01Trust Score

ChatGPT

Week 2026-W20 · 26 Apr 2026 Vendor-Neutral

70 /100 Mostly Positive

↓ 5 vs 2026-W17

★ ★ ★ ★ ★

4.2/5 (3858)

↓ PDF Report

AUDITOR SUMMARY

Strength: ChatGPT offers robust enterprise-grade compliance (SOC 2 Type II, ISO 27001, GDPR DPA) and strong financial backing, providing a stable and secure foundation for core AI chatbot functionalities.

Trust Score 70/100 CONDITIONAL

Est. Annual Cost $46,500/year for 100 users 100 users / yr

Top Risk HIGH Reliability Overall: Medium

Priority Action AI Training Data Policy Not Explicitly Disclosed in ToS ↓ PDF · TCO · Hardening

Enterprise Verdict

! Conditional Approval

Risk: Medium 50 sources

Priority Action

AI Training Data Policy Not Explicitly Disclosed in ToS

Live Signals This Week

Detected by daily monitoring — captured outside the weekly scrape window.

Critical May 15, 2026

The ChatGPT Desktop App For Mac Just Got Hit With A Security Breach - Engadget

4 signal(s) detected: breach, breach, security incident

news.google.com news.google.com news.google.com news.google.com

Critical May 14, 2026

OpenAI ChatGPT Launches Trusted Contacts Feature That Might Save People And Stave Off AI Mental Health Lawsuits - Forbes

1 signal(s) detected: lawsuit

news.google.com

Critical May 13, 2026

Wrongful Death Lawsuits Against OpenAI Test a New Strategy - The New York Times

4 signal(s) detected: lawsuit, lawsuit, lawsuit

news.google.com news.google.com news.google.com news.google.com

Critical May 12, 2026

Lawsuit says ChatGPT told FSU shooter that targeting children would bring more attention - NBC News

5 signal(s) detected: lawsuit, lawsuit, lawsuit

news.google.com news.google.com news.google.com news.google.com news.google.com

Critical May 11, 2026

Lawsuit says ChatGPT told FSU shooter that targeting children would bring more attention - NBC News

2 signal(s) detected: lawsuit, funding

news.google.com news.google.com

This report updates every week. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.

02Top Risks

Risk Assessment

Seven-category enterprise risk analysis derived from community and vendor signals. Each card shows the evidence tier and the underlying finding.

High Reliability Community Data

Public documentation buyers may want to verify availability of specific uptime commitments or reliability history.

Medium Cost Predictability Community Data

Enterprises should negotiate fixed-rate contracts and monitor pricing changes for overage risks.

High Vendor Lock-in Community Data

Data export status unclear. Integration score: 0/100. Webhooks available, reducing lock-in risk.

Source

Low Support Quality Community Data

Average community support/satisfaction rating: 4.1/5.0 based on 150 user reviews.

Medium Data Privacy Community Data

Compliance score: 94/100. GDPR status: dpa_available. Encryption at rest: yes.

Low Compliance Posture Community Data

SOC 2: type_ii. ISO 27001: certified. Overall compliance score: 94/100.

Medium AI Transparency Verified

No training on user data detected. Code ownership terms unclear. Legal/ToS risk score: 65/100.

Source

Verified — Confirmed by vendor documentation Community — Derived from community reports

Due Diligence Alerts

Priority reviews, recommended inquiries, and verified strengths — based on 164+ community data points

Recommended Inquiry High AI Training Data Policy Not Explicitly Disclosed in ToS

Sources: Web Community Evidence

Recommended Inquiry High SLA Terms Not Publicly Disclosed — Request MSA Before Procurement

Sources: Web Community Evidence

Recommended Inquiry Medium Opaque Data Lifecycle: Retention Period Not Publicly Specified

Sources: Web Community Evidence

Recommended Inquiry Medium Unclear IP Ownership for Generated Outputs

Sources: Web Community Evidence

Recommended Inquiry Medium ChatGPT Account Access Issues Reported

Sources: Web Community Evidence ×3

03Security & Compliance

Security & Compliance

SOC 2 ✓ Certified

ISO 27001 ✓ Certified

GDPR ✓ DPA

HIPAA ✓ BAA

Data Security

Encryption (At Rest): AES-256

Encryption (In Transit): TLS 1.3

Security Features

✕ Audit Logs

IT Hardening Guide

Deployment Checklist

Configure SAML SSO for all enterprise users to centralize identity management. Implement domain verification to ensure all organizational accounts are managed centrally. Utilize audit logging features on Enterprise tiers to monitor user activity and maintain compliance. Enforce custom data retention policies on Enterprise plans to align with regulatory requirements. Disable model training on user data for all enterprise accounts via DPA and platform settings. Leverage role-based access controls (RBAC) to manage permissions for different user groups within the workspace.

Last verified: 14 May 2026

Legal & IP Risk

Legal Entity: OpenAI

Jurisdiction: San Francisco, CA

IP Ownership

User Code: Not documented in public ToS

Training Data: Not documented in public ToS

Liability & Indemnification

IP Indemnification: Not documented in public ToS

Liability Cap: Not documented in public ToS

Warranty: Not documented in public ToS

Exit Terms

📤

Data Export Not documented in public ToS

🗑️

Deletion Not documented in public ToS

ToS Red Flags

High

Lack of clear notice for ToS changes creates legal uncertainty and compliance risk for enterprises.

Critical

Free/Plus tiers train on user data by default, posing a severe data privacy and intellectual property risk for corporate data.

High

Ambiguity around IP rights for generated outputs can lead to disputes and loss of competitive advantage for enterprises.

High

Limits enterprise recourse in case of service failures or data breaches, increasing financial exposure.

Medium

Restricts legal avenues for collective action, potentially disadvantaging enterprises in disputes.

Medium

Non-compliance with data privacy regulations (GDPR, CCPA) due to inability to verify data lifecycle management.

Legal Risk Score:

65/100

Data & Migration Lock-in Risk

Risk Level Medium

Data Portability JSON (conversation history export available)

Switching Cost Estimate 4-8 weeks of engineering time (inference)

Lock-in Factors

Proprietary model architectures and fine-tuning.
Deep integration with custom GPTs and plugins.
Workflow dependencies on ChatGPT's conversational interface.
Lack of standardized export formats for custom GPTs or agent configurations.

While conversation history can be exported in JSON, migrating complex workflows, custom GPTs, and agent configurations to alternative platforms would incur significant engineering effort. The proprietary nature of OpenAI's models and ecosystem creates a moderate vendor lock-in risk. A clear exit strategy and data portability plan should be negotiated.

Enterprise Contract Intelligence

DPA availability, data residency, and contract risk signals for procurement teams

📄 Data Processing Agreement Available

View DPA ↗

A Data Processing Addendum (DPA) is publicly available, including Standard Contractual Clauses (SCCs) for international data transfers. It also lists known sub-processors. Procurement teams should review the DPA for specific data retention commitments.

🌐 Data Residency Vendor-Controlled

Default: US (inferred)

Data residency options are not publicly documented, which is a significant procurement blocker for EU and other regulated customers. Without explicit regional hosting choices, data is presumed to be processed in the US, requiring reliance on SCCs for GDPR compliance. Direct vendor inquiry is essential to confirm data storage locations and sovereignty guarantees.

⚠️ Contract Risk Medium Lock-in (60/100)

Unilateral change right: Yes ⚠ Data export on exit: Yes ✓

⚠ 6 contract risk flags — click to review

⚠ Unilateral ToS changes without explicit notice period.

⚠ Vendor right to use submitted content for training without explicit opt-out on all tiers.

⚠ Broad IP license grant to vendor over outputs (implied by training data use).

⚠ Exclusion of liability for indirect, incidental, special, consequential, or exemplary damages.

⚠ Arbitration clause that prevents class action lawsuits.

⚠ Opaque data retention policies with no specific deletion timelines.

The contract risk is moderate, primarily driven by ambiguities in IP ownership, the lack of a public SLA, and opaque data retention policies. While data export is available, the proprietary nature of the models and integrations contributes to vendor lock-in. Unilateral ToS change rights and broad liability exclusions further increase enterprise exposure. Direct negotiation of these terms is critical.

New risk signals detected weekly. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.

04Community Signals

Community Evidence

Sentiment analysis and recurring issues from developer & enterprise community signals this week.

Recurring Issues

feat(chatgpt): support image generation 🟠 Community 4 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 4 comments.

Sources: GitHub

refactor(rust): centralize ChatGPT OAuth placeholder constants 🟠 Community 4 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 4 comments.

Sources: GitHub

Bug - ChatGPT not providing proper format for established files 🟠 Community 2 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 2 comments.

Sources: GitHub

Add ChatGPT app MCP submission hints 🟠 Community 2 mentions medium → Stable

Enterprise Impact: Reported by community on GitHub with 2 comments.

Sources: GitHub

The AI Zombification of Universities 🟠 Community low → Stable

Enterprise Impact: Discussed on Hacker News.

Sources: HN

Claude for Legal 🟠 Community low → Stable

Enterprise Impact: Discussed on Hacker News.

Sources: HN

Source Highlights This Week

Specific signals from GitHub, Hacker News, and Reddit — what the community is actually saying

✨

Intelligence Synthesis

ChatGPT continues to be a dominant AI chatbot, with recent updates including Codex integration into its mobile app, enhancing developer productivity. However, community sentiment highlights persistent issues with model hallucination, outdated knowledge, and frustrating customer support experiences. Enterprise-grade compliance is strong on higher tiers, but critical legal ambiguities regarding IP ownership and data retention remain. The pricing structure has evolved, introducing more tiers and usage limits, which may impact cost predictability for large-scale deployments.

🔗 GitHub Issues & PRs

feat(chatgpt): support image generation

4 comments Bug 4 comments — high community engagement

refactor(rust): centralize ChatGPT OAuth placeholder constants

4 comments Bug 4 comments — high community engagement

Bug - ChatGPT not providing proper format for established files

2 comments Bug 2 comments — high community engagement

🔥 Hacker News

The AI Zombification of Universities

Story Score 0 — active HN discussion

Claude for Legal

Story Score 0 — active HN discussion

RTX 5090 and M4 MacBook Air: Can It Game?

Story Score 0 — active HN discussion

💬 Reddit

I'm tired of these long responses (who's gonna read so much BS)

r/ChatGPT

Still can't access account

r/ChatGPT

Why does ChatGPT pick 73 all the time?

r/ChatGPT

🌐 Web Findings

Pricing How Much Does ChatGPT Cost? All Plan & Pricing Tiers Explained

Detailed breakdown of ChatGPT's evolving pricing tiers, including Free, Go, Plus, Pro, Business, and Enterprise, noting the introduction of GPT-5.5 and ads on cheaper plans as of May 2026.

Pricing ChatGPT Enterprise vs Claude Enterprise: Feature Matrix

A comprehensive comparison of ChatGPT Enterprise and Claude Enterprise, highlighting ChatGPT's GPT-5 series models, multi-modal capabilities, and ecosystem of tools, alongside its SOC 2 compliance and data privacy features.

Pricing GPT-5.1 Pricing Guide 2026: API, Plus & Enterprise Costs - Chatly

Explains GPT-5.1 pricing, noting its improved reasoning and adaptive intelligence, with token-based API costs and prompt caching discounts. Highlights GPT-5.1 Instant and Thinking modes.

Pricing ChatGPT Usage Limits: What They Are and How to Get Rid of Them

Details ChatGPT's usage limits across various subscription tiers (Free, Go, Plus, Business, Pro) as of April 2026, explaining why limits exist and how they affect conversation length and model access.

05Financial Impact

Financial Impact Panel

Cost intelligence and pricing signals for enterprise procurement decisions

Pricing data from public sources — enterprise rates differ. Verify with vendor.

TCO Calculator

Pricing Not Available

Enterprise pricing information could not be obtained for this vendor. This may be due to custom/private pricing models or limited publicly available data.

Don't evaluate blind next quarter. Weekly AI vendor intelligence — trust scores, contract red flags, competitive shifts.

Learn more about our Audit Methodology →

Independent analysis — signals aggregated from GitHub, Reddit, HN, Stack Overflow, Twitter/X, G2 & Capterra. Not affiliated with any vendor. Corrections?

ChatGPT

Enterprise Verdict

Live Signals This Week

Risk Assessment

Due Diligence Alerts

Security & Compliance

Data Security

Security Features

IT Hardening Guide

Deployment Checklist

Legal & IP Risk

IP Ownership

Liability & Indemnification

Exit Terms

ToS Red Flags

Data & Migration Lock-in Risk

Enterprise Contract Intelligence

Community Evidence

Source Highlights This Week

Intelligence Synthesis

Financial Impact Panel

TCO Calculator

Pricing Not Available

Download PDF Report