Expanding data residency access to business customers worldwide

Organizations and developers around the world are using ChatGPT to empower their workforces and build new products. With over 1 million business customers around the world directly using OpenAI, we have expanded where we offer data residency—allowing business customers to store data in certain regions, helping organizations meet local regulatory and data protection requirements. Today, eligible customers using ChatGPT Enterprise, ChatGPT Edu, or our API Platform in many global markets can choose local data residency when using OpenAI products in their businesses and building new solutions with AI.

Data residency is currently available in Europe, the United Kingdom, the United States, Canada, Japan, South Korea, Singapore, India, Australia, and the United Arab Emirates. We plan to expand availability to additional regions over time.

With data residency, eligible API, ChatGPT Enterprise, and ChatGPT Edu customers can choose to have their customer content stored at rest in-region.

ChatGPT Enterprise and Edu

New ChatGPT workspaces can be set up with data residency, allowing customer content to be stored at rest in the selected region. This includes—content such as conversations, uploaded files, custom GPTs and image generation artifacts, and more⁠(opens in a new window).

API Platform 

Enterprise Customers that have been approved for advanced data controls ⁠(opens in a new window)can enable regional data residency by creating a new Project in the API Platform dashboard and selecting their preferred region. Requests made through these Projects are handled in-region—model requests and responses are not stored at rest on OpenAI’s servers.

Data residency builds on OpenAI’s robust data privacy, security, and compliance features, which support organizations partnering with OpenAI today. These features include:

• Advanced encryption techniques: We use AES-256 for data at rest and TLS 1.2+ for data in transit between customers and OpenAI, and OpenAI and our service providers, to safeguard data confidentiality and integrity during storage and transmission across networks. With Enterprise Key Management (EKM)⁠, customers can bring their own encryption keys for customer content stored at-rest, adding another layer of security and compliance.
• No training on customer data: By default, OpenAI’s models are not trained using data from ChatGPT business plans or the API unless a customer explicitly opts in to share data with us.
• Comprehensive data protection: Our data protection practices can support compliance with GDPR, CCPA, and other privacy laws, and adhere to the CSA STAR, SOC 2 Type 2 standards, and ISO/IEC 27001⁠, 27017⁠, 27018⁠, 27701⁠ certifications.
• Data Processing Addendum (DPA): We offer a comprehensive DPA that clarifies roles and responsibilities under GDPR and other privacy regulations, helping organizations meet their compliance obligations.

For the API Platform and ChatGPT business products, data remains confidential, secure, and entirely owned by you. Data residency further enhances data control for business customers.

To learn more about eligibility and supported data, visit our Help Center⁠(opens in a new window) or contact our team to discuss enabling data residency for your organization.