the-custodian/canon/tpsc/openai-api.yaml

slug: openai-api
name: OpenAI API
provider: OpenAI, Inc.
category: llm_inference
website_url: https://openai.com
pricing_model: usage_based
gdpr_maturity: developing
gdpr_notes: >
  DPA available (Data Processing Addendum). Standard Contractual Clauses (SCCs)
  provided for EU→US data transfers. Data is processed in the US.
  Input/output retained up to 30 days for safety monitoring unless opted out
  via the API zero-data-retention setting. Zero-data-retention is available
  on eligible endpoints. Not suitable for sensitive personal data without a
  signed DPA and explicit zero-retention configuration.
  Reference: https://openai.com/policies/data-processing-addendum
dpa_available: true
tos_url: https://openai.com/policies/terms-of-use
privacy_policy_url: https://openai.com/policies/privacy-policy
data_processing_regions:
  - us
data_retention_notes: >
  Default: 30 days for abuse monitoring. Zero-data-retention available
  on eligible API endpoints via opt-in. Training opt-out available.
status: active