OpenAI US Privacy Policy — MCP Documentation

What Is This?

How this server works and what it makes possible

A Privacy Policy You Can Actually Question

This server takes the OpenAI US Privacy Policy (updated 2026-05-18) and makes it available through the Model Context Protocol (MCP) — an open standard that lets AI assistants like Claude, ChatGPT, and Gemini access structured data in real time.

Instead of scrolling a legal document, you ask questions in plain language — "Does OpenAI use my chats to train its models?" — and get precise answers drawn from the policy itself, with attribution on every response.

Unofficial. This is a teaching demo built for a class on making MCP servers. It is not affiliated with or endorsed by OpenAI. The policy text belongs to OpenAI — always confirm details against the official policy.

For ChatGPT Users

Find out whether your chats train OpenAI's models — and switch it off
Learn what "delete" actually deletes, and on what timeline
See every privacy setting in your account and where it lives
Understand Temporary Chats, Memory, and data export

For Parents & Privacy-Curious People

Check the age rules: under-13 ban, teen parental permission, account linking
Learn whether data is sold or shared for advertising — and how to opt out
Exercise your state-law rights: access, correction, deletion, appeals
Decode the jargon with a 26-term plain-language glossary

Get Started

Connect this policy to your AI assistant — pick any platform

All platforms connect to the same MCP endpoint:

    https://mcp-demo.workingpaper.co/mcp/
    Copied!
  

Click to copy

ChatGPT Claude Gemini

ChatGPT

Plus, Team, and Enterprise plans

Go to chatgpt.com → Settings → Connected apps
Click Add connection
Paste the URL: https://mcp-demo.workingpaper.co/mcp/
Complete any authentication prompts
Start a new chat — the policy tools appear when you click the tools icon

Developer: OpenAI Responses API

import openai

client = openai.OpenAI()
resp = client.responses.create(
    model="gpt-4.1",
    input="Does OpenAI use my chats to train models?",
    tools=[{
        "type": "mcp",
        "server_label": "openai-privacy-policy",
        "server_url": "https://mcp-demo.workingpaper.co/mcp/",
        "require_approval": "never",
    }],
)

Claude

claude.ai, Desktop app, or Claude Code

Go to claude.ai → click your name → Settings → Integrations
Click Add Integration → choose MCP
Paste the URL: https://mcp-demo.workingpaper.co/mcp/
If prompted, enter the server password
Start a new chat — Claude will automatically use the policy tools

Claude Desktop or Claude Code

Desktop app — add to your config file (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "openai-privacy-policy": {
      "type": "streamable-http",
      "url": "https://mcp-demo.workingpaper.co/mcp/"
    }
  }
}

Claude Code CLI:

claude mcp add openai-privacy-policy \
  --transport streamable-http \
  https://mcp-demo.workingpaper.co/mcp/

Gemini

Google AI Studio or Gemini API

Go to aistudio.google.com → open a prompt
In the left panel, click Tools → Add tool → MCP Server
Paste the URL: https://mcp-demo.workingpaper.co/mcp/
Complete authentication if prompted
The policy tools appear in your tool list — start asking questions

That's it! Once connected on any platform, just type a question in plain English like "What happens when I delete a ChatGPT conversation?" — the AI will automatically look up the answer from the policy.

What's Inside

The full policy, structured and searchable

Policy Sections

Personal Data OpenAI Collects Personal Data You Provide, Data Received From Your Use of the Services, Information From Other Sources

How OpenAI Uses Personal Data Purposes of Use, Model Training and Your Content, Aggregated and De-identified Data

III

Disclosure of Personal Data Who OpenAI Discloses Data To, Does OpenAI Sell Personal Data?

Retention, Data Controls, and Your Rights Retention — How Long Data Is Kept, Data Controls — Settings You Can Change, Your Privacy Rights, Additional U.S. State Disclosures

Children, Teens, and Security Children and Teens, Security

About This Policy Scope — What This Policy Covers, Changes to the Privacy Policy, Data Controller, How to Contact OpenAI, Useful Resources, Glossary

Your Data Controls

Every privacy setting the policy describes, and where to find it:

Control	What It Does	Where
Model training opt-out	Choose whether your Content can be used to improve and train OpenAI's models.	ChatGPT Settings > Data Controls ('Improve the model for everyone')
Memory	Decide whether ChatGPT remembers details between chats to make Content more personalized and relevant. Individual Saved Memories can be deleted.	ChatGPT Settings > Personalization
Export your data	Export your ChatGPT history and data.	ChatGPT Settings > Data Controls
Delete chats or your account	Delete or archive specific chats, all chats, or delete your account entirely. Deleted data is removed within 30 days (with the legal/safety exceptions in Retention).	ChatGPT Settings / in-conversation controls
Temporary Chat	Conversations don't appear in your history and are not used to improve OpenAI's models; auto-deleted within 30 days.	ChatGPT model/chat menu
Cookie choices	Depending on applicable law, choose which cookies are used, and make choices about use of your information for marketing on third-party properties.	Cookie settings / 'Your Privacy Choices' link on openai.com
Advertising controls (Free and Go users)	Control what data OpenAI uses to personalize the ads shown to you on the Services.	Account settings > advertising controls
Atlas browsing privacy	Delete your Atlas browsing history, or browse in incognito mode (keeps browsing private from others using your device; incognito history isn't saved).	Atlas browser settings
Marketing unsubscribe	Unsubscribe from marketing communications.	Links in the communications themselves

How Long Your Data Is Kept

What deletion actually does, item by item:

Data	Retention	Rule
Chats, Saved Memories, and your account	Until you delete	Retained until you delete them. Once you delete, removed from systems within 30 days — unless legal/safety/security retention applies, or the data was already de-identified and disassociated from your account (when you allow Content to improve models).
Temporary Chats	Auto-deleted	Deleted automatically within 30 days (unless OpenAI has to retain them for safety or legal reasons).
Atlas incognito browsing history	Auto-deleted	Not saved after you end your session.
Content or accounts banned for usage-policy violations	Kept longer	May be retained to protect the Services from fraud, abuse, or other policy violations.
Data under a legal hold (e.g., lawful subpoena)	Kept longer	May be retained for the duration of the relevant legal or regulatory obligation.
Payment and transaction records	Kept longer	May be retained for accounting, dispute resolution, and regulatory compliance.
Audit record of your deletion request	Kept longer	Retained so OpenAI can verify it complied with the request.

A Guide for Users

Questions worth asking once you're connected

How does this work? When you connect an AI assistant to this server, it can read the OpenAI US Privacy Policy as structured data and answer your questions from the actual policy text. You ask in plain English — the AI looks up the answer for you, with a citation on every response.

"Does OpenAI use my ChatGPT conversations to train its models?"

Pulls the model-training topic and the opt-out steps — the 'Improve the model for everyone' setting, plus when Temporary Chat is the better tool.

"What actually happens when I delete a chat? Is it really gone?"

Returns the retention rules: 30-day deletion window, the legal/safety exceptions, and the audit record OpenAI keeps of your deletion request.

"Does OpenAI sell my data?"

Returns the disclosure section: no 'selling', but limited sharing with marketing partners that counts as 'targeted advertising' under state law — and how to opt out, including via Global Privacy Control.

"My 12-year-old wants to use ChatGPT. Is that allowed?"

Pulls the children policy: under 13 not permitted, 13–17 need parental permission, and how parent-teen account linking works.

"How do I get a copy of everything OpenAI has about me?"

Returns the export control plus your statutory access and portability rights, and the request channels (privacy.openai.com, dsar@openai.com).

"What's the difference between Memory and Temporary Chat?"

Pulls both glossary terms and the data controls table — what each feature stores, for how long, and where to turn them on or off.

Scenario

You told ChatGPT something sensitive and want it gone

You want to understand deletion, training, and what you can still control. Ask:

"I shared medical information in a chat. How do I delete it, will it be used for training, and what should I do differently next time?"

The AI will pull the retention rules (30-day deletion), the training opt-out, and Temporary Chat guidance for future sensitive conversations.

Scenario

You're a parent setting up ChatGPT with your teenager

You want the actual rules, not vibes. Ask:

"What are OpenAI's age rules? What can I see and control if I link accounts with my 15-year-old?"

Returns the age rules table, parental permission requirement, account linking (settings management + safety alerts), and the fact that targeted-ad sharing isn't done for known under-18 users.

Scenario

You hit a wall of jargon — "de-identified", "data controller", "GPC"

The policy is full of terms of art. Ask:

"What does 'de-identified' mean in OpenAI's privacy policy? And who is the data controller for US users?"

Pulls plain-language definitions from the 26-term glossary, written for normal humans, grounded in the policy text.

Available Tools

What AI assistants can access through this server

policy.get_privacy_essentials Start Here

The whole policy in one call: what's collected, model training and opt-out, every data control, retention basics, key contacts, and questions to ask next.

policy.get_training_optout

The most-asked question, answered precisely: how Content trains models, the 'Improve the model for everyone' setting, and Temporary Chats.

policy.get_data_controls

All 9 privacy settings — what each does and where it lives.

policy.get_retention_rules

How long each kind of data is kept: the 30-day deletion window, auto-deleted data, and the legal/safety exceptions.

policy.get_your_rights

Statutory rights (access, correction, deletion, portability), state-law disclosures, targeted-ad opt-out, and how to file requests.

policy.get_children_policy

Age rules: under-13 ban, teen parental permission, parent-teen account linking, and how to report underage use.

policy.get_concern_guidance

Answer a specific worry: training, deletion, ads, sharing, children, security, rights, or collection.

policy.get_data_collected

What OpenAI collects, by stream: data you provide, data from usage, data from other sources — plus the state-law category table.

policy.get_glossary_term

Look up any term — Personal Data, Temporary Chat, GPC, DSAR, data controller, and more. Plain language.

policy.search

Full-text search across every section, topic, control, retention rule, and glossary term.

policy.list_sections / list_topics / get_topic

Hierarchical browsing of all 6 sections and 20 topics.

policy.list_glossary

List all 26 glossary terms.

policy.get_version_info

Policy version, effective date, scope note, and disclaimer.

policy.get_usage_guide

Navigation help for AI assistants — explains the structure and recommended workflows.

policy.log_activity

Self-reporting hook: assistants log what they helped with, powering the reporting dashboard at /reporting/.

Data Source & Attribution

All data served by this MCP comes directly from the OpenAI US Privacy Policy, updated 2026-05-18.

The policy is published by OpenAI. This server is an unofficial teaching demo and is not affiliated with or endorsed by OpenAI. Every tool response includes an attribution line linking back to the source document.

For the official document, visit openai.com/policies/us-privacy-policy.

Telemetry: to power the usage dashboard at /reporting/, this server logs tool calls (tool name and arguments) and summaries that AI assistants write about what they helped with. No account identity or IP addresses are recorded in those analytics logs — but assistant-written summaries may echo details a user shared in conversation, so don't share anything here you wouldn't put in a question to a stranger.