service › “9\. Community Guidelines”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=01.%20Be%20kind%20and,will%20not%20be%20tolerated.

### moderation enforcement — risk unknown

> 09. Be careful about sharing. It’s OK to share Your creations outside of the Midjourney community but please consider how others might view Your content.

- Interpretation (disclaimed): Provides guidance on sharing creations outside the Midjourney community, instructing users to consider how others might view their content before sharing, as a soft behavioral guideline with community standard implications.
- Tier: All
- Location: Terms of Service › “9\. Community Guidelines”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=09.%20Be%20careful%20about,might%20view%20Your%20content.

### moderation enforcement — risk unknown

> 10. Banhammer. Any violations of these rules may lead to bans from our services. We are not a democracy. Behave respectfully or lose Your rights to use the Service.

- Interpretation (disclaimed): Establishes that violations of Community Guidelines may result in bans from the Services and loss of access rights, providing the enforcement remedy available to Midjourney for non-compliant user behavior.
- Tier: All
- Location: Terms of Service › “9\. Community Guidelines”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=10.%20Banhammer.%20Any%20violations,to%20use%20the%20Service.

### moderation enforcement — risk unknown

> Subject to your compliance with this Agreement, Midjourney grants you the right to access and use Editor and Video. In using these tools, you shall not violate any applicable laws, this Agreement, Midjourney Community Guidelines, or any other Midjourney policies or guidelines that are made available to you. In order to use these tools, you must meet the age requirements as outlined in this Agreement. Midjourney reserves the right to remove any content that you upload or generate using Editor and/or Video, or suspend or ban your access to them at any time, and for any reason.

- Interpretation (disclaimed): Grants users a conditional right to access and use the Editor and Video tools subject to compliance with the Agreement, Community Guidelines, and other policies, while reserving Midjourney's right to remove content, suspend, or ban access at any time for any reason.
- Tier: All
- Location: Terms of Service › “Access and Restrictions”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Subject%20to%20your%20compliance,and%20for%20any%20reason.

### moderation enforcement — risk unknown

> 8. If the copyright owner’s rights arise under the laws of a country other than the United States, please identify the country.

- Interpretation (disclaimed): Specifies an additional procedural requirement for DMCA notices when the copyright owner's rights arise under laws of a country other than the United States, requiring identification of that country.
- Tier: All
- Location: Terms of Service › “5\. DMCA and Takedowns Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=8.%20If%20the%20copyright,please%20identify%20the%20country.

### moderation enforcement — risk unknown

> Midjourney’s Image Editor tool (“Editor”) and the Video Model ("Video") are provided as part of the Services and are subject to the terms and conditions outlined in this Agreement. By accessing and using Editor and/or Video, you agree to comply with the conditions set forth in this section, which govern Editor and Video availability and usage. If you do not agree to these Editor and Video terms and conditions, you must not access and must stop using the tool.

- Interpretation (disclaimed): Incorporates the Agreement's terms and conditions to govern use of the Editor and Video tools, establishes user consent as a condition of access, and sets out a must-not-use consequence for non-agreement, binding users to the section's restrictions.
- Tier: All
- Location: Terms of Service › “11\. Image Editor and Video Model”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Midjourney%E2%80%99s%20Image%20Editor%20tool,stop%20using%20the%20tool.

### moderation enforcement — risk unknown

> 3. Identification of the material you believe to be infringing in a sufficiently precise and detailed manner to allow us to locate that material.

- Interpretation (disclaimed): Requires sufficiently precise identification of the allegedly infringing material to enable Midjourney to locate it, as a procedural element of a valid takedown notice.
- Tier: All
- Location: Terms of Service › “5\. DMCA and Takedowns Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=3.%20Identification%20of%20the,to%20locate%20that%20material.

### moderation enforcement — risk unknown

> 07. You may not intentionally mislead recipients of the Assets about their nature or source.

- Interpretation (disclaimed): Prohibits users from intentionally misleading recipients of AI-generated assets about the nature or source of those assets, restricting deceptive distribution of outputs.
- Tier: All
- Location: Terms of Service › “9\. Community Guidelines”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=07.%20You%20may%20not,their%20nature%20or%20source.

### moderation enforcement — risk unknown

> 6. Our designated agent to receive counter notices is the same as the agent shown above.

- Interpretation (disclaimed): Identifies that the designated agent for receiving counter-notices is the same agent designated for original takedown notices, providing procedural clarity on where counter-notifications should be directed.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=6.%20Our%20designated%20agent,the%20agent%20shown%20above.

### moderation enforcement — risk unknown

> 5. A statement that you have a good faith belief that use of the copyrighted material is not authorized by the copyright owner, its agent, or the law.

- Interpretation (disclaimed): Requires a good-faith belief statement that the use of the copyrighted material is unauthorized, a legally mandated element of a DMCA takedown notice under 17 U.S.C. § 512(c)(3).
- Tier: All
- Location: Terms of Service › “5\. DMCA and Takedowns Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=5.%20A%20statement%20that,agent%2C%20or%20the%20law.

### moderation enforcement — risk unknown

> 3. Adequate information by which we can contact you (including your name, postal address, telephone number, and, if available, email address).

- Interpretation (disclaimed): Requires that a counter-notification include adequate contact information for the submitter including name, postal address, telephone number, and email address, as part of the procedural requirements.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=3.%20Adequate%20information%20by,if%20available%2C%20email%20address).

### moderation enforcement — risk unknown

> Midjourney, Inc.

- Interpretation (disclaimed): Identifies the legal entity name 'Midjourney, Inc.' as part of the designated mailing address for DMCA takedown notices, forming part of the procedural contact information.
- Tier: All
- Location: Terms of Service › “5\. DMCA and Takedowns Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Midjourney%2C%20Inc.

### moderation enforcement — risk unknown

> Midjourney reserves the right to suspend or ban Your access to the Services at any time, and for any reason. You may not access or use the Services for purposes of developing or offering competitive products or services. You may not reverse engineer the Services or the Assets. You may not use automated tools to access, interact with, or generate Assets through the Services. You may not resell or redistribute the Services or access to the Service. Only one user may use the Services per registered account. Each user of the Services may only have one account.

- Interpretation (disclaimed): Restricts customer use by prohibiting competitive development, reverse engineering, use of automated tools, resale/redistribution of the Services, multiple accounts per user, and reserving Midjourney's right to suspend or ban access for any reason.
- Tier: All
- Location: Terms of Service › “1\. Service Availability and Quality”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=Midjourney%20reserves%20the%20right,only%20have%20one%20account.

### moderation enforcement — risk unknown

> If you believe that material was removed or access to it was disabled by mistake or misidentification, you may file a counter-notification with us by submitting a written notification to our copyright agent designated above. Such notification must include substantially the following:

- Interpretation (disclaimed): Establishes the procedure for filing a DMCA counter-notification, specifying that a user may submit a written notification to the copyright agent if they believe material was removed by mistake or misidentification.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=If%20you%20believe%20that,include%20substantially%20the%20following%3A

### moderation enforcement — risk unknown

> 06. You may not use the Services for illegal activity nor may you upload content to our servers that involves illegal activity, or where the uploading itself may be illegal.

- Interpretation (disclaimed): Prohibits use of the Services for illegal activity or uploading content involving illegal activity, establishing a legal compliance obligation enforceable through platform moderation.
- Tier: All
- Location: Terms of Service › “9\. Community Guidelines”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=06.%20You%20may%20not,itself%20may%20be%20illegal.

### moderation enforcement — risk unknown

> 2. Identification of the copyrighted work (or mark) you believe to have been infringed or, if the claim involves multiple works, a representative list of such works.

- Interpretation (disclaimed): Requires identification of the specific copyrighted work or mark alleged to be infringed (or a representative list for multiple works) as a procedural requirement of the takedown notice.
- Tier: All
- Location: Terms of Service › “5\. DMCA and Takedowns Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=2.%20Identification%20of%20the,list%20of%20such%20works.

### moderation enforcement — risk unknown

> We respect the intellectual property rights of others. If you believe that material located on or linked to by the Services violates your copyright or trademark, please send a notice of claimed infringement by using [this form](https://docs.google.com/forms/d/e/1FAIpQLSd1DfIhFV33cdMWpimIf6kQgzxPJ_CUQ9x2lpfVSs4SkoqtsA/viewform) or by email to takedowns@midjourney.com with the subject "Takedown Request", and include the following:

- Interpretation (disclaimed): Establishes the procedure for submitting DMCA/trademark takedown notifications, including the designated form and email address, initiating the formal IP infringement reporting process.
- Tier: All
- Location: Terms of Service › “5\. DMCA and Takedowns Policy”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=We%20respect%20the%20intellectual,and%20include%20the%20following%3A

### moderation enforcement — risk unknown

> You represent and warrant that you have all necessary rights and permissions to provide, edit, generate, and share such content, including obtaining necessary permission from anyone who may be depicted in the content that you upload and edit using Editor, or input and generate using Video. You will not upload content, enter prompts, or use Editor or Video in any way that infringes or violates any third-party intellectual property or privacy rights.

- Interpretation (disclaimed): Requires users to represent and warrant they hold necessary rights and permissions for content uploaded or generated, including consent from depicted individuals, and prohibits use that infringes third-party intellectual property or privacy rights.
- Tier: All
- Location: Terms of Service › “Content”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20represent%20and%20warrant,property%20or%20privacy%20rights.

### moderation enforcement — risk unknown

> 02. No adult content or gore. Please avoid making visually shocking or disturbing content. We will block some inputs automatically.

- Interpretation (disclaimed): Restricts users from generating adult content, gore, or visually shocking or disturbing content, and discloses that some inputs will be automatically blocked, establishing content moderation restrictions.
- Tier: All
- Location: Terms of Service › “9\. Community Guidelines”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=02.%20No%20adult%20content,block%20some%20inputs%20automatically.

### moderation enforcement — risk unknown

> 7. The DMCA allows us to restore the removed content within 10-14 business days unless the complaining party initiates a court action against you during that time period and notifies us of the same.

- Interpretation (disclaimed): Describes the DMCA's procedural timeline allowing restoration of removed content within 10-14 business days unless the complaining party initiates a court action during that period and notifies Midjourney, defining the procedural steps for content reinstatement.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=7.%20The%20DMCA%20allows,us%20of%20the%20same.

### moderation enforcement — risk unknown

> 2. An identification of the material that has been removed or to which access has been disabled and the location at which the material appeared before it was removed or access disabled.

- Interpretation (disclaimed): Requires that a counter-notification identify the removed material and the location at which it appeared before removal, as part of the procedural elements of a valid counter-notification.
- Tier: All
- Location: Terms of Service › “South San Francisco, CA, 94080-7066,”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=2.%20An%20identification%20of,removed%20or%20access%20disabled.

### moderation enforcement — risk unknown

> You may not use the Service to try to violate the intellectual property rights of others, including copyright, patent, or trademark rights. Doing so may subject you to penalties including legal action or a permanent ban from the Service.

- Interpretation (disclaimed): Prohibits use of the Service to violate third-party intellectual property rights (copyright, patent, trademark) and states potential consequences including legal action or permanent ban.
- Tier: All
- Location: Terms of Service › “1\. Service Availability and Quality”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20may%20not%20use,ban%20from%20the%20Service.

### tier differences — risk medium

> If You purchase an unlimited plan, we will try to reasonably offer You unlimited access to the Services. However, we reserve the right to rate limit You to prevent quality decay or interruptions to other customers.

- Interpretation (disclaimed): The qualifier 'try to reasonably offer' and the reservation of rate-limiting rights means unlimited plan purchasers have no contractual guarantee of unthrottled access.
- Tier: Paid
- Location: Terms of Service › “7\. Unlimited Service and Rate Limiting”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=If%20You%20purchase%20an,interruptions%20to%20other%20customers.

### tier differences — risk unknown

> - If you are a company or any employee of a company with more than $1,000,000 USD a year in revenue, you must be subscribed to a “Pro” or “Mega” plan to own Your Assets.

- Interpretation (disclaimed): Restricts ownership of Assets to customers subscribed to a 'Pro' or 'Mega' plan if the customer is a company or employee of a company with more than $1,000,000 USD annual revenue, creating a tier-based ownership condition.
- Tier: All
- Location: Terms of Service › “Your Rights and Obligations”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=-%20If%20you%20are,to%20own%20Your%20Assets.

### tier differences — risk unknown

> You are free to cancel Your plan at any time. We reserve the right to modify or discontinue any aspect of the Service, including pricing and features, at any time. We also reserve the right to terminate Your access to the Service for any reason, including for violation of the Community Guidelines or other inappropriate use of the Service. Any violation of Community Guidelines is a breach of this Agreement. You will not be refunded for the current subscription period, but You will not be charged after the current subscription period has ended. Additional information and policies regarding our subscription plans, including details on billing, taxes, refunds, and authorization, can be found [here](https://docs.midjourney.com/hc/en-us/categories/16016577793421).

- Interpretation (disclaimed): Reserves Midjourney's rights to modify or discontinue the Service including pricing and features at any time and to terminate user access for violation of Community Guidelines or other inappropriate use, while establishing refund and billing policies upon cancellation; also obligates users not to receive refunds for the current subscription period.
- Tier: All
- Location: Terms of Service › “8\. Payment and Billing”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=You%20are%20free%20to,can%20be%20found%20%5Bhere%5D(https%3A%2F%2Fdocs.midjourney.com%2Fhc%2Fen-us%2Fcategories%2F16016577793421).

### tier differences — risk unknown

> If You purchase an unlimited plan, we will try to reasonably offer You unlimited access to the Services. However, we reserve the right to rate limit You to prevent quality decay or interruptions to other customers.

- Interpretation (disclaimed): Reserves Midjourney's right to rate limit users on unlimited plans to prevent quality decay or service interruptions to other customers, restricting the extent of access guaranteed under unlimited subscription tiers.
- Tier: All
- Location: Terms of Service › “7\. Unlimited Service and Rate Limiting”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=If%20You%20purchase%20an,interruptions%20to%20other%20customers.

### tier differences — risk unknown

> If You purchased the Stealth feature as part of Your “Pro” or "Mega" subscription or through the previously available add-on, we agree to make best efforts not to publish any Assets You make in any situation where you have engaged stealth mode in the Services.

- Interpretation (disclaimed): Creates a tier-based obligation for 'Pro' or 'Mega' subscribers (or prior add-on purchasers) by committing Midjourney to use best efforts not to publish Assets when Stealth mode is engaged, distinguishing this benefit from lower tiers.
- Tier: All
- Location: Terms of Service › “Remixing and Stealth Mode”
- Source: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service
- Snapshot SHA-256: `fcb74bce3d2cd673c41ee58c386d908afee9a2c213611884a24777d34c21e938`
- Wayback: —
- Deep link: https://docs.midjourney.com/hc/en-us/articles/32083055291277-Terms-of-Service#:~:text=If%20You%20purchased%20the,mode%20in%20the%20Services.


---

# GRC Risk Assessment — DALL-E (OpenAI)

- Platform: **DALL-E (OpenAI)** (openai-dall-e)
- Headline risk rating: **MEDIUM**
- Website: https://openai.com/dall-e-3
- Generated: 2026-06-14T10:22:06.848Z
- Findings (verified, published): **214**

> Every assertion is anchored to a verbatim quote with a SHA-256 snapshot hash and a Wayback archive URL for independent verification. Informational only; not legal advice.

## Control crosswalk (NIST AI RMF 1.0 + ISO/IEC 42001)

| Surface | Risk | Confidence | NIST AI RMF | ISO/IEC 42001 |
|---|---|---|---|---|
| training use | medium | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| training use | low | medium | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| training use | unknown | high | MAP-2.3 / MEASURE-2.6 (data provenance & training use) | ISO 42001 A.7.4 (data for AI systems) |
| prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) |
| prompt ownership | unknown | high | MAP-2.3 (input data rights) | ISO 42001 A.7.2 (data acquisition) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| output ownership | unknown | high | MAP-1.1 (IP & output rights) | ISO 42001 A.5.2 (AI policy / IP) |
| privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | medium | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | medium | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | low | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | low | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | low | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | medium | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| privacy data use | unknown | high | MEASURE-2.10 (privacy risk) | ISO 42001 A.7.5 (privacy)  |
| data retention | medium | medium | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | low | medium | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| data retention | unknown | high | MANAGE-2.2 (data lifecycle) | ISO 42001 A.7.6 (data lifecycle) |
| subprocessors data sharing | high | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | medium | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | medium | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | medium | medium | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | medium | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| subprocessors data sharing | unknown | high | MAP-4.1 (third-party/supply-chain) | ISO 42001 A.10.2 (third parties) |
| audit rights dpa residency | medium | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) |
| audit rights dpa residency | low | medium | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) |
| audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) |
| audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) |
| audit rights dpa residency | unknown | high | GOVERN-2.1 (accountability, audit) | ISO 42001 A.6.2 (internal audit) |
| indemnity liability | ambiguous | low | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| indemnity liability | unknown | high | GOVERN-6.1 (liability allocation) | ISO 42001 A.9.4 (responsibilities) |
| governing law disputes | high | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | medium | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | medium | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | medium | medium | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| governing law disputes | unknown | high | GOVERN-1.1 (legal/regulatory) | ISO 42001 A.5.2 (legal context) |
| moderation enforcement | medium | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | medium | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | medium | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| moderation enforcement | unknown | high | MANAGE-4.1 (enforcement) | ISO 42001 A.9.3 (operation controls) |
| tier differences | medium | low | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | medium | low | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | medium | low | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | medium | low | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |
| tier differences | unknown | high | MAP-3.4 (context of use by tier) | ISO 42001 A.9.2 (intended use) |

## Evidence (verbatim, with provenance)

### training use — risk medium

> Improve and develop our Services and conduct research, including using your Content to train our models (subject to your [control

- Interpretation (disclaimed): The clause confirms that submitted content is used for model training as a default practice. The parenthetical 'subject to your control' indicates an opt-out mechanism exists, but the burden is on the user to disable this, creating risk for users unaware of the setting.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=Improve%20and%20develop%20our,(subject%20to%20your%20%5Bcontrol

### training use — risk low

> You can easily [choose whether your Content can be used to improve and train our models

- Interpretation (disclaimed): The policy represents that users have a choice regarding training use of their content, which mitigates risk. However, the default opt-in/opt-out status is not specified in this excerpt.
- Tier: All
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=You%20can%20easily%20%5Bchoose,and%20train%20our%20models

### training use — risk unknown

> - Interfere with or disrupt our Services, including circumvent any rate limits or restrictions or bypass any protective measures or safety mitigations we put on our Services.

- Interpretation (disclaimed): This segment prohibits using Output to develop models that compete with OpenAI, directly restricting downstream competitive use of AI-generated outputs and protecting OpenAI's commercial interests.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Interfere%20with%20or,put%20on%20our%20Services.

### training use — risk unknown

> Similarity of content. Due to the nature of our Services and artificial intelligence generally, output may not be unique and other users may receive similar output from our Services. Our assignment above does not extend to other users’ output or any Third Party Output.

- Interpretation (disclaimed): This segment grants OpenAI permission to use Content for providing, maintaining, developing, and improving Services, complying with law, enforcing policies, and safety — establishing the primary basis for OpenAI's use of user content including for model training purposes.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Similarity%20of%20content.%20Due,any%20Third%20Party%20Output.

### training use — risk unknown

> Our use of content. We may use Content to provide, maintain, develop, and improve our Services, comply with applicable law, enforce our terms and policies, and keep our Services safe. If you're using ChatGPT through Apple's integrations, see [this Help Center article⁠⁠(opens in a new window)](https://help.openai.com/en/articles/9737562) for how we handle your Content.

- Interpretation (disclaimed): This segment grants users the right to opt out of having their Content used for model training, establishes a procedure for exercising that right via a linked article, and notes a potential service limitation consequence, making it an operative user right with procedural mechanism.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Our%20use%20of%20content.,we%20handle%20your%20Content.

### training use — risk unknown

> We also collect information from other sources, like information that is publicly available on the internet, to develop the models that power our Services. For more information on the sources of information used to develop the models that power ChatGPT and other Services, please see [this help center article⁠(opens in a new window)](https://help.openai.com/articles/7842364-how-chatgpt-and-our-language-models-are-developed).

- Interpretation (disclaimed): This segment describes OpenAI's collection of publicly available internet data for model development purposes and incorporates by reference a help center article on training data sources, establishing the legal basis and scope of public data collection for training.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20also%20collect%20information,in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Farticles%2F7842364-how-chatgpt-and-our-language-models-are-developed).

### training use — risk unknown

> As noted above, we may use Content you provide us to improve our Services, for example to train the models that power ChatGPT. Read [our instructions⁠(opens in a new window)](https://help.openai.com/articles/5722486-how-your-data-is-used-to-improve-model-performance) on how you can opt out of our use of your Content to train our models.

- Interpretation (disclaimed): This segment grants OpenAI permission to use user-provided Content to train the models powering ChatGPT and other Services, while also establishing a user right to opt out of such training use, and incorporates by reference instructions for exercising that opt-out right.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=As%20noted%20above%2C%20we,to%20train%20our%20models.

### training use — risk unknown

> For information on how to exercise your rights with respect to data we have collected from the internet to train our models, please see [this help center article⁠(opens in a new window)](https://help.openai.com/en/articles/7842364-how-chatgpt-and-our-language-models-are-developed).

- Interpretation (disclaimed): Directs users to a help center article for the procedure to exercise rights regarding personal data collected from the internet for model training purposes, incorporating external guidance by reference.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=For%20information%20on%20how,in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Fen%2Farticles%2F7842364-how-chatgpt-and-our-language-models-are-developed).

### training use — risk unknown

> - If you enable [Temporary Chat⁠(opens in a new window)](https://help.openai.com/articles/8914046-temporary-chat-faq) in ChatGPT, those conversations with ChatGPT will not appear in your history or be used to improve OpenAI’s models.

- Interpretation (disclaimed): This clause restricts the use of Temporary Chat conversations by specifying they will not appear in history or be used to improve OpenAI's models, limiting OpenAI's ability to exploit this data for training purposes.
- Tier: All
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20If%20you%20enable,to%20improve%20OpenAI%E2%80%99s%20models.

### training use — risk unknown

> - You can easily [choose whether your Content can be used to improve and train our models⁠(opens in a new window)](https://help.openai.com/articles/5722486-how-your-data-is-used-to-improve-model-performance).

- Interpretation (disclaimed): This clause grants users the right to choose whether their content may be used to improve and train OpenAI's models, establishing an opt-in or opt-out right over training data use.
- Tier: All
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20You%20can%20easily,in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Farticles%2F5722486-how-your-data-is-used-to-improve-model-performance).

### training use — risk unknown

> [How your data is used to improve model performance⁠(opens in a new window)](https://help.openai.com/articles/5722486-how-your-data-is-used-to-improve-model-performance)

- Interpretation (disclaimed): Incorporates by reference an external help center article explaining how user data is used to improve model performance, making those data practices part of the policy disclosure by reference.
- Tier: All
- Location: Privacy Policy › “13\. Useful resources”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%5BHow%20your%20data%20is,in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Farticles%2F5722486-how-your-data-is-used-to-improve-model-performance)

### training use — risk unknown

> For information about how we collect and use training information to develop our language models that power ChatGPT and other Services, and your choices with respect to that information, please see this policy as well as [this help center article⁠(opens in a new window)](https://help.openai.com/articles/7842364-how-chatgpt-and-our-language-models-are-developed).

- Interpretation (disclaimed): This segment incorporates by reference a help center article governing how training information is collected and used to develop language models, and directs users to that article and this policy for choices regarding training data use.
- Tier: All
- Location: Privacy Policy › “US privacy policy”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=For%20information%20about%20how,in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Farticles%2F7842364-how-chatgpt-and-our-language-models-are-developed).

### prompt ownership — risk unknown

> Third party Services. Our services may include third party software, products, or services, (“Third Party Services”) and some parts of our Services, like our browse feature, may include output from those services (“Third Party Output”). Third Party Services and Third Party Output are subject to their own terms, and we are not responsible for them.

- Interpretation (disclaimed): This segment grants OpenAI an unrestricted, royalty-free permission to use user feedback without compensation, effectively waiving the user's right to restrict or be compensated for feedback use.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Third%20party%20Services.%20Our,not%20responsible%20for%20them.

### prompt ownership — risk unknown

> We and our affiliates own all rights, title, and interest in and to the Services. You may only use our name and logo in accordance with our [Brand Guidelines⁠⁠](https://openai.com/brand/).

- Interpretation (disclaimed): Asserts that OpenAI and its affiliates hold all rights, title, and interest in the Services, and restricts the user's use of OpenAI's name and logo to compliance with Brand Guidelines, establishing IP ownership and conditional permission for brand use.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=We%20and%20our%20affiliates,with%20our%20%5BBrand%20Guidelines%E2%81%A0%E2%81%A0%5D(https%3A%2F%2Fopenai.com%2Fbrand%2F).

### output ownership — risk unknown

> Your content. You may provide input to the Services (“Input”), and receive output from the Services based on the Input (“Output”). Input and Output are collectively “Content.” You are responsible for Content, including ensuring that it does not violate any applicable law or these Terms. You represent and warrant that you have all rights, licenses, and permissions needed to provide Input to our Services.

- Interpretation (disclaimed): This segment establishes that users retain ownership of Input and own Output, and that OpenAI assigns all its right, title, and interest in Output to the user, directly determining intellectual property allocation between the parties.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Your%20content.%20You%20may,Input%20to%20our%20Services.

### output ownership — risk unknown

> Ownership of content. As between you and OpenAI, and to the extent permitted by applicable law, you (a) retain your ownership rights in Input and (b) own the Output. We hereby assign to you all our right, title, and interest, if any, in and to Output.

- Interpretation (disclaimed): This segment disclaims that the ownership assignment does not extend to other users' similar outputs or Third Party Output, limiting the scope of the ownership right granted in the preceding segment.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Ownership%20of%20content.%20As,in%20and%20to%20Output.

### output ownership — risk unknown

> - You must not use any Output relating to a person for any purpose that could have a legal or material impact on that person, such as making credit, educational, employment, housing, insurance, legal, medical, or other important decisions about them.

- Interpretation (disclaimed): Restricts the user from using AI-generated Output about a person for decisions with legal or material impact, such as credit, employment, housing, or medical decisions, limiting permissible downstream use of outputs.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20You%20must%20not,important%20decisions%20about%20them.

### output ownership — risk unknown

> - Our Services may provide incomplete, incorrect, or offensive Output that does not represent OpenAI’s views. If Output references any third party products or services, it doesn’t mean the third party endorses or is affiliated with OpenAI.

- Interpretation (disclaimed): Disclaims OpenAI's responsibility for incomplete, incorrect, or offensive Output and denies any implied endorsement or affiliation with third parties mentioned in Output, limiting OpenAI's liability for output quality and content.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Our%20Services%20may,is%20affiliated%20with%20OpenAI.

### output ownership — risk unknown

> A note about accuracy: Services like ChatGPT generate responses by reading a user’s request and, in response, predicting the words most likely to appear next. In some cases, the words most likely to appear next may not be the most factually accurate. For this reason, you should not rely on the factual accuracy of output from our models. If you notice that ChatGPT output contains factually inaccurate information about you and you would like to request a correction or removal of the information, you can submit these requests through [privacy.openai.com⁠(opens in a new window)](https://privacy.openai.com/) or to [dsar@openai.com⁠](mailto:dsar@openai.com), and we will consider your request based on applicable law and the technical capabilities of our models.

- Interpretation (disclaimed): Disclaims reliance on the factual accuracy of AI-generated outputs, explaining the probabilistic nature of model responses, and provides a procedure for requesting correction or removal of inaccurate personal information.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=A%20note%20about%20accuracy%3A,capabilities%20of%20our%20models.

### privacy data use — risk medium

> If you choose to connect your device contacts, we upload information from your device address books and check which of your contacts also use our Services. If any of your contacts aren’t yet using our Services, we’ll update you if they sign up for our Services later.

- Interpretation (disclaimed): Collection and use of data about non-users from address books is a known privacy risk. These third parties cannot exercise rights over their data as they are not OpenAI account holders, and the policy provides limited protections for them.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=If%20you%20choose%20to,for%20our%20Services%20later.

### privacy data use — risk medium

> Content, including your prompts and content you upload to the Services and interactions and messages with other users

- Interpretation (disclaimed): By classifying prompts and uploaded content as collected personal data, OpenAI subjects this content to the full range of stated data uses, including training, ad personalization (for Free users), monitoring, and sharing with vendors and affiliates.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=Content%2C%20including%20your%20prompts,messages%20with%20other%20users

### privacy data use — risk medium

> We also collect information from other sources, like information that is publicly available on the internet, to develop the models that power our Services.

- Interpretation (disclaimed): Web scraping of publicly available data for training purposes can include personal data and is subject to legal scrutiny in multiple jurisdictions. Users and third parties whose data appears online may be unaware their data is used.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20also%20collect%20information,that%20power%20our%20Services.

### privacy data use — risk medium

> For Free and Go users, subject to your controls, to personalize the ads you see on our Services and measure the effectiveness of ads shown on our Services.

- Interpretation (disclaimed): This clause explicitly limits ad personalization data use to Free and Go users, creating a material tier difference. The 'subject to your controls' language again places the opt-out burden on the user.
- Tier: Free
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=For%20Free%20and%20Go,shown%20on%20our%20Services.

### privacy data use — risk low

> We also aggregate or de-identify Personal Data so that it no longer identifies you and use this information for the purposes described above, such as to analyze the way our Services are being used, to improve and add features to them, and to conduct research. We will maintain and use de-identified information in de-identified form and not attempt to reidentify the information, unless required by law.

- Interpretation (disclaimed): The commitment to maintain de-identified data in de-identified form is a protective clause, though the 'unless required by law' exception is standard. De-identification standards are not defined in the document, leaving room for variance in practice.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20also%20aggregate%20or,unless%20required%20by%20law.

### privacy data use — risk unknown

> Our [Privacy Policy⁠⁠](https://openai.com/policies/privacy-policy/) explains how we collect and use personal information. Although it does not form part of these Terms, it is an important document that you should read.

- Interpretation (disclaimed): This segment references the Privacy Policy as an important document explaining data collection and use practices, and while noting it does not form part of the Terms, it directs users to it — functioning as an informational incorporation that shapes user understanding of data handling obligations.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Our%20%5BPrivacy%20Policy%E2%81%A0%E2%81%A0%5D(https%3A%2F%2Fopenai.com%2Fpolicies%2Fprivacy-policy%2F)%20explains,that%20you%20should%20read.

### privacy data use — risk unknown

> At OpenAI, our mission is to ensure that artificial general intelligence benefits everyone. We build tools like ChatGPT and Sora to help people learn, create, and solve problems. We at OpenAI (together with our affiliates, “OpenAI”, “we”, “our” or “us”) are committed to respecting your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to personal data that we collect from or about you, and how we use it when you use our website, applications, and services (collectively, “Services”).

- Interpretation (disclaimed): This segment defines the scope and purpose of the Privacy Policy, identifies the covered entity ('OpenAI'), and defines key terms ('Services'), establishing the definitional framework for all subsequent obligations and rights regarding personal data collection and use.
- Tier: All
- Location: Privacy Policy › “US privacy policy”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=At%20OpenAI%2C%20our%20mission,and%20services%20(collectively%2C%20%E2%80%9CServices%E2%80%9D).

### privacy data use — risk unknown

> We collect personal data relating to you (“Personal Data”) as follows:

- Interpretation (disclaimed): This segment introduces and defines the term 'Personal Data' as data relating to the user that OpenAI collects, establishing the key defined term used throughout the policy.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20collect%20personal%20data,(%E2%80%9CPersonal%20Data%E2%80%9D)%20as%20follows%3A

### privacy data use — risk unknown

> - _User Content:_ We collect Personal Data that you provide in the input to our Services (“Content”), including your prompts and other content you upload, such as [files⁠(opens in a new window)](https://help.openai.com/articles/8555545-file-uploads-faq), [images⁠(opens in a new window)](https://help.openai.com/articles/8400551-chatgpt-image-inputs-faq), [audio and video⁠(opens in a new window)](https://help.openai.com/articles/8400625-voice-mode-faq), [Sora characters⁠(opens in a new window)](https://help.openai.com/articles/12435986-generating-content-with-cameos), and data from [connected services⁠(opens in a new window)](https://help.openai.com/articles/11487775-connectors-in-chatgpt), depending on the features you use. Some of our Services allow you to interact with other users, such as post, comment, or send messages, and we treat those interactions as Content, too.

- Interpretation (disclaimed): This segment defines 'Content' as personal data provided in user inputs to Services, including prompts, files, images, audio, video, and connected service data, establishing the scope of user-generated content collected by OpenAI.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_User%20Content%3A_%20We,interactions%20as%20Content%2C%20too.

### privacy data use — risk unknown

> - _Other Information You Provide_: We collect other information that you provide to us, such as when you participate in our events or surveys, or when you provide us or a vendor operating on our behalf with information to establish your identity or age (collectively, “Other Information You Provide”).

- Interpretation (disclaimed): This segment defines 'Other Information You Provide' as a residual category of personal data including event participation, survey responses, and identity/age verification information, completing the taxonomy of voluntarily provided data.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Other%20Information%20You,%E2%80%9COther%20Information%20You%20Provide%E2%80%9D).

### privacy data use — risk unknown

> - _Device Information_: We collect information about the device you use to access the Services, such as the name of the device, operating system, device identifiers, and browser you are using. Information collected depends on the type of device you use and its settings.

- Interpretation (disclaimed): This segment defines 'Device Information' as personal data collected about the device used to access Services, including device name, OS, identifiers, and browser, establishing this as a distinct category of passively collected data.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Device%20Information_%3A%20We,use%20and%20its%20settings.

### privacy data use — risk unknown

> - _Location Information:_ We determine the general area from which your device accesses our Services based on information like its IP address for security reasons and to make your product experience better, for example to protect your account by detecting unusual login activity or to provide more accurate responses. In addition, some of our Services allow you to choose to provide more precise location information from your device, such as location information from your device’s GPS.

- Interpretation (disclaimed): This segment defines 'Location Information' as data derived from IP address for security and product improvement purposes, and describes the optional collection of more precise GPS-based location, establishing both the data category and the purposes for its collection.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Location%20Information%3A_%20We,from%20your%20device%E2%80%99s%20GPS.

### privacy data use — risk unknown

> We use Personal Data for the following purposes:

- Interpretation (disclaimed): This segment introduces the list of purposes for personal data use, establishing the framework within which all subsequent use purposes are defined.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20use%20Personal%20Data%20for%20the%20following%20purposes%3A

### privacy data use — risk unknown

> - To improve and develop our Services and conduct research, for example to develop new features;

- Interpretation (disclaimed): This segment grants OpenAI permission to use personal data to improve and develop Services and conduct research, including developing new features, establishing a permissive use of data for product development.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20To%20improve%20and,to%20develop%20new%20features%3B

### privacy data use — risk unknown

> - To communicate with you, including to respond to your questions, and send you information about our Services and events, for example about changes or improvements to the Services;

- Interpretation (disclaimed): This segment grants OpenAI permission to use personal data to communicate with users, including responding to questions and sending service-related information, establishing a permissive use of contact data for communication purposes.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20To%20communicate%20with,improvements%20to%20the%20Services%3B

### privacy data use — risk unknown

> - Identify your contacts who use our Services when you choose to connect your contacts and update you if they join our Services later;

- Interpretation (disclaimed): This segment grants OpenAI permission to use contact data to identify a user's contacts who also use the Services and to update the user when contacts join, establishing a permissive use of contact data contingent on user opt-in.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20Identify%20your%20contacts,join%20our%20Services%20later%3B

### privacy data use — risk unknown

> - To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, OpenAI, or third parties, for instance to prevent harm to you or others, or to estimate your age to give you an age-appropriate experience.

- Interpretation (disclaimed): This segment grants OpenAI permission to use personal data to comply with legal obligations and protect the rights, privacy, safety, or property of users, OpenAI, or third parties, including age estimation, establishing legally-grounded permissive data uses.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20To%20comply%20with,you%20an%20age-appropriate%20experience.

### privacy data use — risk unknown

> Our Services provide you with a number of controls over your Personal Data and how it is used and retained. You can always change these settings in your account. These include the following controls:

- Interpretation (disclaimed): This clause establishes that users have access to a number of controls over their personal data usage and retention through account settings, granting a general right to configure privacy preferences.
- Tier: All
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=Our%20Services%20provide%20you,include%20the%20following%20controls%3A

### privacy data use — risk unknown

> - You can export your ChatGPT history and data in your account’s data controls.

- Interpretation (disclaimed): This clause grants users the right to export their ChatGPT history and data, establishing a data portability right exercisable through account settings.
- Tier: All
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20You%20can%20export,your%20account%E2%80%99s%20data%20controls.

### privacy data use — risk unknown

> - For Free and Go users, you can use the advertising controls in your account settings to control what data we use to personalize the ads we show you on our Services.

- Interpretation (disclaimed): This clause grants Free and Go tier users the right to use advertising controls to limit the data used for ad personalization on OpenAI's services, creating a tier-differentiated privacy control.
- Tier: All
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20For%20Free%20and,you%20on%20our%20Services.

### privacy data use — risk unknown

> - If you use the Atlas browser, you can delete your browsing history or choose to browse the web in incognito mode, which helps keep your browsing private from other people who use your device.

- Interpretation (disclaimed): This clause grants Atlas browser users the right to delete browsing history or use incognito mode, providing controls to limit data collection and device-level privacy exposure.
- Tier: All
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20If%20you%20use,who%20use%20your%20device.

### privacy data use — risk unknown

> - You can unsubscribe from marketing communications you receive from us by using the choices provided in those communications.

- Interpretation (disclaimed): This clause grants users the right to unsubscribe from marketing communications using opt-out mechanisms provided within those communications.
- Tier: All
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20You%20can%20unsubscribe,provided%20in%20those%20communications.

### privacy data use — risk unknown

> - Rectify or update your Personal Data

- Interpretation (disclaimed): This clause grants users the right to rectify or update inaccurate personal data, establishing a statutory correction right under applicable privacy law.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20Rectify%20or%20update%20your%20Personal%20Data

### privacy data use — risk unknown

> - Delete your Personal Data from our records.

- Interpretation (disclaimed): Grants data subjects the right to request deletion of their personal data from OpenAI's records, establishing a legal entitlement enforceable against the data controller.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20Delete%20your%20Personal%20Data%20from%20our%20records.

### privacy data use — risk unknown

> - Restrict how we process your Personal Data.

- Interpretation (disclaimed): Grants data subjects the right to restrict how OpenAI processes their personal data, limiting the scope of processing activities the company may undertake.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20Restrict%20how%20we%20process%20your%20Personal%20Data.

### privacy data use — risk unknown

> - Transfer your Personal Data to a third party (right to data portability).

- Interpretation (disclaimed): Grants data subjects the right to data portability, enabling transfer of their personal data to a third party and imposing a corresponding obligation on OpenAI to facilitate that transfer.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20Transfer%20your%20Personal,(right%20to%20data%20portability).

### privacy data use — risk unknown

> Our Services are not directed to, or intended for, children under 13.  We do not knowingly collect Personal Data from children under 13. If you have reason to believe that a child under 13 has provided Personal Data to OpenAI through the Services, please email us at privacy@openai.com. We will investigate any notification and, if appropriate, delete the Personal Data from our systems. Users under 18 must have permission from their parent or guardian to use our Services. [Learn more⁠(opens in a new window)](https://help.openai.com/articles/12315553-parental-controls-on-chatgpt-faq) about how teens and parents or guardians can choose to link their accounts.

- Interpretation (disclaimed): Restricts OpenAI's services from being directed to children under 13, prohibits knowing collection of their personal data, imposes a notification and deletion procedure for inadvertent collection, and requires parental/guardian permission for users under 18.
- Tier: All
- Location: Privacy Policy › “7\. Children”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=Our%20Services%20are%20not,to%20link%20their%20accounts.

### privacy data use — risk unknown

> | --- | --- | --- |

- Interpretation (disclaimed): Table formatting element establishing the column structure for the state-law-required disclosure table organizing categories of personal data, use, and disclosure.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%7C%20---%20%7C%20---%20%7C%20---%20%7C

### privacy data use — risk unknown

> | **Category of Personal Data** | **Use of Personal Data** | **Disclosure of Personal Data** |

- Interpretation (disclaimed): Defines the column headers for the state privacy law disclosure table, structuring the legal categories of personal data collection, use, and disclosure obligations that follow.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%7C%20**Category%20of%20Personal,of%20Personal%20Data**%20%7C

### privacy data use — risk unknown

> | We collect the following information, as described above:<br>- Identifiers, such as your name, contact details, IP address, and other device identifiers<br>- Commercial information, such as your transaction history<br>- Network activity information, such as how you interact with our Services, including Log Data, Usage Data, and information about the device you use to access the Services<br>- Content, including your prompts and content you upload to the Services and interactions and messages with other users<br>- Communication Information, such as your contact information when you send us email<br>- Contact Data if you choose to connect your device contacts<br>- Geolocation data, such as the general area from which your device accesses our Services based on information like its IP address, or precise location information you choose to provide<br>- Other Account Information, such as your account credentials, and payment information, date of birth, and profile picture<br>- Other Information You Provide, such as if you choose to participate in our events or surveys or when you provide us or a vendor operating on our behalf with information to establish your identity or age. | We use this information for the following purposes, as described above:<br>- Provide, analyze, and maintain our Services<br>- Improve and develop our Services and conduct research, including using your Content to train our models (subject to your [control)](https://help.openai.com/en/articles/7730893-data-controls-faq#h_3fb7cda882)<br>- To personalize and customize your experience across our Services<br>- For Free and Go users, subject to your controls, to personalize the ads you see on our Services and measure the effectiveness of ads shown on our Services. [Learn

- Interpretation (disclaimed): Discloses the categories of personal data collected by OpenAI as required by U.S. state privacy laws, including identifiers, commercial information, network activity, content/prompts, and communications, fulfilling statutory transparency obligations.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%7C%20We%20collect%20the,on%20our%20Services.%20%5BLearn

### privacy data use — risk unknown

> The right to be free from retaliation relating to the exercise of any of your privacy rights. Review our California privacy rights reporting [here⁠](https://openai.com/policies/privacy-policy/california-privacy-rights-reporting/).

- Interpretation (disclaimed): Grants data subjects the right to be free from retaliation when exercising their state privacy law rights, and incorporates a reference to California-specific privacy rights reporting.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=The%20right%20to%20be,privacy%20rights%20reporting%20%5Bhere%E2%81%A0%5D(https%3A%2F%2Fopenai.com%2Fpolicies%2Fprivacy-policy%2Fcalifornia-privacy-rights-reporting%2F).

### privacy data use — risk unknown

> more.](https://help.openai.com/en/articles/20001047-ads-in-chatgpt)<br>- Communicate with you, including to respond to your questions, and send you information about our Services and events, for example about changes or improvements to the Services or offers or information that may interest you<br>- To identify your contacts who use our Services when you choose to connect your contacts and update you if they join our Services later.<br>- Prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services, including by monitoring any Content submitted or exchanged on our platforms (learn more [here](https://openai.com/transparency-and-content-moderation/))<br>- Comply with legal obligations and protect the rights, privacy, safety, or property of our users, OpenAI, or third parties, for instance to prevent harm to you or others, and to estimate your age to give you an age-appropriate experience | We may disclose this information in the following circumstances, as described above:<br>- Vendors, service providers, and affiliates to assist us in meeting business operations needs and to perform certain services and functions described above<br>- Government authorities or other third parties for the legal reasons described above<br>- Parties involved in Transactions<br>- Business account administrators for the reasons described above<br>- Parents or guardians of teen users for account linking purposes described above<br>- Other users and third parties you interact or share information with |

- Interpretation (disclaimed): Discloses the purposes for which OpenAI uses collected personal data, including communications, fraud prevention, and advertising, fulfilling U.S. state privacy law transparency requirements about data use practices.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%20more.%5D(https%3A%2F%2Fhelp.openai.com%2Fen%2Farticles%2F20001047-ads-in-chatgpt)%3Cbr%3E-%20Communicate%20with,share%20information%20with%20%7C

### privacy data use — risk unknown

> **Your Other Rights.** Depending on where you live and subject to applicable exceptions, you may have the following privacy rights in relation to your Personal Data:

- Interpretation (disclaimed): Introduces the enumeration of additional state law privacy rights available to users depending on jurisdiction and subject to applicable exceptions, framing the scope of rights described in following segments.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=**Your%20Other%20Rights.**%20Depending,to%20your%20Personal%20Data%3A

### privacy data use — risk unknown

> - The right to request deletion of your Personal Data;

- Interpretation (disclaimed): Grants data subjects the right to request deletion of their personal data under applicable U.S. state privacy laws.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20The%20right%20to,of%20your%20Personal%20Data%3B

### privacy data use — risk unknown

> **Authorized Agents.** Depending upon where you reside, you may also submit a rights request through an authorized agent. If you do so, the agent must present authority to act on your behalf, such as signed written permission, and you may also be required to independently verify your identity with us. Authorized agent requests can be submitted to dsar@openai.com.

- Interpretation (disclaimed): Specifies the procedure for submitting privacy rights requests through authorized agents, including requirements for written authority and independent identity verification, and provides the submission contact.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=**Authorized%20Agents.**%20Depending%20upon,be%20submitted%20to%20dsar%40openai.com.

### privacy data use — risk unknown

> Please [contact support⁠(opens in a new window)](https://help.openai.com/articles/6614161-how-can-i-contact-support#:~:text=If%20you%20already%20have%20an,of%20help.openai.com.) if you have any questions or concerns not already addressed in this policy.

- Interpretation (disclaimed): Directs users to contact support for questions or concerns not addressed in the policy, providing the procedural pathway for user inquiries about data practices.
- Tier: All
- Location: Privacy Policy › “12\. How to contact us”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=Please%20%5Bcontact%20support%E2%81%A0(opens%20in,addressed%20in%20this%20policy.

### privacy data use — risk unknown

> [Data Controls FAQ⁠(opens in a new window)](https://help.openai.com/articles/7730893-data-controls-faq)

- Interpretation (disclaimed): Incorporates by reference an external Data Controls FAQ, making the detailed data control guidance part of the policy's disclosure framework for users seeking to manage their data.
- Tier: All
- Location: Privacy Policy › “13\. Useful resources”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%5BData%20Controls%20FAQ%E2%81%A0(opens%20in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Farticles%2F7730893-data-controls-faq)

### privacy data use — risk unknown

> [Privacy Portal⁠(opens in a new window)](https://privacy.openai.com/policies)

- Interpretation (disclaimed): Incorporates the Privacy Portal by reference, directing users to the governing privacy framework that establishes legal obligations and rights regarding personal data use on the platform.
- Tier: All
- Location: Privacy Policy › “13\. Useful resources”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%5BPrivacy%20Portal%E2%81%A0(opens%20in%20a%20new%20window)%5D(https%3A%2F%2Fprivacy.openai.com%2Fpolicies)

### privacy data use — risk unknown

> [Health Privacy Notice⁠](https://openai.com/policies/health-privacy-policy/)

- Interpretation (disclaimed): Incorporates the Health Privacy Notice by reference, which sets out specific legal obligations and restrictions for the collection and use of health-related personal data, a specially protected category under applicable privacy law.
- Tier: All
- Location: Privacy Policy › “13\. Useful resources”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%5BHealth%20Privacy%20Notice%E2%81%A0%5D(https%3A%2F%2Fopenai.com%2Fpolicies%2Fhealth-privacy-policy%2F)

### privacy data use — risk unknown

> - To provide, analyse, and maintain our Services, for example to respond to your questions for ChatGPT;

- Interpretation (disclaimed): This segment grants OpenAI permission to use personal data to provide, analyze, and maintain Services, including responding to user queries, establishing a core permissive use of collected data.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20To%20provide%2C%20analyse%2C,your%20questions%20for%20ChatGPT%3B

### privacy data use — risk unknown

> - _Account Information:_ When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, date of birth, payment information, and transaction history, (collectively, “Account Information”). Some of our Services may also allow you to upload a profile picture, a username, or other information as part of your Account Information.

- Interpretation (disclaimed): This segment defines 'Account Information' as a category of personal data collected upon account creation, including name, contact information, credentials, date of birth, payment information, and transaction history, establishing what data OpenAI collects for account management purposes.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Account%20Information%3A_%20When,of%20your%20Account%20Information.

### privacy data use — risk unknown

> |     |     |     |

- Interpretation (disclaimed): Structural table delimiter that frames the categorical disclosure table required by U.S. state privacy laws, providing context for the legal obligations described in adjacent segments.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%7C%20%20%20%20%20%7C%20%20%20%20%20%7C%20%20%20%20%20%7C

### privacy data use — risk unknown

> - Access your Personal Data and information relating to how it is processed.

- Interpretation (disclaimed): This clause grants users the right to access their personal data and information about how it is processed, establishing a statutory access and transparency right.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20Access%20your%20Personal,how%20it%20is%20processed.

### privacy data use — risk unknown

> - The right to know information about our processing of your Personal Data, including the right to access your Personal Data, often in a portable format;

- Interpretation (disclaimed): Grants data subjects the right to know about and access their personal data, including in a portable format, as required by U.S. state privacy laws.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20The%20right%20to,in%20a%20portable%20format%3B

### privacy data use — risk unknown

> We may receive information from advertisers and other data partners, which we use for purposes including to help us measure and improve the effectiveness of ads shown to Free and Go users on our Services. For example, we could receive information about purchases you make from these advertisers.

- Interpretation (disclaimed): This segment describes OpenAI's permission to receive data from advertisers and data partners for ad measurement and effectiveness purposes, specifically for Free and Go tier users, establishing a permissive data use practice tied to a specific user tier.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20may%20receive%20information,make%20from%20these%20advertisers.

### privacy data use — risk unknown

> We implement commercially reasonable technical, administrative, and organizational measures designed to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you provide to the Services. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites.

- Interpretation (disclaimed): Describes OpenAI's security measures as 'commercially reasonable' while disclaiming responsibility for transmission security failures and circumvention of security measures by third parties, limiting OpenAI's liability for data breaches.
- Tier: All
- Location: Privacy Policy › “8\. Security”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20implement%20commercially%20reasonable,Service%2C%20or%20third-party%20websites.

### privacy data use — risk unknown

> You can exercise some of these rights through your OpenAI account using the tools described in the [Data controls ⁠](https://openai.com/policies/privacy-policy/#data-controls) section, or you can submit your request through [privacy.openai.com⁠(opens in a new window)](https://privacy.openai.com/) or to [dsar@openai.com⁠](mailto:dsar@openai.com). You can contact our data protection officer at [dpo@openai.com⁠](mailto:dpo@openai.com).

- Interpretation (disclaimed): Specifies the procedural mechanisms by which data subjects can exercise their privacy rights, including account-based tools, a dedicated portal, and email contacts for requests and the DPO.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=You%20can%20exercise%20some,protection%20officer%20at%20%5Bdpo%40openai.com%E2%81%A0%5D(mailto%3Adpo%40openai.com).

### privacy data use — risk unknown

> We also aggregate or de-identify Personal Data so that it no longer identifies you and use this information for the purposes described above, such as to analyze the way our Services are being used, to improve and add features to them, and to conduct research. We will maintain and use de-identified information in de-identified form and not attempt to reidentify the information, unless required by law.

- Interpretation (disclaimed): This segment grants OpenAI permission to aggregate or de-identify personal data for research and service improvement purposes, and establishes an obligation to maintain de-identified data in de-identified form without re-identification unless legally required.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20also%20aggregate%20or,unless%20required%20by%20law.

### privacy data use — risk unknown

> - To personalize and customize your experience across our Services, for example to provide you with more relevant Content;

- Interpretation (disclaimed): This segment grants OpenAI permission to use personal data to personalize and customize user experience across Services, establishing a permissive use of data for user experience optimization.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20To%20personalize%20and,with%20more%20relevant%20Content%3B

### privacy data use — risk unknown

> - Lodge a complaint with your local data protection authority.

- Interpretation (disclaimed): Grants data subjects the right to lodge a complaint with their local data protection authority, providing a regulatory remedy channel independent of OpenAI's internal processes.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20Lodge%20a%20complaint,local%20data%20protection%20authority.

### privacy data use — risk unknown

> - Withdraw your consent—where we rely on consent as the legal basis for processing.

- Interpretation (disclaimed): Grants data subjects the right to withdraw consent where consent is the legal basis for processing, with the effect of restricting further consent-based processing upon withdrawal.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20Withdraw%20your%20consent%E2%80%94where,legal%20basis%20for%20processing.

### privacy data use — risk unknown

> Some [U.S. state privacy laws⁠(opens in a new window)](http://help.openai.com/articles/20001055) require specific disclosures. The following table provides additional information about the categories of Personal Data we collect and how we use and disclose that information. You can read more about the Personal Data we collect and where we collect it from in “ [Personal Data we collect⁠](https://openai.com/policies/privacy-policy/#personal-data-we-collect)” above, how we use Personal Data in “ [How we use Personal Data⁠](https://openai.com/policies/privacy-policy/#how-we-use-personal-data)” above, when we disclose Personal Data in “ [Disclosure of Personal Data⁠](https://openai.com/policies/privacy-policy/#disclosure-of-personal-data)” above and how we retain Personal Data in “ [Retention⁠](https://openai.com/policies/privacy-policy/#retention)” above. We don’t process sensitive data for the purpose of inferring characteristics about you.

- Interpretation (disclaimed): Incorporates by reference the earlier sections on personal data collection and use, and cross-references additional state-law-required disclosures, establishing that state privacy law obligations apply to the described data practices.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=Some%20%5BU.S.%20state%20privacy,inferring%20characteristics%20about%20you.

### privacy data use — risk unknown

> - _Usage Data_: We collect information about your use and activity across the Services, such as the types of content that you view or engage with, the features you use and the actions you take, when you submit feedback to a model response, the people with whom you interact, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection. If you use the Atlas browser we may also collect your browser data according to [your controls⁠(opens in a new window)](https://help.openai.com/articles/12574142-chatgpt-atlas-data-controls-and-privacy) and use of the service.

- Interpretation (disclaimed): This segment defines 'Usage Data' as activity and behavioral data collected across Services, including content interactions, feature use, feedback submissions, device and connection details, establishing this as a category of passively collected personal data.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Usage%20Data_%3A%20We,use%20of%20the%20service.

### privacy data use — risk unknown

> **Your Opt-Out Rights.** We don’t “sell” Personal Data. Depending upon your choices, we may share limited data with select marketing partners for purposes of promoting our products and services to you on third-party properties.

- Interpretation (disclaimed): Disclaims that OpenAI does not 'sell' personal data under state law definitions while disclosing that limited data may be shared with marketing partners for targeted advertising, which may qualify as 'sharing' under state privacy laws.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=**Your%20Opt-Out%20Rights.**%20We,you%20on%20third-party%20properties.

### privacy data use — risk unknown

> - You can decide whether we will remember details between chats to make Content more personalized and relevant.

- Interpretation (disclaimed): This clause grants users the right to decide whether OpenAI remembers details between chats for personalization purposes, giving users control over persistent memory features.
- Tier: All
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20You%20can%20decide,more%20personalized%20and%20relevant.

### privacy data use — risk unknown

> You can find more information on data controls [here⁠(opens in a new window)](https://help.openai.com/articles/7730893-data-controls-faq) and by visiting [privacy.openai.com⁠(opens in a new window)](http://privacy.openai.com/).

- Interpretation (disclaimed): This clause incorporates by reference additional information on data controls through external links, directing users to supplementary resources that form part of the overall data control framework.
- Tier: All
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=You%20can%20find%20more,in%20a%20new%20window)%5D(http%3A%2F%2Fprivacy.openai.com%2F).

### privacy data use — risk unknown

> [Memories FAQ⁠(opens in a new window)](https://help.openai.com/articles/8590148-memory-faq)

- Interpretation (disclaimed): Incorporates the Memories FAQ by reference, which governs how user memory data is handled, retained, and controlled, creating legal context for data use and retention obligations.
- Tier: All
- Location: Privacy Policy › “13\. Useful resources”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%5BMemories%20FAQ%E2%81%A0(opens%20in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Farticles%2F8590148-memory-faq)

### privacy data use — risk unknown

> - Depending on applicable law, you may be able to choose which cookies are used when you use our Services, and you can make choices about the use of your information for purposes of promoting our products and services to you on third-party properties (l [earn more⁠(opens in a new window)](https://help.openai.com/articles/20001156)).

- Interpretation (disclaimed): This clause grants users the right to manage cookie preferences and control the use of their information for third-party advertising purposes, subject to applicable law.
- Tier: All
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20Depending%20on%20applicable,in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Farticles%2F20001156)).

### privacy data use — risk unknown

> - _Contact Data:_ If you choose to connect your device contacts, we upload information from your device address books and check which of your contacts also use our Services. If any of your contacts aren’t yet using our Services, we’ll update you if they sign up for our Services later. [Learn more⁠(opens in a new window)](http://help.openai.com/articles/20001058) about connecting your contacts and [how we use uploaded contact information⁠(opens in a new window)](http://help.openai.com/articles/20001059) of people who don’t use our Services.

- Interpretation (disclaimed): This segment defines 'Contact Data' as personal data collected from device address books when users opt to connect their contacts, and describes how OpenAI uses that data, establishing both the data category and the permission granted by user action to collect third-party contact information.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Contact%20Data%3A_%20If,don%E2%80%99t%20use%20our%20Services.

### privacy data use — risk unknown

> [Voice Mode FAQ⁠(opens in a new window)](https://help.openai.com/articles/8400625-voice-mode-faq)

- Interpretation (disclaimed): Incorporates the Voice Mode FAQ by reference, which establishes rules and disclosures governing voice data collection and processing, creating binding context for data handling practices.
- Tier: All
- Location: Privacy Policy › “13\. Useful resources”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%5BVoice%20Mode%20FAQ%E2%81%A0(opens%20in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Farticles%2F8400625-voice-mode-faq)

### privacy data use — risk unknown

> Depending on where you live, you may have certain statutory rights in relation to your Personal Data. For example, you may have the right to:

- Interpretation (disclaimed): This clause establishes that users may have statutory rights regarding their personal data depending on jurisdiction, and introduces the categories of rights that may be available, conditioning their applicability on local law.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=Depending%20on%20where%20you,have%20the%20right%20to%3A

### privacy data use — risk unknown

> **Appeals.** Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights. To appeal a decision, please send your request to dsar@openai.com.

- Interpretation (disclaimed): Establishes a right of appeal for users whose privacy rights requests are denied, specifying the submission procedure for appeals via email, constituting a legal remedy mechanism under applicable state privacy laws.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=**Appeals.**%20Depending%20on%20where,your%20request%20to%20dsar%40openai.com.

### privacy data use — risk unknown

> **Personal Data You Provide:** We collect Personal Data if you create an account to use our Services or communicate with us as follows:

- Interpretation (disclaimed): This segment introduces the category of personal data users voluntarily provide, describing OpenAI's practice of collecting such data when users create accounts or communicate, establishing an obligation-backed disclosure of data collection practices.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=**Personal%20Data%20You%20Provide%3A**,with%20us%20as%20follows%3A

### privacy data use — risk unknown

> - _Communication Information_: If you communicate with us, such as via email or our pages on social media sites, we may collect Personal Data like your name, contact information, and the contents of the messages you send (“Communication Information”).

- Interpretation (disclaimed): This segment defines 'Communication Information' as personal data collected when users communicate with OpenAI, including name, contact information, and message contents, establishing this as a distinct category of collected data.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Communication%20Information_%3A%20If,you%20send%20(%E2%80%9CCommunication%20Information%E2%80%9D).

### privacy data use — risk unknown

> - The right to correct your Personal Data; and

- Interpretation (disclaimed): Grants data subjects the right to correct inaccurate personal data held by OpenAI under applicable U.S. state privacy laws.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20The%20right%20to,your%20Personal%20Data%3B%20and

### privacy data use — risk unknown

> - _Log Data_: We collect information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.

- Interpretation (disclaimed): This segment defines 'Log Data' as automatically collected technical data including IP address, browser type, request timestamps, and interaction data, establishing this as a category of passively collected personal data.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Log%20Data_%3A%20We,interact%20with%20our%20Services.

### privacy data use — risk unknown

> This is known as “targeted advertising” or sharing for “cross-context behavioral advertising” under certain state privacy laws. You can opt out using the marketing privacy control in your account settings. If you’re not logged in, you can opt out within Settings > Data Controls on ChatGPT or using the Your Privacy Choices [link⁠](https://openai.com/policies/us-privacy-policy/#manage-cookies) on our website. You can also opt out using a legally recognized opt-out mechanism, like Global Privacy Control. You can learn more about the types of data we use and share for these purposes and controls we offer you [here⁠(opens in a new window)](https://help.openai.com/articles/20001156). We don’t engage in these activities for users we know to be under 18 years of age.

- Interpretation (disclaimed): Grants users opt-out rights from targeted advertising and cross-context behavioral advertising sharing, and specifies multiple procedural mechanisms including account settings, Global Privacy Control, and in-app controls for exercising that opt-out.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=This%20is%20known%20as,18%20years%20of%20age.

### privacy data use — risk unknown

> - To promote our products and services to you through direct marketing and on third-party properties, and to assess the effectiveness of those efforts, subject to your choices and controls ( [learn more⁠(opens in a new window)](https://help.openai.com/articles/20001156));

- Interpretation (disclaimed): This segment grants OpenAI permission to use personal data for direct marketing and promotion on third-party properties, subject to user choices and controls, establishing a permissive but user-controllable use of data for marketing purposes.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20To%20promote%20our,in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Farticles%2F20001156))%3B

### privacy data use — risk unknown

> **Verification.** In order to protect your Personal Data from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Data for verification. If we cannot verify your identity, we will not be able to honor your request.

- Interpretation (disclaimed): Establishes the identity verification procedure OpenAI may require before honoring requests to know, correct, or delete personal data, including conditions under which requests may be denied if identity cannot be verified.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=**Verification.**%20In%20order%20to,to%20honor%20your%20request.

### privacy data use — risk unknown

> We may update this policy from time to time. When we do, we will publish an updated version and effective date on this page, unless another type of notice is required by applicable law.

- Interpretation (disclaimed): Specifies the procedure by which OpenAI will notify users of policy changes, by publishing an updated version and effective date, subject to any legally required alternative notice methods.
- Tier: All
- Location: Privacy Policy › “10\. Changes to the privacy policy”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20may%20update%20this,required%20by%20applicable%20law.

### privacy data use — risk unknown

> This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings, such as our API. Our use of that data is governed by our customer agreements covering access to and use of those offerings.

- Interpretation (disclaimed): This segment creates an exception carving out business customer API data from this Privacy Policy's scope, specifying that such data is instead governed by separate customer agreements, which limits OpenAI's obligations under this policy with respect to that data.
- Tier: All
- Location: Privacy Policy › “US privacy policy”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=This%20Privacy%20Policy%20does,use%20of%20those%20offerings.

### privacy data use — risk unknown

> - _Cookies and Similar Technologies_: We use cookies and similar technologies to operate and administer our Services, and improve your experience. We store some of the information described in this Policy with cookies, for example to help maintain your preferences across sessions if you’re not logged in, or to assist with authentication and customer support. For details about our use of cookies, please read our [Cookie Notice⁠](https://openai.com/policies/cookie-policy/).

- Interpretation (disclaimed): This segment defines the use of cookies and similar technologies as tools for operating and administering Services, storing preferences, and authentication, and incorporates the Cookie Notice by reference for further detail.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Cookies%20and%20Similar,read%20our%20%5BCookie%20Notice%E2%81%A0%5D(https%3A%2F%2Fopenai.com%2Fpolicies%2Fcookie-policy%2F).

### privacy data use — risk unknown

> **Personal Data We Receive from Your Use of the Services:** When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions:

- Interpretation (disclaimed): This segment introduces the category of personal data automatically received from users' use of the Services, establishing the framework for passive data collection described in subsequent sub-segments.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=**Personal%20Data%20We%20Receive,visit%2C%20use%2C%20or%20interactions%3A

### data retention — risk medium

> Once you choose to delete Personal Data, we will remove it from our systems within 30 days unless we need to retain it for longer as described below, or it has already been de-identified and disassociated from your account when you allow us to use your Content to [improve our models

- Interpretation (disclaimed): The carve-out for de-identified/model-training data means that content contributed to training is effectively irrecoverable even after a deletion request, which may conflict with GDPR right-to-erasure expectations depending on the robustness of de-identification.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=Once%20you%20choose%20to,to%20%5Bimprove%20our%20models

### data retention — risk low

> The right to request deletion of your Personal Data

- Interpretation (disclaimed): The document acknowledges a deletion right but qualifies it with 'subject to applicable exceptions,' meaning not all data may be deletable on request. The verification requirement may also create friction in exercising this right.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=The%20right%20to%20request,of%20your%20Personal%20Data

### data retention — risk unknown

> We also may terminate your account if it has been inactive for over a year and you do not have a paid account. If we do, we will provide you with advance notice.

- Interpretation (disclaimed): Establishes that OpenAI may terminate inactive accounts (over one year with no paid subscription) and requires advance notice before doing so, defining both the retention/deletion trigger and the procedural notice requirement.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=We%20also%20may%20terminate,you%20with%20advance%20notice.

### data retention — risk unknown

> - When you ask us to delete your Personal Data, we retain the audit record of the erasure request to be able to verify that we have complied with the request.

- Interpretation (disclaimed): This clause obligates OpenAI to retain audit records of erasure requests as evidence of compliance with deletion obligations, even after the underlying personal data has been deleted.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%20-%20When%20you,complied%20with%20the%20request.

### data retention — risk unknown

> In determining these retention periods, we consider a number of factors, such as:

- Interpretation (disclaimed): This clause introduces the factors OpenAI considers when determining retention periods, establishing a multi-factor procedural framework for retention decision-making.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=In%20determining%20these%20retention,of%20factors%2C%20such%20as%3A

### data retention — risk unknown

> - **Information we delete automatically:** In some cases, Personal Data will be deleted automatically. For example, [Temporary Chats⁠(opens in a new window)](https://help.openai.com/articles/8914046-temporary-chat-faq) will be automatically deleted within 30 days (unless we have to retain them for safety or legal reasons, as described further below), and your [Atlas incognito browsing history⁠(opens in a new window)](https://help.openai.com/articles/12574142-chatgpt-atlas-data-controls-and-privacy#h_1822c59321) won’t be saved after you end your session.

- Interpretation (disclaimed): This clause describes the automatic deletion procedure for certain data types, specifying that Temporary Chats are deleted within 30 days and incognito browsing history is not saved after session end, subject to safety or legal exceptions.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20**Information%20we%20delete,you%20end%20your%20session.

### data retention — risk unknown

> - **Information we retain for longer for legitimate security, safety, or legal reasons:** In some cases, we need to retain Personal Data for longer even after you delete it, for example because we are legally required to, to address fraud and abuse, for security reasons, or for financial record-keeping purposes. For instance:

- Interpretation (disclaimed): This clause creates exceptions to standard deletion timelines, permitting OpenAI to retain personal data for extended periods for legitimate security, safety, or legal reasons even after user deletion requests.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20**Information%20we%20retain,record-keeping%20purposes.%20For%20instance%3A

### data retention — risk unknown

> - If we are legally required to retain your data (for instance, we receive a lawful subpoena) then we may retain it for the duration of the relevant legal or regulatory obligation;

- Interpretation (disclaimed): This clause creates a legal-obligation exception permitting OpenAI to retain personal data for the duration of a legal or regulatory requirement such as a lawful subpoena.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%20-%20If%20we,legal%20or%20regulatory%20obligation%3B

### data retention — risk unknown

> - The amount, nature, and sensitivity of the information;

- Interpretation (disclaimed): This clause identifies the amount, nature, and sensitivity of personal data as a factor in retention period determinations.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20The%20amount%2C%20nature%2C,sensitivity%20of%20the%20information%3B

### data retention — risk unknown

> - The potential risk of harm from unauthorized use or disclosure;

- Interpretation (disclaimed): This clause identifies the potential risk of harm from unauthorized use or disclosure as a factor in determining how long personal data is retained.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20The%20potential%20risk,unauthorized%20use%20or%20disclosure%3B

### data retention — risk unknown

> - You can delete or archive chats in ChatGPT, or delete your account entirely.

- Interpretation (disclaimed): This clause grants users the right to delete or archive individual chats or their entire account, establishing a deletion right as a user-exercisable control.
- Tier: All
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20You%20can%20delete,delete%20your%20account%20entirely.

### data retention — risk unknown

> - If specific Content, or your account, is banned because of violations of our [usage policies⁠](https://openai.com/policies/usage-policies/), we may retain that data for to protect our services from fraud, abuse, or other violations of our policies;

- Interpretation (disclaimed): This clause creates a specific exception allowing OpenAI to retain data associated with banned accounts or content in order to protect services from fraud, abuse, or policy violations.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%20-%20If%20specific,violations%20of%20our%20policies%3B

### data retention — risk unknown

> We’ll retain your Personal Data for only as long as we need in order to provide our Services to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Data depends on the type of data, how we use it, and in many cases your settings:

- Interpretation (disclaimed): This clause obligates OpenAI to retain personal data only as long as necessary to provide services or for legitimate business purposes including dispute resolution, safety, and legal compliance, and enumerates the factors that determine retention duration.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%E2%80%99ll%20retain%20your%20Personal,many%20cases%20your%20settings%3A

### data retention — risk unknown

> - When we are a party to a financial transaction (for instance, when we process your payment for a ChatGPT Plus or Pro account, or facilitate a purchase on ChatGPT), we may retain payment and transaction related information to meet our accounting, dispute resolution, and regulatory compliance purposes;

- Interpretation (disclaimed): This clause creates a financial record-keeping exception allowing OpenAI to retain payment and transaction data for accounting, dispute resolution, and regulatory compliance purposes when it is party to a financial transaction.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=%20-%20When%20we,and%20regulatory%20compliance%20purposes%3B

### data retention — risk unknown

> - **Information we retain until you delete it:** Some of our Services allow you to delete Personal Data stored in your account. For example, you can delete specific, or all, of your ChatGPT conversations, delete specific [Saved Memories⁠(opens in a new window)](https://help.openai.com/articles/8590148-memory-faq), or delete your account. Once you choose to delete Personal Data, we will remove it from our systems within 30 days unless we need to retain it for longer as described below, or it has already been de-identified and disassociated from your account when you allow us to use your Content to [improve our models⁠(opens in a new window)](https://help.openai.com/articles/5722486-how-your-data-is-used-to-improve-model-performance).

- Interpretation (disclaimed): This clause establishes the procedure for user-initiated deletion of personal data, specifying that OpenAI will remove such data within 30 days unless retention is required for legitimate reasons or the data has already been de-identified.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20**Information%20we%20retain,in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Farticles%2F5722486-how-your-data-is-used-to-improve-model-performance).

### data retention — risk unknown

> - Our purpose for processing the Personal Data (such as whether we need to retain it to provide our Services);

- Interpretation (disclaimed): This clause defines one of the factors in the retention determination process, specifically the purpose for which personal data is processed, including whether retention is necessary for service delivery.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20Our%20purpose%20for,to%20provide%20our%20Services)%3B

### data retention — risk unknown

> - Any legal requirements that we are subject to.

- Interpretation (disclaimed): This clause identifies applicable legal requirements as a factor in retention period determinations, linking retention policy to external legal obligations.
- Tier: All
- Location: Privacy Policy › “4\. Retention”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20Any%20legal%20requirements,we%20are%20subject%20to.

### subprocessors data sharing — risk high

> _Business Account Administrators_: When you join a ChatGPT Enterprise or business account, the administrators of that account may access and control your OpenAI account, including being able to access your Content. In addition, if you create an account using an email address belonging to your employer or another organization, we may share the fact that you have an account and certain account information, such as your email address, with your employer or organization to, for example, enable you to be added to their business account.

- Interpretation (disclaimed): Enterprise administrators gain broad access to user content and account controls. Additionally, email-domain-based sharing to employers can occur without the individual user's affirmative consent, raising GDPR/CCPA concerns around lawful basis.
- Tier: Enterprise
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=_Business%20Account%20Administrators_%3A%20When,to%20their%20business%20account.

### subprocessors data sharing — risk medium

> To assist us in meeting business operations needs and to perform certain services and functions, we disclose Personal Data to vendors, service providers, and marketing partners, including providers of hosting services, customer service vendors, cloud services, content delivery services, support and safety services, email communication software, web analytics services, payment and transaction processors, search and shopping providers, and information technology providers.

- Interpretation (disclaimed): The clause establishes broad disclosure to third-party subprocessors. The absence of a named subprocessor list in this document limits users' ability to assess specific data flows. Processing is stated to be instruction-based.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=To%20assist%20us%20in,and%20information%20technology%20providers.

### subprocessors data sharing — risk medium

> Vendors, service providers, and affiliates to assist us in meeting business operations needs and to perform certain services and functions described above

- Interpretation (disclaimed): The disclosure to vendors, service providers, and affiliates is stated as a general category without a specific list, limiting user ability to assess actual data sharing scope. This is a common but material risk for data sovereignty and compliance purposes.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=Vendors%2C%20service%20providers%2C%20and,and%20functions%20described%20above

### subprocessors data sharing — risk medium

> Depending upon your choices, we may share limited data with select marketing partners for purposes of promoting our products and services to you on third-party properties.

- Interpretation (disclaimed): While OpenAI states it does not 'sell' personal data, sharing with marketing partners for cross-context behavioral advertising is functionally equivalent under many state privacy laws. The opt-out mechanism mitigates but does not eliminate risk.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=Depending%20upon%20your%20choices%2C,you%20on%20third-party%20properties.

### subprocessors data sharing — risk medium

> r other third parties in compliance with the law (i) if required to do so to comply with a legal obligation, or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, users, or the public, or (vi) to protect against legal liability.

- Interpretation (disclaimed): The 'sole discretion' language in clause (iii) and 'good faith belief' in clause (i) give OpenAI wide latitude to share personal data with third parties without judicial compulsion or prior user notice, creating meaningful privacy risk.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=r%20other%20third%20parties,protect%20against%20legal%20liability.

### subprocessors data sharing — risk medium

> If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Data may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.

- Interpretation (disclaimed): This standard business-transfer clause permits disclosure and transfer of personal data during due diligence and on completion of a transaction. Users have no opt-out right articulated here, and the receiving entity may operate under different privacy standards.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=If%20we%20are%20involved,along%20with%20other%20assets.

### subprocessors data sharing — risk medium

> We may share your Personal Data, including information about your interaction with our Services, with government authorities, industry peers, or other third parties in compliance with the law (i) if required to do so to comply with a legal obligation, or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, users, or the public, or (vi) to protect against legal liability.

- Interpretation (disclaimed): Ground (iii) permits disclosure based on OpenAI's unilateral determination of a policy violation, without requiring a court order or legal compulsion. This expansive discretionary disclosure right is potentially high-risk for user confidentiality.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20may%20share%20your,protect%20against%20legal%20liability.

### subprocessors data sharing — risk medium

> We also share limited information with select marketing partners who are not service providers in order to promote our products and services on third-party properties and help us assess the effectiveness of those efforts. Some of these partners may receive information through cookies and similar technologies.

- Interpretation (disclaimed): Unlike subprocessors who must follow OpenAI's instructions, marketing partners are characterised as independent recipients. This creates a higher risk that data shared may be used by those parties for their own purposes beyond OpenAI's control.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20also%20share%20limited,cookies%20and%20similar%20technologies.

### subprocessors data sharing — risk medium

> We disclose Personal Data to our affiliates, meaning an entity that controls, is controlled by, or is under common control with OpenAI. Our affiliates may use this Personal Data in a manner consistent with this policy.

- Interpretation (disclaimed): The affiliate sharing clause is broad and the limitation ('consistent with this policy') incorporates all the wide-ranging uses described elsewhere, including model training and advertising. Users cannot easily identify or opt out of specific affiliate uses.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20disclose%20Personal%20Data,consistent%20with%20this%20policy.

### subprocessors data sharing — risk medium

> _Affiliates_: We disclose Personal Data to our affiliates, meaning an entity that controls, is controlled by, or is under common control with OpenAI. Our affiliates may use this Personal Data in a manner consistent with this policy.

- Interpretation (disclaimed): Affiliate sharing without enumeration of specific affiliates or data categories creates uncertainty about where data flows. As the affiliate network may expand, user data could reach entities unknown at time of collection.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=_Affiliates_%3A%20We%20disclose%20Personal,consistent%20with%20this%20policy.

### subprocessors data sharing — risk unknown

> Corporate domains. If you create an account using an email address owned by an organization (for example, your employer), that account may be added to the organization's business account with us, in which case we will provide notice to you so that you can help facilitate the transfer of your account (unless your organization has already provided notice to you that it may monitor and control your account). Once your account is transferred, the organization’s administrator will be able to control your account, including being able to access Content (defined below) and restrict or remove your access to the account.

- Interpretation (disclaimed): This segment discloses that Third Party Services and Third Party Output are subject to their own terms and disclaims OpenAI's responsibility for them, limiting OpenAI's liability with respect to third-party integrations.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Corporate%20domains.%20If%20you,access%20to%20the%20account.

### subprocessors data sharing — risk unknown

> **Information We Receive from Other Sources:** We receive information from other sources, such as our trusted security and safety partners to protect safety and prevent fraud, abuse, and other threats to our Services, and from marketing vendors who provide us with information about potential customers of our business services.

- Interpretation (disclaimed): This segment describes the receipt of personal data from third-party sources including security partners and marketing vendors, establishing OpenAI's data-sharing relationships with external parties and the purposes for which that third-party data is used.
- Tier: All
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=**Information%20We%20Receive%20from,of%20our%20business%20services.

### subprocessors data sharing — risk unknown

> - _Vendors, Service Providers, and Marketing Partners_: To assist us in meeting business operations needs and to perform certain services and functions, we disclose Personal Data to vendors, service providers, and marketing partners, including providers of hosting services, customer service vendors, cloud services, content delivery services, support and safety services, email communication software, web analytics services, payment and transaction processors, search and shopping providers, and information technology providers. We also work with service providers who help us with age and identity verification, and you can learn more [here⁠⁠(opens in a new window)](https://help.openai.com/articles/12652064-age-prediction-in-chatgpt). When we work with Service Providers, these parties will access, process, or store Personal Data based on our instructions and only in the course of performing their duties to us. We also share limited information with select marketing partners who are not service providers in order to promote our products and services on third-party properties and help us assess the effectiveness of those efforts. Some of these partners may receive information through cookies and similar technologies. Learn more about these practices and the choices available to you [here⁠(opens in a new window)](https://help.openai.com/articles/20001156-how-we-promote-openai-on-third-party-properties).

- Interpretation (disclaimed): This clause permits OpenAI to disclose personal data to vendors, service providers, and marketing partners for specified business operations and service functions, defining the categories of subprocessors who may receive user data.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Vendors%2C%20Service%20Providers%2C,in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Farticles%2F20001156-how-we-promote-openai-on-third-party-properties).

### subprocessors data sharing — risk unknown

> - _Affiliates_: We disclose Personal Data to our affiliates, meaning an entity that controls, is controlled by, or is under common control with OpenAI. Our affiliates may use this Personal Data in a manner consistent with this policy.

- Interpretation (disclaimed): This clause permits disclosure of personal data to OpenAI affiliates under common control and defines how those affiliates may use such data consistently with the policy.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Affiliates_%3A%20We%20disclose,consistent%20with%20this%20policy.

### subprocessors data sharing — risk unknown

> - _Other Users and Third Parties You Interact or Share Information With_: Certain Services allow you to interact or share information with other users or third parties. For example, you can share content like [ChatGPT conversations⁠(opens in a new window)](https://help.openai.com/articles/7925741-chatgpt-shared-links-faq) or Sora [videos⁠(opens in a new window)](https://help.openai.com/articles/12456897-getting-started-with-the-sora-app) and [characters⁠(opens in a new window)](https://help.openai.com/articles/12435986-generating-content-with-cameos), or share information with third-party [search⁠(opens in a new window)](https://help.openai.com/articles/9237897-chatgpt-search) and [shopping⁠(opens in a new window)](https://help.openai.com/articles/12440090-instant-checkout-buy-directly-from-merchants-through-chatgpt) partners. Information you share with third-party partners is governed by their own terms and privacy policies, and you should make sure you understand those terms and policies before sharing information with them.

- Interpretation (disclaimed): This clause permits users to share content with other users or third parties through platform features, noting that such voluntary sharing makes data available beyond OpenAI's direct control.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Other%20Users%20and,sharing%20information%20with%20them.

### subprocessors data sharing — risk unknown

> We also aggregate or de-identify Personal Data so that it no longer identifies you and share it with third parties for the purposes described above, such as to help improve our Services.

- Interpretation (disclaimed): This clause permits OpenAI to aggregate or de-identify personal data and share it with third parties for service improvement purposes, establishing a lawful basis for anonymized data sharing.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20also%20aggregate%20or,help%20improve%20our%20Services.

### subprocessors data sharing — risk unknown

> - _Parent or Guardian of a Teen_: Teen users and their parents or guardians can choose to link their accounts, allowing the parent or guardian to manage certain settings, and receive alerts if we detect a serious safety concern. These accounts can be unlinked at any time. [Learn more⁠(opens in a new window)](https://help.openai.com/articles/12315553-parental-controls-on-chatgpt-faq) about account linking.

- Interpretation (disclaimed): This clause permits account linking between teen users and their parents or guardians, allowing parental access to manage settings and receive safety alerts, while also granting the right to unlink accounts at any time.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Parent%20or%20Guardian,window)%5D(https%3A%2F%2Fhelp.openai.com%2Farticles%2F12315553-parental-controls-on-chatgpt-faq)%20about%20account%20linking.

### subprocessors data sharing — risk unknown

> - _Government Authorities or Other Third Parties_: We may share your Personal Data, including information about your interaction with our Services, with government authorities, industry peers, or other third parties in compliance with the law (i) if required to do so to comply with a legal obligation, or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, users, or the public, or (vi) to protect against legal liability.

- Interpretation (disclaimed): This clause permits sharing personal data with government authorities and third parties for legal compliance, rights protection, policy enforcement, and fraud prevention, granting OpenAI discretionary authority to disclose data under specified conditions.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Government%20Authorities%20or,protect%20against%20legal%20liability.

### subprocessors data sharing — risk unknown

> - _Business Transfers_: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Data may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.

- Interpretation (disclaimed): This clause permits disclosure and transfer of personal data to counterparties and successors in the context of business transactions such as mergers, bankruptcies, or service transitions, establishing a lawful basis for such transfers.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Business%20Transfers_%3A%20If,along%20with%20other%20assets.

### subprocessors data sharing — risk unknown

> We disclose your Personal Data in the following circumstances:

- Interpretation (disclaimed): This sentence introduces the enumerated circumstances under which OpenAI discloses personal data, creating a disclosure framework that binds the company's data-sharing practices.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20disclose%20your%20Personal,in%20the%20following%20circumstances%3A

### subprocessors data sharing — risk unknown

> - _Business Account Administrators_: When you join a ChatGPT Enterprise or business account, the administrators of that account may access and control your OpenAI account, including being able to access your Content. In addition, if you create an account using an email address belonging to your employer or another organization, we may share the fact that you have an account and certain account information, such as your email address, with your employer or organization to, for example, enable you to be added to their business account.

- Interpretation (disclaimed): This clause permits business account administrators and employers to access and control user account data including content, and permits OpenAI to share account information with organizations when users register with organizational email addresses.
- Tier: All
- Location: Privacy Policy › “3\. Disclosure of Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20_Business%20Account%20Administrators_%3A,to%20their%20business%20account.

### audit rights dpa residency — risk medium

> OpenAI processes your Personal Data for the purposes described in this policy on servers located in various jurisdictions, including processing and storing your Personal Data in our facilities and servers in the United States, or in countries or territories where our affiliates and partners or our vendors and service providers are located. While data protection law varies by country, we apply the protections described in this policy to your Personal Data regardless of where it is processed, and only transfer that data pursuant to legally valid transfer mechanisms.

- Interpretation (disclaimed): Non-US users (particularly EEA) face cross-border data transfers to the US and other jurisdictions. OpenAI commits to 'legally valid transfer mechanisms' but does not specify SCCs, adequacy decisions, or BCRs. No audit rights are described for general users.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=OpenAI%20processes%20your%20Personal,legally%20valid%20transfer%20mechanisms.

### audit rights dpa residency — risk low

> If you live in the European Economic Area (EEA) or Switzerland, OpenAI Ireland Limited, with its registered office at 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, is the controller and is responsible for the processing of your Personal Data as described in this policy.

- Interpretation (disclaimed): Identifying OpenAI Ireland as the EEA/Swiss data controller is a GDPR-required disclosure. This determines which supervisory authority has jurisdiction and what rights and protections apply to those users.
- Tier: All
- Location: Privacy Policy › “11\. Data controller”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=If%20you%20live%20in,described%20in%20this%20policy.

### audit rights dpa residency — risk unknown

> If you live in the European Economic Area (EEA) or Switzerland, OpenAI Ireland Limited, with its registered office at 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, is the controller and is responsible for the processing of your Personal Data as described in this policy.

- Interpretation (disclaimed): Identifies OpenAI Ireland Limited as the data controller responsible for processing personal data of EEA and Switzerland residents, establishing the legal entity accountable under GDPR for that population.
- Tier: All
- Location: Privacy Policy › “11\. Data controller”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=If%20you%20live%20in,described%20in%20this%20policy.

### audit rights dpa residency — risk unknown

> OpenAI processes your Personal Data for the purposes described in this policy on servers located in various jurisdictions, including processing and storing your Personal Data in our facilities and servers in the United States, or in countries or territories where our affiliates and partners or our vendors and service providers are located. While data protection law varies by country, we apply the protections described in this policy to your Personal Data regardless of where it is processed, and only transfer that data pursuant to legally valid transfer mechanisms.

- Interpretation (disclaimed): Discloses that personal data is processed on servers in various jurisdictions including the US, obligates OpenAI to apply consistent protections regardless of processing location, and requires use of legally valid transfer mechanisms for cross-border data transfers.
- Tier: All
- Location: Privacy Policy › “6\. Your rights”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=OpenAI%20processes%20your%20Personal,legally%20valid%20transfer%20mechanisms.

### audit rights dpa residency — risk unknown

> If you live anywhere else, OpenAI OpCo, LLC, with its registered office at 1455 Third Street, San Francisco, California 94158, United States, is the controller and is responsible for the processing of your Personal Data as described in this policy.

- Interpretation (disclaimed): Identifies OpenAI OpCo, LLC as the data controller for all users outside the EEA and Switzerland, establishing the legal entity responsible for processing their personal data under applicable law.
- Tier: All
- Location: Privacy Policy › “11\. Data controller”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=If%20you%20live%20anywhere,described%20in%20this%20policy.

### indemnity liability — risk ambiguous

> arising out of or relating to your use of the Services and Content or any violation of these Terms.

- Interpretation (disclaimed): Only the tail of what appears to be an indemnification clause is present in the provided document excerpt. The surviving fragment references user liability for use of Services and violation of Terms but lacks the full grant language needed for definitive risk assessment.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=arising%20out%20of%20or,violation%20of%20these%20Terms.

### indemnity liability — risk unknown

> When you use our Services you understand and agree:

- Interpretation (disclaimed): This segment requires users to acknowledge and agree that Output may not always be accurate and should not be relied upon as a sole source of truth or substitute for professional advice, functioning as a liability-limiting disclaimer regarding the reliability of AI-generated outputs.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=When%20you%20use%20our,you%20understand%20and%20agree%3A

### indemnity liability — risk unknown

> - Output may not always be accurate. You should not rely on Output from our Services as a sole source of truth or factual information, or as a substitute for professional advice.

- Interpretation (disclaimed): This segment imposes an obligation on users to evaluate Output for accuracy and appropriateness, including using human review, before using or sharing it — creating a due diligence duty that shifts responsibility for Output use to the user.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Output%20may%20not,substitute%20for%20professional%20advice.

### indemnity liability — risk unknown

> OUR SERVICES ARE PROVIDED “AS IS.” EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS MAKE NO WARRANTIES (EXPRESS, IMPLIED, STATUTORY OR OTHERWISE) WITH RESPECT TO THE SERVICES, AND DISCLAIM ALL WARRANTIES INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, NON-INFRINGEMENT, AND QUIET ENJOYMENT, AND ANY WARRANTIES ARISING OUT OF ANY COURSE OF DEALING OR TRADE USAGE. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ACCURATE OR ERROR FREE, OR THAT ANY CONTENT WILL BE SECURE OR NOT LOST OR ALTERED.

- Interpretation (disclaimed): Disclaims all express, implied, statutory, and other warranties regarding the Services, including merchantability, fitness for purpose, non-infringement, and error-free operation, limiting OpenAI's and its affiliates' and licensors' legal exposure for service quality.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=OUR%20SERVICES%20ARE%20PROVIDED,NOT%20LOST%20OR%20ALTERED.

### indemnity liability — risk unknown

> YOU ACCEPT AND AGREE THAT ANY USE OF OUTPUTS FROM OUR SERVICE IS AT YOUR SOLE RISK AND YOU WILL NOT RELY ON OUTPUT AS A SOLE SOURCE OF TRUTH OR FACTUAL INFORMATION, OR AS A SUBSTITUTE FOR PROFESSIONAL ADVICE.

- Interpretation (disclaimed): Disclaims liability for user reliance on AI outputs, placing sole risk of output use on the user and explicitly prohibiting reliance on outputs as the sole source of factual truth or as a substitute for professional advice.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=YOU%20ACCEPT%20AND%20AGREE,SUBSTITUTE%20FOR%20PROFESSIONAL%20ADVICE.

### indemnity liability — risk unknown

> NEITHER WE NOR ANY OF OUR AFFILIATES OR LICENSORS WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, OR DATA OR OTHER LOSSES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OUR AGGREGATE LIABILITY UNDER THESE TERMS WILL NOT EXCEED ​​THE GREATER OF THE AMOUNT YOU PAID FOR THE SERVICE THAT GAVE RISE TO THE CLAIM DURING THE 12 MONTHS BEFORE THE LIABILITY AROSE OR ONE HUNDRED DOLLARS ($100). THE LIMITATIONS IN THIS SECTION APPLY ONLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.

- Interpretation (disclaimed): Excludes OpenAI and affiliates from liability for indirect, incidental, special, consequential, or exemplary damages and caps aggregate liability at the greater of amounts paid in the prior 12 months or $100, limiting the maximum financial exposure OpenAI bears under these Terms.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=NEITHER%20WE%20NOR%20ANY,PERMITTED%20BY%20APPLICABLE%20LAW.

### indemnity liability — risk unknown

> Some countries and states do not allow the disclaimer of certain warranties or the limitation of certain damages, so some or all of the terms above may not apply to you, and you may have additional rights. In that case, these Terms only limit our responsibilities to the maximum extent permissible in your country of residence.

- Interpretation (disclaimed): Creates an exception to the warranty disclaimers and liability limitations for jurisdictions where such clauses are not legally permitted, preserving users' mandatory local rights and limiting OpenAI's liability only to the extent allowed by the user's local law.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Some%20countries%20and%20states,your%20country%20of%20residence.

### indemnity liability — risk unknown

> OPENAI’S AFFILIATES, SUPPLIERS, LICENSORS, AND DISTRIBUTORS ARE INTENDED THIRD PARTY BENEFICIARIES OF THIS SECTION.

- Interpretation (disclaimed): Designates OpenAI's affiliates, suppliers, licensors, and distributors as intended third-party beneficiaries of the limitation of liability section, conferring on them the right to enforce those protections directly.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=OPENAI%E2%80%99S%20AFFILIATES%2C%20SUPPLIERS%2C%20LICENSORS%2C,BENEFICIARIES%20OF%20THIS%20SECTION.

### indemnity liability — risk unknown

> If you are a business or organization, to the extent permitted by law, you will indemnify and hold harmless us, our affiliates, and our personnel, from and against any costs, losses, liabilities, and expenses (including attorneys’ fees) from third party claims arising out of or relating to your use of the Services and Content or any violation of these Terms.

- Interpretation (disclaimed): Obligates business and organizational users to indemnify, defend, and hold harmless OpenAI and its affiliates and personnel against third-party claims, costs, losses, liabilities, and expenses (including attorneys' fees) arising from their use of Services or violation of these Terms.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=If%20you%20are%20a,violation%20of%20these%20Terms.

### indemnity liability — risk unknown

> Trade controls. You must comply with all applicable trade laws, including sanctions and export control laws. Our Services may not be used in or for the benefit of, or exported or re-exported to (a) any U.S. embargoed country or territory or (b) any individual or entity with whom dealings are prohibited or restricted under applicable trade laws. Our Services may not be used for any end use prohibited by applicable trade laws, and your Input may not include material or information that requires a government license for release or export.

- Interpretation (disclaimed): Imposes an obligation on users to comply with all applicable trade laws, including sanctions and export controls, and restricts use of the Services in embargoed territories or by sanctioned individuals/entities, as well as for prohibited end uses.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Trade%20controls.%20You%20must,for%20release%20or%20export.

### governing law disputes — risk high

> CLASS AND JURY TRIAL WAIVERS. You and OpenAI agree that Disputes must be brought on an individual basis only, and may not be brought as a plaintiff or class member in any purported class, consolidated, or representative proceeding. Class arbitrations, class actions, and representative actions are prohibited. Only individual relief is available. The parties agree to sever and litigate in court any request for public injunctive relief after completing arbitration for the underlying claim and all other claims. This does not prevent either party from participating in a class-wide settlement. You and OpenAI knowingly and irrevocably waive any right to trial by jury in any action, proceeding, or counterclaim.

- Interpretation (disclaimed): Class action waivers prevent users from aggregating small or individually non-economical claims. The jury trial waiver removes a constitutional right in any proceeding. Requiring arbitration of the underlying claim before any public injunctive relief can be sought in court further delays and burdens users seeking systemic remedies.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=CLASS%20AND%20JURY%20TRIAL,action%2C%20proceeding%2C%20or%20counterclaim.

### governing law disputes — risk medium

> Governing law. California law will govern these Terms except for its conflicts of laws principles. Except as provided in the dispute resolution section above, all claims arising out of or relating to these Terms will be brought exclusively in the federal or state courts of San Francisco, California.

- Interpretation (disclaimed): Choice of California law and exclusive venue in San Francisco courts limits users' ability to rely on local consumer-protection laws that may be more favorable, and imposes practical travel/cost burdens on non-local users for the narrow set of claims that survive arbitration.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Governing%20law.%20California%20law,of%20San%20Francisco%2C%20California.

### governing law disputes — risk medium

> Assignment. You may not assign or transfer any rights or obligations under these Terms and any attempt to do so will be void. We may assign our rights or obligations under these Terms to any affiliate, subsidiary, or successor in interest of any business associated with our Services.

- Interpretation (disclaimed): Asymmetric assignment rights mean that in a merger, acquisition, or corporate restructuring, a new entity may assume OpenAI's rights over user data and obligations without user approval. Users have no reciprocal right to transfer their accounts or contractual positions.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Assignment.%20You%20may%20not,associated%20with%20our%20Services.

### governing law disputes — risk medium

> We will give you at least 30 days advance notice of changes to these Terms that materially adversely impact you either via email or an in-product notification. All other changes will be effective as soon as we post them to our website. If you do not agree to the changes, you must stop using our Services.

- Interpretation (disclaimed): OpenAI is the sole judge of what constitutes a 'materially adverse' change triggering the 30-day notice obligation. Changes deemed non-material become binding immediately. The only recourse for disagreement is to stop using the service, forfeiting any accumulated data or subscription value.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=We%20will%20give%20you,stop%20using%20our%20Services.

### governing law disputes — risk unknown

> These Terms of Use apply to your use of ChatGPT, DALL·E, and OpenAI’s other services for individuals, along with any associated software applications and websites (all together, “Services”). These Terms form an agreement between you and OpenAI OpCo, LLC, a Delaware company, and they include our [Service Terms⁠⁠](https://openai.com/policies/service-terms/) and important provisions for resolving disputes through arbitration. By using our Services, you agree to these Terms.

- Interpretation (disclaimed): This segment defines the scope of the Terms, identifies the contracting parties (user and OpenAI OpCo, LLC), incorporates Service Terms and arbitration provisions by reference, and establishes agreement by use — creating the foundational contractual relationship including dispute resolution mechanisms.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=These%20Terms%20of%20Use,agree%20to%20these%20Terms.

### governing law disputes — risk unknown

> If you reside in the European Economic Area, Switzerland, or the UK, your use of the Services is governed by [these terms⁠⁠](https://openai.com/policies/eu-terms-of-use/).

- Interpretation (disclaimed): This segment restricts the applicability of these Terms to users outside the EEA, Switzerland, and the UK, directing those users to a separate governing terms document, thereby determining which legal regime governs.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=If%20you%20reside%20in,governed%20by%20%5Bthese%20terms%E2%81%A0%E2%81%A0%5D(https%3A%2F%2Fopenai.com%2Fpolicies%2Feu-terms-of-use%2F).

### governing law disputes — risk unknown

> YOU AND OPENAI AGREE TO THE FOLLOWING MANDATORY ARBITRATION AND CLASS ACTION WAIVER PROVISIONS:

- Interpretation (disclaimed): Introduces and incorporates the mandatory arbitration and class action waiver provisions by summarizing their applicability, signaling user agreement to the detailed terms that follow.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=YOU%20AND%20OPENAI%20AGREE,CLASS%20ACTION%20WAIVER%20PROVISIONS%3A

### governing law disputes — risk unknown

> MANDATORY ARBITRATION. You and OpenAI agree to resolve any claims arising out of or relating to these Terms or our Services, regardless of when the claim arose, even if it was before these Terms existed (a “Dispute”), through final and binding arbitration. You may opt out of arbitration within 30 days of account creation or of any updates to these arbitration terms within 30 days after the update has taken effect by filling out [this form⁠](https://openai.com/form/arbitration-opt-out/). If you opt out of an update, the last set of agreed upon arbitration terms will apply.

- Interpretation (disclaimed): Obligates both parties to resolve all claims through final and binding arbitration, regardless of when the claim arose, and establishes a 30-day opt-out procedure, making arbitration the default mandatory dispute resolution mechanism.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=MANDATORY%20ARBITRATION.%20You%20and,arbitration%20terms%20will%20apply.

### governing law disputes — risk unknown

> Informal dispute resolution. We would like to understand and try to address your concerns prior to formal legal action. Before either of us files a claim against the other, we both agree to try to resolve the Dispute informally. You agree to do so by sending us notice through [this form⁠](https://openai.com/form/informal-dispute/). We will do so by sending you notice to the email address associated with your account. If we are unable to resolve a Dispute within 60 days, either of us has the right to initiate arbitration. We also both agree to attend an individual settlement conference if either party requests one during this time. Any statute of limitations will be tolled during this informal resolution process.

- Interpretation (disclaimed): Establishes a mandatory informal dispute resolution procedure requiring both parties to attempt resolution through notice before initiating formal arbitration, with a 60-day resolution window and optional individual settlement conference.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Informal%20dispute%20resolution.%20We,this%20informal%20resolution%20process.

### governing law disputes — risk unknown

> Arbitration forum. If we are unable to resolve the Dispute, either of us may commence arbitration with National Arbitration and Mediation (“NAM”) under its Comprehensive Dispute Resolution Rules and Procedures and/or Supplemental Rules for Mass Arbitration Filings, as applicable (available [here⁠⁠(opens in a new window)](https://www.namadr.com/resources/rules-fees-forms/)).

- Interpretation (disclaimed): Designates NAM as the arbitration forum and specifies the applicable rules (Comprehensive Dispute Resolution Rules and Supplemental Rules for Mass Arbitration Filings) governing commencement of arbitration proceedings.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Arbitration%20forum.%20If%20we,in%20a%20new%20window)%5D(https%3A%2F%2Fwww.namadr.com%2Fresources%2Frules-fees-forms%2F)).

### governing law disputes — risk unknown

> OpenAI will not seek attorneys’ fees and costs in arbitration unless the arbitrator determines that your claim is frivolous. The activities described in these Terms involve interstate commerce and the Federal Arbitration Act will govern the interpretation and enforcement of these arbitration terms and any arbitration.

- Interpretation (disclaimed): Restricts OpenAI from seeking attorneys' fees unless the arbitrator finds a claim frivolous, and establishes the Federal Arbitration Act as the governing law for interpretation and enforcement of the arbitration terms.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=OpenAI%20will%20not%20seek,terms%20and%20any%20arbitration.

### governing law disputes — risk unknown

> Arbitration procedures. The arbitration will be conducted by videoconference if possible, but if the arbitrator determines a hearing should be conducted in person, the location will be mutually agreed upon, in the county where you reside, or as determined by the arbitrator, unless the batch arbitration process applies. The arbitration will be conducted by a sole arbitrator. The arbitrator will be either a retired judge or an attorney licensed to practice law in the state of California. The arbitrator will have exclusive authority to resolve any Dispute, except the state or federal courts of San Francisco, California have the authority to determine any Dispute about enforceability, validity of the class action waiver, or requests for public injunctive relief, as set out below. Any settlement offer amounts will not be disclosed to the arbitrator by either party until after the arbitrator determines the final award, if any. The arbitrator has the authority to grant motions dispositive of all or part of any Dispute.

- Interpretation (disclaimed): Specifies arbitration procedures including videoconference format preference, in-person location rules, use of a sole arbitrator who is a retired judge or California-licensed attorney, and the arbitrator's exclusive authority to resolve disputes subject to limited court jurisdiction.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Arbitration%20procedures.%20The%20arbitration,part%20of%20any%20Dispute.

### governing law disputes — risk unknown

> Exceptions. This section does not require informal dispute resolution or arbitration of the following claims: (i) individual claims brought in small claims court; and (ii) injunctive or other equitable relief to stop unauthorized use or abuse of the Services or intellectual property infringement or misappropriation.

- Interpretation (disclaimed): Creates exceptions to the mandatory arbitration requirement for small claims court actions and claims for injunctive or equitable relief related to unauthorized use, abuse, or IP infringement, allowing those matters to proceed outside arbitration.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Exceptions.%20This%20section%20does,property%20infringement%20or%20misappropriation.

### governing law disputes — risk unknown

> CLASS AND JURY TRIAL WAIVERS. You and OpenAI agree that Disputes must be brought on an individual basis only, and may not be brought as a plaintiff or class member in any purported class, consolidated, or representative proceeding. Class arbitrations, class actions, and representative actions are prohibited. Only individual relief is available. The parties agree to sever and litigate in court any request for public injunctive relief after completing arbitration for the underlying claim and all other claims. This does not prevent either party from participating in a class-wide settlement. You and OpenAI knowingly and irrevocably waive any right to trial by jury in any action, proceeding, or counterclaim.

- Interpretation (disclaimed): Prohibits class arbitrations, class actions, and representative actions, requiring all disputes to be brought on an individual basis only, and waives both parties' rights to jury trials, with a carve-out for public injunctive relief after arbitration.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=CLASS%20AND%20JURY%20TRIAL,action%2C%20proceeding%2C%20or%20counterclaim.

### governing law disputes — risk unknown

> Batch arbitration. If 25 or more claimants represented by the same or similar counsel file demands for arbitration raising substantially similar Disputes within 90 days of each other, then you and OpenAI agree that NAM will administer them in batches of up to 50 claimants each (“Batch”), unless there are less than 50 claimants in total or after batching, which will comprise a single Batch. NAM will administer each Batch as a single consolidated arbitration with one arbitrator, one set of arbitration fees, and one hearing held by videoconference or in a location decided by the arbitrator for each Batch. If any part of this section is found to be invalid or unenforceable as to a particular claimant or Batch, it will be severed and arbitrated in individual proceedings.

- Interpretation (disclaimed): Establishes a batch arbitration procedure for 25 or more similarly-situated claimants with similar counsel filing within 90 days, consolidating them into batches of up to 50 for administrative efficiency under NAM's oversight.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Batch%20arbitration.%20If%2025,arbitrated%20in%20individual%20proceedings.

### governing law disputes — risk unknown

> Severability. If any part of these arbitration terms is found to be illegal or unenforceable, the remainder will remain in effect, except that if a finding of partial illegality or unenforceability would allow class arbitration, class action, or representative action, this entire dispute resolution section will be unenforceable in its entirety.

- Interpretation (disclaimed): Establishes a severability rule for the arbitration terms: if any part is found illegal or unenforceable, the remainder survives, except that findings enabling class or representative arbitration render the entire dispute resolution section unenforceable.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Severability.%20If%20any%20part,unenforceable%20in%20its%20entirety.

### governing law disputes — risk unknown

> Assignment. You may not assign or transfer any rights or obligations under these Terms and any attempt to do so will be void. We may assign our rights or obligations under these Terms to any affiliate, subsidiary, or successor in interest of any business associated with our Services.

- Interpretation (disclaimed): Restricts users from assigning or transferring rights or obligations under the Terms (rendering any such attempt void), while granting OpenAI the permission to assign its rights or obligations to affiliates, subsidiaries, or successors.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Assignment.%20You%20may%20not,associated%20with%20our%20Services.

### governing law disputes — risk unknown

> Changes to these Terms or our Services. We are continuously working to develop and improve our Services. We may update these Terms or our Services accordingly from time to time. For example, we may make changes to these Terms or the Services due to:

- Interpretation (disclaimed): Reserves OpenAI's right to unilaterally update or modify the Terms or Services over time, establishing the basis for ongoing changes to the contractual relationship.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Changes%20to%20these%20Terms,the%20Services%20due%20to%3A

### governing law disputes — risk unknown

> - Changes to the law or regulatory requirements.

- Interpretation (disclaimed): Identifies changes to law or regulatory requirements as a permissible basis for modifying the Terms or Services, providing a specific justification category for unilateral amendments.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Changes%20to%20the%20law%20or%20regulatory%20requirements.

### governing law disputes — risk unknown

> - Security or safety reasons.

- Interpretation (disclaimed): Identifies security or safety reasons as a permissible basis for modifying the Terms or Services, providing a specific justification category for unilateral amendments.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Security%20or%20safety%20reasons.

### governing law disputes — risk unknown

> - Circumstances beyond our reasonable control.

- Interpretation (disclaimed): Identifies circumstances beyond OpenAI's reasonable control as a permissible basis for modifying the Terms or Services, functioning as a force majeure-type justification for amendments.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Circumstances%20beyond%20our%20reasonable%20control.

### governing law disputes — risk unknown

> - Changes we make in the usual course of developing our Services.

- Interpretation (disclaimed): Identifies ordinary course of service development as a permissible basis for modifying the Terms or Services, providing a broad operational justification category for amendments.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Changes%20we%20make,of%20developing%20our%20Services.

### governing law disputes — risk unknown

> - To adapt to new technologies.

- Interpretation (disclaimed): Identifies adaptation to new technologies as a permissible basis for modifying the Terms or Services, providing a forward-looking justification category for amendments.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20To%20adapt%20to%20new%20technologies.

### governing law disputes — risk unknown

> We will give you at least 30 days advance notice of changes to these Terms that materially adversely impact you either via email or an in-product notification. All other changes will be effective as soon as we post them to our website. If you do not agree to the changes, you must stop using our Services.

- Interpretation (disclaimed): Establishes the notice procedure for material adverse changes (30-day advance notice via email or in-product notification), specifies when other changes take effect, and imposes an obligation on users to stop using the Services if they disagree with changes.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=We%20will%20give%20you,stop%20using%20our%20Services.

### governing law disputes — risk unknown

> Delay in enforcing these Terms. Our failure to enforce a provision is not a waiver of our right to do so later. Except as provided in the dispute resolution section above, if any portion of these Terms is determined to be invalid or unenforceable, that portion will be enforced to the maximum extent permissible and it will not affect the enforceability of any other terms.

- Interpretation (disclaimed): Clarifies that OpenAI's failure to enforce any provision does not constitute a waiver of future enforcement rights, and addresses severability of invalid or unenforceable portions of the Terms.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Delay%20in%20enforcing%20these,of%20any%20other%20terms.

### governing law disputes — risk unknown

> Entire agreement. These Terms contain the entire agreement between you and OpenAI regarding the Services and, other than any Service-specific terms, supersedes any prior or contemporaneous agreements between you and OpenAI.

- Interpretation (disclaimed): Defines the Terms as the entire agreement between the parties regarding the Services, superseding all prior or contemporaneous agreements, thereby establishing the integration clause that governs the scope of contractual obligations.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Entire%20agreement.%20These%20Terms,between%20you%20and%20OpenAI.

### governing law disputes — risk unknown

> Governing law. California law will govern these Terms except for its conflicts of laws principles. Except as provided in the dispute resolution section above, all claims arising out of or relating to these Terms will be brought exclusively in the federal or state courts of San Francisco, California.

- Interpretation (disclaimed): Establishes California law as the governing law for the Terms (excluding conflicts of laws principles) and designates exclusive jurisdiction in federal or state courts of San Francisco, California for all related claims, creating binding procedural and substantive obligations on both parties.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Governing%20law.%20California%20law,of%20San%20Francisco%2C%20California.

### moderation enforcement — risk medium

> We may delete or disable content that we believe violates these Terms or is alleged to be infringing and will terminate accounts of repeat infringers where appropriate.

- Interpretation (disclaimed): The phrase 'alleged to be infringing' means OpenAI can act on third-party complaints without independent verification of infringement. Combined with account termination for 'repeat infringers,' users risk losing access to their accounts and data based on unresolved allegations.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=We%20may%20delete%20or,repeat%20infringers%20where%20appropriate.

### moderation enforcement — risk medium

> Prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services, including by monitoring any Content submitted or exchanged on our platforms

- Interpretation (disclaimed): Broad content monitoring is explicitly stated as a permitted use of personal data. This has implications for user expectations of confidentiality and for enterprise customers handling sensitive data.
- Tier: All
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=Prevent%20fraud%2C%20illegal%20activity%2C,exchanged%20on%20our%20platforms

### moderation enforcement — risk medium

> To prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services, including by monitoring any Content submitted or exchanged on our platforms

- Interpretation (disclaimed): The monitoring provision is broad and applies to all submitted and exchanged content. Combined with the enforcement-discretion language in the government-sharing clause (sole discretion for ToS violations), this creates significant surveillance risk for users.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=To%20prevent%20fraud%2C%20illegal,exchanged%20on%20our%20platforms

### moderation enforcement — risk unknown

> - A description of the copyrighted work that you claim has been infringed upon

- Interpretation (disclaimed): Requires the claimant to describe the copyrighted work alleged to have been infringed, imposing a substantive informational obligation for valid notice.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20A%20description%20of,has%20been%20infringed%20upon

### moderation enforcement — risk unknown

> - A description of where the allegedly infringing material is located on our site so we can find it

- Interpretation (disclaimed): Requires the claimant to identify the location of the allegedly infringing material on the platform, imposing an obligation to enable OpenAI to locate and act on the complaint.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20A%20description%20of,we%20can%20find%20it

### moderation enforcement — risk unknown

> - Use Output to develop models that compete with OpenAI.

- Interpretation (disclaimed): This segment permits downloading of software and acknowledges automatic updates, and discloses that open source components are governed by their own licenses, incorporating third-party license terms by reference.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Use%20Output%20to,that%20compete%20with%20OpenAI.

### moderation enforcement — risk unknown

> Minimum age. You must be at least 13 years old or the minimum age required in your country to consent to use the Services. If you are under 18 you must have your parent or legal guardian’s permission to use the Services.

- Interpretation (disclaimed): This segment imposes obligations on users to provide accurate registration information, prohibits credential sharing, assigns account responsibility, and requires authority to accept Terms on behalf of third parties — establishing enforceable account conduct rules.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Minimum%20age.%20You%20must,to%20use%20the%20Services.

### moderation enforcement — risk unknown

> What you can do. Subject to your compliance with these Terms, you may access and use our Services. In using our Services, you must comply with all applicable laws as well as our [Sharing & Publication Policy⁠⁠](https://openai.com/policies/sharing-publication-policy/), [Usage Policies⁠⁠](https://openai.com/policies/usage-policies/), and any other documentation, guidelines, or policies we make available to you.

- Interpretation (disclaimed): This segment introduces a non-exhaustive list of prohibited activities, broadly restricting use of the Services for illegal, harmful, or abusive activity.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=What%20you%20can%20do.,make%20available%20to%20you.

### moderation enforcement — risk unknown

> What you cannot do. You may not use our Services for any illegal, harmful, or abusive activity. For example, you may not:

- Interpretation (disclaimed): This segment prohibits use of the Services in ways that infringe, misappropriate, or violate third-party rights, establishing an intellectual property and rights-based use restriction.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=What%20you%20cannot%20do.,example%2C%20you%20may%20not%3A

### moderation enforcement — risk unknown

> - Use our Services in a way that infringes, misappropriates or violates anyone’s rights.

- Interpretation (disclaimed): This segment prohibits modification, copying, leasing, selling, or distributing any of the Services, restricting downstream exploitation of the platform.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Use%20our%20Services,or%20violates%20anyone%E2%80%99s%20rights.

### moderation enforcement — risk unknown

> - Modify, copy, lease, sell or distribute any of our Services.

- Interpretation (disclaimed): This segment prohibits reverse engineering, decompiling, or discovering source code or underlying components of the Services (including models and algorithms), with a carve-out where applicable law prohibits such restriction.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Modify%2C%20copy%2C%20lease%2C,any%20of%20our%20Services.

### moderation enforcement — risk unknown

> - Attempt to or assist anyone to reverse engineer, decompile or discover the source code or underlying components of our Services, including our models, algorithms, or systems (except to the extent this restriction is prohibited by applicable law).

- Interpretation (disclaimed): This segment prohibits automated or programmatic extraction of data or Output, restricting bulk data harvesting from the Services, and cross-references the definition of 'Output' as defined elsewhere.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Attempt%20to%20or,prohibited%20by%20applicable%20law).

### moderation enforcement — risk unknown

> - Automatically or programmatically extract data or Output (defined below).

- Interpretation (disclaimed): This segment prohibits misrepresenting AI-generated Output as human-generated content, establishing a transparency and authenticity obligation.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Automatically%20or%20programmatically,or%20Output%20(defined%20below).

### moderation enforcement — risk unknown

> - Represent that Output was human-generated when it was not.

- Interpretation (disclaimed): This segment prohibits interference with or disruption of the Services, including circumventing rate limits, restrictions, or safety mitigations, protecting platform integrity.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Represent%20that%20Output,when%20it%20was%20not.

### moderation enforcement — risk unknown

> Software. Our Services may allow you to download software, such as mobile applications, which may update automatically to ensure you’re using the latest version. Our software may include open source software that is governed by its own licenses that we’ve made available to you.

- Interpretation (disclaimed): This segment establishes a procedure for transferring accounts associated with organizational email domains to business accounts, including notice requirements to users and defining administrator control rights over transferred accounts and associated Content.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Software.%20Our%20Services%20may,made%20available%20to%20you.

### moderation enforcement — risk unknown

> Termination. You are free to stop using our Services at any time. We reserve the right to suspend or terminate your access to our Services or delete your account if we determine:

- Interpretation (disclaimed): Grants OpenAI the right to suspend or terminate user access or delete accounts upon determination that qualifying conditions are met, while confirming users may stop using Services at any time.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Termination.%20You%20are%20free,account%20if%20we%20determine%3A

### moderation enforcement — risk unknown

> - You breached these Terms or our [Usage Policies⁠⁠](https://openai.com/policies/usage-policies/).

- Interpretation (disclaimed): Identifies breach of Terms or Usage Policies as a condition triggering OpenAI's right to suspend or terminate, creating an enforcement basis tied to user compliance obligations.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20You%20breached%20these,or%20our%20%5BUsage%20Policies%E2%81%A0%E2%81%A0%5D(https%3A%2F%2Fopenai.com%2Fpolicies%2Fusage-policies%2F).

### moderation enforcement — risk unknown

> - We must do so to comply with the law.

- Interpretation (disclaimed): Establishes a legal-compliance basis for termination, obligating OpenAI to act when required by law to suspend or terminate user access.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20We%20must%20do,comply%20with%20the%20law.

### moderation enforcement — risk unknown

> - Your use of our Services could cause risk or harm to OpenAI, our users, or anyone else.

- Interpretation (disclaimed): Restricts users from using Services in ways that could cause risk or harm to OpenAI, its users, or others, and designates such use as grounds for account termination.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Your%20use%20of,users%2C%20or%20anyone%20else.

### moderation enforcement — risk unknown

> Appeals. If you believe we have suspended or terminated your account in error, you can file an appeal with us by [contacting our Support team⁠⁠(opens in a new window)](https://help.openai.com/en/articles/6614161-how-can-i-contact-support).

- Interpretation (disclaimed): Provides users with a remedy — the right to appeal account suspensions or terminations believed to be in error — by contacting OpenAI's Support team, establishing a procedural recourse mechanism.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Appeals.%20If%20you%20believe,in%20a%20new%20window)%5D(https%3A%2F%2Fhelp.openai.com%2Fen%2Farticles%2F6614161-how-can-i-contact-support).

### moderation enforcement — risk unknown

> If you believe that your intellectual property rights have been infringed, please send notice to the address below or fill out [this form⁠](https://openai.com/form/copyright-disputes/). We may delete or disable content that we believe violates these Terms or is alleged to be infringing and will terminate accounts of repeat infringers where appropriate.

- Interpretation (disclaimed): Establishes the procedure for submitting copyright infringement notices, grants OpenAI discretion to delete or disable allegedly infringing content and terminate repeat infringers' accounts, creating an IP enforcement and notice-and-takedown mechanism.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=If%20you%20believe%20that,repeat%20infringers%20where%20appropriate.

### moderation enforcement — risk unknown

> _OpenAI OpCo, LLC_

- Interpretation (disclaimed): Names the legal entity (OpenAI OpCo, LLC) to which copyright infringement notices must be sent, establishing the procedural recipient for DMCA/copyright claims.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=_OpenAI%20OpCo%2C%20LLC_

### moderation enforcement — risk unknown

> _1455 3rd Street_

- Interpretation (disclaimed): Provides the street address for submitting written copyright infringement claims, forming part of the required notice procedure.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=_1455%203rd%20Street_

### moderation enforcement — risk unknown

> _San Francisco, CA 94158_

- Interpretation (disclaimed): Provides the city, state, and ZIP code for the copyright agent address, completing the mailing address required for the infringement notice procedure.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=_San%20Francisco%2C%20CA%2094158_

### moderation enforcement — risk unknown

> _Attn: General Counsel / Copyright Agent_

- Interpretation (disclaimed): Identifies the attention line (General Counsel / Copyright Agent) for copyright infringement notices, directing submissions to the appropriate recipient within the organization.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=_Attn%3A%20General%20Counsel%20%2F%20Copyright%20Agent_

### moderation enforcement — risk unknown

> Written claims concerning copyright infringement must include the following information:

- Interpretation (disclaimed): Introduces the mandatory informational requirements that must be included in written copyright infringement claims, establishing the procedural obligations of the claimant.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Written%20claims%20concerning%20copyright,include%20the%20following%20information%3A

### moderation enforcement — risk unknown

> - A physical or electronic signature of the person authorized to act on behalf of the owner of the copyright interest

- Interpretation (disclaimed): Requires that copyright infringement notices include a physical or electronic signature of the authorized representative, imposing an obligation on the notifying party as part of the claims procedure.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20A%20physical%20or,of%20the%20copyright%20interest

### moderation enforcement — risk unknown

> - Your address, telephone number, and e-mail address

- Interpretation (disclaimed): Requires the claimant to provide contact information (address, telephone, email) as part of the copyright infringement notice procedure, imposing an obligation for valid claim submission.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20Your%20address%2C%20telephone%20number%2C%20and%20e-mail%20address

### moderation enforcement — risk unknown

> - A statement by you that you have a good-faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law

- Interpretation (disclaimed): Requires the claimant to include a good-faith belief statement that the disputed use is unauthorized, imposing a substantive legal obligation consistent with DMCA requirements.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20A%20statement%20by,agent%2C%20or%20the%20law

### moderation enforcement — risk unknown

> - A statement by you that the above information in your notice is accurate and, under penalty of perjury, that you are the copyright owner or authorized to act on the copyright owner’s behalf

- Interpretation (disclaimed): Requires the claimant to include an accuracy statement under penalty of perjury affirming authority to act on the copyright owner's behalf, imposing a legally significant obligation on the notifying party.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=-%20A%20statement%20by,the%20copyright%20owner%E2%80%99s%20behalf

### moderation enforcement — risk unknown

> - To prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services, including by monitoring any Content submitted or exchanged on our platforms (learn more [here⁠](https://openai.com/transparency-and-content-moderation/)); and

- Interpretation (disclaimed): This segment grants OpenAI permission to use personal data including Content to prevent fraud, illegal activity, and misuse of Services, and to protect system security through monitoring of submitted or exchanged Content, establishing a permissive use of data for enforcement and moderation purposes.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20To%20prevent%20fraud%2C,(learn%20more%20%5Bhere%E2%81%A0%5D(https%3A%2F%2Fopenai.com%2Ftransparency-and-content-moderation%2F))%3B%20and

### tier differences — risk medium

> For Free and Go users, to personalize the ads you see on our Services (subject to your settings), and to measure the effectiveness of ads shown on our Services.

- Interpretation (disclaimed): The policy explicitly limits ad-related data use to Free and Go users, creating a meaningful tier difference in privacy exposure. Users on free tiers accept a higher degree of data monetisation.
- Tier: Free
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=For%20Free%20and%20Go,shown%20on%20our%20Services.

### tier differences — risk medium

> We may receive information from advertisers and other data partners, which we use for purposes including to help us measure and improve the effectiveness of ads shown to Free and Go users on our Services. For example, we could receive information about purchases you make from these advertisers.

- Interpretation (disclaimed): This inbound data flow from third-party advertisers (including purchase history) is restricted to Free and Go users. It enables behavioural profiling beyond the platform and increases re-identification risk for these tiers.
- Tier: Free
- Location: Privacy Policy › “1\. Personal Data we collect”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=We%20may%20receive%20information,make%20from%20these%20advertisers.

### tier differences — risk medium

> For Free and Go users, you can use the advertising controls in your account settings to control what data we use to personalize the ads we show you on our Services.

- Interpretation (disclaimed): Free-tier users have their data used for ad personalization, a materially different privacy posture than paid tiers. The control offered is partial (users can adjust but the practice exists by default).
- Tier: Free
- Location: Privacy Policy › “5\. Data controls”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=For%20Free%20and%20Go,you%20on%20our%20Services.

### tier differences — risk medium

> For Free and Go users, subject to your controls, to personalize the ads you see on our Services and measure the effectiveness of ads shown on our Services.

- Interpretation (disclaimed): This clause creates an explicit tier difference: Free/Go users are subject to ad personalization data processing that paid or API users are not. This is a significant privacy distinction users should be aware of when selecting a tier.
- Tier: Free
- Location: Privacy Policy › “9\. Additional U.S. state disclosures”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=For%20Free%20and%20Go,shown%20on%20our%20Services.

### tier differences — risk unknown

> Our [Business Terms⁠⁠](https://openai.com/policies/business-terms/) govern use of ChatGPT Enterprise, our APIs, and our other services for businesses and developers.

- Interpretation (disclaimed): This segment distinguishes business/developer use (ChatGPT Enterprise, APIs) from individual use and incorporates Business Terms by reference, establishing a tier-based governance structure.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Our%20%5BBusiness%20Terms%E2%81%A0%E2%81%A0%5D(https%3A%2F%2Fopenai.com%2Fpolicies%2Fbusiness-terms%2F)%20govern,for%20businesses%20and%20developers.

### tier differences — risk unknown

> Billing. If you purchase any Services, you will provide complete and accurate billing information, including a valid payment method. For paid subscriptions, we will automatically charge your payment method on each agreed-upon periodic renewal until you cancel. You’re responsible for all applicable taxes, and we’ll charge tax when required. If your payment cannot be completed, we may downgrade your account or suspend your access to our Services until payment is received.

- Interpretation (disclaimed): Obligates users with paid accounts to provide accurate billing information, authorizes automatic recurring charges, makes users responsible for applicable taxes, and grants OpenAI the right to downgrade or suspend access upon payment failure, defining the financial obligations of paid-tier users.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Billing.%20If%20you%20purchase,until%20payment%20is%20received.

### tier differences — risk unknown

> Service credits. You can pay for some Services in advance by purchasing service credits. All service credits are subject to our [Service Credit Terms⁠⁠](https://openai.com/policies/service-credit-terms/).

- Interpretation (disclaimed): Introduces the service credits payment option and incorporates by reference the Service Credit Terms, making those terms binding on users who purchase credits.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Service%20credits.%20You%20can,our%20%5BService%20Credit%20Terms%E2%81%A0%E2%81%A0%5D(https%3A%2F%2Fopenai.com%2Fpolicies%2Fservice-credit-terms%2F).

### tier differences — risk unknown

> Cancellation. You can [cancel⁠⁠(opens in a new window)](https://help.openai.com/en/articles/7232927-how-do-i-cancel-my-chatgpt-plus-subscription) your paid subscription at any time. Payments are non-refundable, except where required by law. These Terms do not override any mandatory local laws regarding your cancellation rights.

- Interpretation (disclaimed): Grants users the right to cancel paid subscriptions at any time, states that payments are non-refundable except as required by law, and preserves mandatory local cancellation rights, balancing user cancellation rights against the no-refund default rule.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Cancellation.%20You%20can%20%5Bcancel%E2%81%A0%E2%81%A0(opens,regarding%20your%20cancellation%20rights.

### tier differences — risk unknown

> Changes. We may change our prices from time to time. If we increase our subscription prices, we will give you at least 30 days’ notice and any price increase will take effect on your next renewal so that you can cancel if you do not agree to the price increase.

- Interpretation (disclaimed): Establishes the procedure for price changes: OpenAI must provide at least 30 days' notice of subscription price increases, with increases taking effect on the next renewal, giving users the opportunity to cancel before the new price applies.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=Changes.%20We%20may%20change,to%20the%20price%20increase.

### tier differences — risk unknown

> We may decide to discontinue our Services, but if we do, we will give you advance notice and a refund for any prepaid, unused Services.

- Interpretation (disclaimed): Obligates OpenAI to provide advance notice and a refund for prepaid, unused Services if it decides to discontinue the Services, creating a user protection obligation upon discontinuation.
- Tier: All
- Location: text-fragment link only — source has no section structure
- Source: https://openai.com/policies/terms-of-use
- Snapshot SHA-256: `dc749352e0d049064caeefce90b1e38a0177a98ed89ba1637441922aaf853a55`
- Wayback: —
- Deep link: https://openai.com/policies/terms-of-use#:~:text=We%20may%20decide%20to,any%20prepaid%2C%20unused%20Services.

### tier differences — risk unknown

> - For Free and Go users, to personalize the ads you see on our Services (subject to your settings), and to measure the effectiveness of ads shown on our Services. [Learn more⁠(opens in a new window)](https://help.openai.com/articles/20001047-ads-in-chatgpt) about ads on our services;

- Interpretation (disclaimed): This segment grants OpenAI permission to use personal data of Free and Go tier users specifically for ad personalization and effectiveness measurement, subject to user settings, establishing a tier-differentiated data use practice that does not apply to paid tier users.
- Tier: All
- Location: Privacy Policy › “2\. How we use Personal Data”
- Source: https://openai.com/policies/privacy-policy
- Snapshot SHA-256: `7908fbad5eb10a4d236259d99458ec7c1fe0929185f2f217fdedb1c4e9be8345`
- Wayback: —
- Deep link: https://openai.com/policies/privacy-policy#:~:text=-%20For%20Free%20and,ads%20on%20our%20services%3B