ChatGPT: what the sources say
OpenAI · United States
Profile last reviewed 31 May 2026. This record reflects the guide as published; check tautoru.ai/ai/tools/chatgpt for the current version.
What this record is. A dated summary of what OpenAI’s own terms and the applicable New Zealand rules say about putting different kinds of information into ChatGPT, on each of its plans. Each entry links to the primary source it is drawn from.
What it is not. It is not legal advice, and it is not a certificate that any particular use is safe or approved. It records what the sources say; whether a given use is appropriate for your matter is your own judgment, on your own facts, and — where the stakes warrant it — a question for you and your own advisers. The colours summarise sources; they are not Tautoru’s permission.
The position, by kind of information
1. Public information
Material already published to the world and under no restriction: reported case law, statutes and regulations, regulator and government guidance, public company filings, and published writing. One caveat decides the edge cases — information being publicly available does not take it outside the Privacy Act. A public register full of named individuals is still personal information; treat bulk or re-identifiable personal data as category 5, not as category 1.
Public information carries no confidentiality or privacy constraint, so the data handling raises no legal risk for this material; the only live question is accuracy. Permitted on consumer ChatGPT.
Sources: Data Controls FAQ (the training opt-out) (as at 31 May 2026)
No confidentiality or privacy constraint; ChatGPT Business does not train on your content. The live question is accuracy.
Sources: Services Agreement (business terms) (as at 31 May 2026)
No confidentiality or privacy constraint; Enterprise does not train on your content. The live question is accuracy.
Sources: Enterprise privacy at OpenAI (as at 31 May 2026)
No constraint; the API does not train on inputs. The live question is accuracy.
Sources: Data controls in the OpenAI platform (API) (as at 31 May 2026)
2. Internal non-confidential
Material that is neither public nor commercially confidential, and not about any identifiable person: blank templates and precedents, general know-how, and truly hypothetical scenarios.
Low-sensitivity internal material with no confidentiality or privacy constraint; permitted on consumer ChatGPT.
Sources: Data Controls FAQ (the training opt-out) (as at 31 May 2026)
Low-sensitivity internal material; ChatGPT Business does not train on your content.
Sources: Services Agreement (business terms) (as at 31 May 2026)
Low-sensitivity internal material; Enterprise does not train on your content.
Sources: Enterprise privacy at OpenAI (as at 31 May 2026)
Low-sensitivity internal material; the API does not train on inputs.
Sources: Data controls in the OpenAI platform (API) (as at 31 May 2026)
3. Internal confidential (non-privileged)
Confidential information that is not legally privileged — whether it is your customer’s, client’s or a third party’s. It covers client identity and retainer terms, deal and business information, and anything imparted in confidence (by contract, by undertaking, or by the circumstances). If the material is also privileged, use category 4; if you are unsure whether it is confidential, treat it as if it is.
The issue with consumer ChatGPT is training: Free, Plus and Pro train on your conversations by default. Turn training off in Data Controls (and use Temporary Chat) and it becomes usable for internal-confidential material — the live constraint is then your duty of confidence (Conduct rules, ch 8): client authority or adequate safeguards. Be very clear: if training is left on, OpenAI may train on your data and you must not put internal-confidential material in. For sustained confidential work, ChatGPT Business, Enterprise or the API is the cleaner footing.
Sources: How your data is used to improve model performance (as at 31 May 2026); Data Controls FAQ (the training opt-out) (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
ChatGPT Business does not train on your content by default, so the live constraint is your duty of confidence — client authority or adequate safeguards — not the tool.
Sources: Services Agreement (business terms) (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
Enterprise does not train on your content, adds admin retention controls and limits human review to safety and legal purposes; the duty of confidence governs — obtain authority or rely on adequate safeguards.
Sources: Enterprise privacy at OpenAI (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
The API does not train on inputs and can be run with Zero Data Retention on approval; the duty of confidence still requires authority or safeguards.
Sources: Data controls in the OpenAI platform (API) (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
4. Legally privileged
Material attracting legal advice privilege or litigation privilege — a subset of confidential information, and the most protected. Privilege belongs to the client, not the lawyer. Whether putting it into a third-party tool affects privilege turns on confidentiality and waiver, addressed in each tool profile and in our guidance; it is not a foregone conclusion. Whether a given document is privileged at all is a question for a qualified lawyer — the safe course is precautionary: if it could be privileged, proceed as if it is.
Again the issue is training. With training turned off in Data Controls, confidential use of consumer ChatGPT does not waive privilege (Evidence Act s 65; B v ADLS), so it is usable for privileged material with care. Be very clear: if training is left on, OpenAI may train on the material and you absolutely must not put privileged material in. For privileged work, a business, Enterprise or API plan is cleaner. (Confidential use of a no-training tool does not itself waive privilege — see our guidance on privilege.)
Sources: How your data is used to improve model performance (as at 31 May 2026); Data Controls FAQ (the training opt-out) (as at 31 May 2026); Evidence Act 2006, s 65 (Waiver) (as at 31 May 2026); B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 (as at 31 May 2026)
ChatGPT Business does not train on your content, so confidential use does not waive privilege (Evidence Act s 65; B v ADLS). Amber, not green, because privileged work warrants a deliberate protocol and client authority.
Sources: Services Agreement (business terms) (as at 31 May 2026); Evidence Act 2006, s 65 (Waiver) (as at 31 May 2026); B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
No training, retention controls and limited human review keep the material confidential in fact, so privilege is not waived (s 65; B v ADLS). A deliberate protocol is still warranted.
Sources: Enterprise privacy at OpenAI (as at 31 May 2026); Evidence Act 2006, s 65 (Waiver) (as at 31 May 2026); B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 (as at 31 May 2026)
The API does not train on inputs and can run with Zero Data Retention; confidential use does not waive privilege. The product-level safeguards are yours to configure.
Sources: Data controls in the OpenAI platform (API) (as at 31 May 2026); Evidence Act 2006, s 65 (Waiver) (as at 31 May 2026); B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 (as at 31 May 2026)
5. Personal information (Privacy Act 2020)
Personal information means any data about an identifiable living individual. Explicit names are not required. Contextual details alone can identify a client, witness, or opposing party. Inputting this data into AI tools can trigger strict compliance rules. Under Section 11 of the Privacy Act 2020, sending personal data to an overseas cloud service provider solely for processing or safe custody on your behalf is not usually treated as a “disclosure”. You remain responsible for it. The moment an AI provider’s terms allow them to use your inputs for their own purposes (such as training their models), it becomes an official disclosure to an overseas agency, and can trigger information privacy principle 12.
The issue is training. With training turned off, putting personal information into consumer ChatGPT is workable: it can be a cross-border disclosure (IPP 12) to a US provider, so rely on the no-training setting and the comparable-safeguards analysis. Be very clear: if training is left on, OpenAI may train on the data and you must not put personal information in. For volume or sensitive personal data, a commercial plan is better.
Sources: Data Controls FAQ (the training opt-out) (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
Cross-border risk under IPP 12 — no training, and OpenAI's DPA (Data Processing Agreement/Addendum) supports the comparable-safeguards test. No training on inputs means the offshore provider is not using the data for its own purposes. Record the basis; inference defaults to the United States.
Sources: Services Agreement (business terms) (as at 31 May 2026); Data Processing Addendum (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
Cross-border risk under IPP 12; the DPA, retention controls and a data-residency option (including Australia at rest) support comparable safeguards. Note inference still defaults to the US.
Sources: Enterprise privacy at OpenAI (as at 31 May 2026); Data Processing Addendum (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
Cross-border risk under IPP 12; no training, the DPA and Zero Data Retention support compliance. No training on inputs means the offshore provider is not using the data for its own purposes. Record the basis.
Sources: Data controls in the OpenAI platform (API) (as at 31 May 2026); Data Processing Addendum (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
6. Sensitive personal information
Personal information whose misuse carries a heightened risk of harm. New Zealand’s Privacy Act does not define a separate “sensitive” class as the GDPR does in Europe, but in practice this material warrants extra care, senior approval and a privacy impact assessment: health and mental-health information, biometric data (a Biometric Processing Privacy Code applies from 3 August 2026), financial details, criminal history, and information about ethnicity, religious belief, sexual orientation or immigration status. Health information in particular requires a significantly higher standard of protection than ordinary personal information.
The issue is training. With training off, sensitive personal information can be used with care (there is a risk the IPP 12 cross-border rules apply). Be very clear: if training is left on, OpenAI may train on the data and you absolutely must not put sensitive personal information in. Given the sensitivity, a commercial plan with stronger controls is preferable.
Sources: Data Controls FAQ (the training opt-out) (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
No training; the DPA supports sensitive data, but prefer Enterprise for the strongest controls. IPP 12 risk mitigated by no training on inputs.
Sources: Services Agreement (business terms) (as at 31 May 2026); Data Processing Addendum (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
No training; retention controls, security certifications and a residency option support sensitive data under a deliberate protocol. IPP 12 risk mitigated by no training on inputs.
Sources: Enterprise privacy at OpenAI (as at 31 May 2026); Data Processing Addendum (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
No training; Zero Data Retention and configurable controls suit sensitive data in an engineered workflow with your own safeguards. IPP 12 risk mitigated by no training on inputs.
Sources: Data controls in the OpenAI platform (API) (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
7. Children’s information
Information about a child or young person. It is also personal information (category 5), and often sensitive (category 6), and it carries additional care because of children’s vulnerability and the weight given to their best interests. Treat it as needing the strongest justification, even where a rule does not strictly compel it.
The issue is training. With training off, children's information can be handled with care (IPP 12 risk, and children's information carries heightened sensitivity). Be very clear: if training is left on, OpenAI may train on the data and you absolutely must not put children's information in. A commercial plan is preferable for material this sensitive.
Sources: Data Controls FAQ (the training opt-out) (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
No training; handle under a deliberate protocol with the DPA in place. IPP 12 risk mitigated by no training on inputs.
Sources: Services Agreement (business terms) (as at 31 May 2026); Data Processing Addendum (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026); Generative AI guidance for lawyers (as at 31 May 2026)
No training; retention and security controls support children's information under a protocol. IPP 12 risk mitigated by no training on inputs.
Sources: Enterprise privacy at OpenAI (as at 31 May 2026); Data Processing Addendum (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
No training; configurable with Zero Data Retention; IPP 12 risk mitigated by no training on inputs; controls are yours to build.
Sources: Data controls in the OpenAI platform (API) (as at 31 May 2026); Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) (as at 31 May 2026)
8. Court-protected material
Material under an independent legal restriction that binds regardless of the tool or plan: name suppression and non-publication orders, confidentiality and sealing orders, statutory automatic suppression (for example in some Family, care-of-children and youth proceedings), and undertakings you have given to the other side. The restriction is the bar, not the technology — if any order or undertaking might apply, proceed with extreme caution.
Suppression orders, confidentiality orders, sealed material and undertakings are independent legal restrictions that can apply regardless of tool or plan; the NZ Law Society's AI guidance is explicit that suppressed material must not be entered into AI tools.
Sources: Generative AI guidance for lawyers (as at 31 May 2026)
An independent legal restriction (suppression, confidentiality order, sealing, undertaking) applies regardless of tool or plan.
Sources: Generative AI guidance for lawyers (as at 31 May 2026)
An independent legal restriction (suppression, confidentiality order, sealing, undertaking) applies regardless of tool or plan.
Sources: Generative AI guidance for lawyers (as at 31 May 2026)
An independent legal restriction (suppression, confidentiality order, sealing, undertaking) applies regardless of tool or plan.
Sources: Generative AI guidance for lawyers (as at 31 May 2026)
What the colours mean
- GreenBased on current provider terms and standard New Zealand frameworks, using this information on this plan is unlikely to breach primary regulatory or privacy restrictions. However, users must still consider any case-specific confidentiality obligations. Sources linked.
- AmberUse is acceptable only if specific safeguards are active. This workflow demands explicit settings adjustments, precise redactions, or specific contractual coverage to remain within legal limits. Sources are linked below.
- RedUsing this information on this plan will breach primary New Zealand regulatory or privacy limits. Proceeding requires a fundamental structural change — such as upgrading to a secure enterprise tier, switching vendors, or utilising a local, self-hosted deployment. Sources linked.
- BlackAn independent restriction — court order, suppression order, statutory prohibition, undertaking — applies regardless of tool or plan.
- Not yet assessedWe have not yet established a sourced position for this cell. It carries no colour rather than a guess (Policy §5.3).
Sources cited in this record
- Data Controls FAQ (the training opt-out) — OpenAI. Perma.cc record (as at 31 May 2026).
- Services Agreement (business terms) — OpenAI. Perma.cc record (as at 31 May 2026).
- Enterprise privacy at OpenAI — OpenAI. Perma.cc record (as at 31 May 2026).
- Data controls in the OpenAI platform (API) — OpenAI. Perma.cc record (as at 31 May 2026).
- How your data is used to improve model performance — OpenAI. Perma.cc record (as at 31 May 2026).
- Generative AI guidance for lawyers — New Zealand Law Society. source (as at 31 May 2026).
- Evidence Act 2006, s 65 (Waiver) — New Zealand Legislation. source (as at 31 May 2026).
- B v Auckland District Law Society [2003] UKPC 38, [2003] 2 AC 736 — Privy Council (on appeal from New Zealand). source (as at 31 May 2026).
- Privacy Act 2020 — IPP 12 (Disclosure of personal information outside New Zealand) — Office of the Privacy Commissioner. source (as at 31 May 2026).
- Data Processing Addendum — OpenAI. Perma.cc record (as at 31 May 2026).