IA invisible · Profil de risque
ChatGPT.
par OpenAI · generative ai · Vérifié April 19, 2026
Site du fournisseurBase risk
4.0/ 5
LowMediumHighCritical
ChatGPT on free and Plus tiers retains conversation data and may use it to improve OpenAI models unless users explicitly opt out, making it a leading source of accidental disclosure of customer PII, source code, and unreleased commercial information. ChatGPT Enterprise and Team eliminate training on inputs and add SOC 2 controls, SSO, and admin governance — but only if your company has actually procured the right tier and migrated employees away from personal accounts. The most common shadow AI failure pattern in 2025 is teams believing they have ChatGPT Enterprise when half the organisation is still using personal Plus accounts on corporate machines.
Tier comparison
Same logo. Very different risks.
Free
high- Trains on inputs
- Yes
- Retention
- 30 days
- SSO
- No
- Admin controls
- No
Paid · consumer
high- Trains on inputs
- Yes
- Retention
- 30 days
- SSO
- No
- Admin controls
- No
Enterprise · team
medium- Trains on inputs
- No
- Retention
- 0 days
- SSO
- Yes
- Admin controls
- Yes
Safer alternatives
Drop-in replacements our research team recommends.
Claude
generative ai
Anthropic’s assistant family with strong reasoning, long context, and Computer Use.
Microsoft 365 Copilot
native suite
Microsoft’s tenant-bounded Copilot across Word, Excel, PowerPoint, Outlook, Teams.
Google Gemini for Workspace
native suite
Gemini integrated into Gmail, Docs, Sheets, Meet, Drive — tenant-bounded.
Questions fréquentes
Questions sur ChatGPT.
Does ChatGPT use my data to train its models?
On the free and Plus consumer tiers, yes — unless you switch off "Improve the model for everyone" in settings or use Temporary Chats. ChatGPT Enterprise, Team, and API traffic are not used for training by default.
Is ChatGPT compliant with HIPAA or other regulated data regimes?
Only ChatGPT Enterprise and the OpenAI API (with a signed BAA) are positioned for regulated data. Consumer ChatGPT is not HIPAA-compliant, and PHI should not be entered.
How can we tell whether employees are on ChatGPT Enterprise versus their own accounts?
Run an SSO and OAuth audit (the workspace scan in this audit does that for Google Workspace), check expense reports for personal Plus charges, and use a CASB/SSE to identify chat.openai.com traffic that is not authenticated through your enterprise SSO.
What controls should we put around ChatGPT?
Mandate enterprise-tier accounts via SSO, block personal-account logins on corporate networks, publish an Acceptable Use Policy, and require DLP on the OpenAI domain.
Auditez votre IA invisible
ChatGPT tourne-t-il chez vous
aux côtés d'outils ignorés de l'IT ?
Lancez un audit gratuit de 12 minutes pour révéler tous les outils IA invisibles sur votre réseau, évaluer le risque et repartir avec une liste de blocage.
Buzzi.ai publie ces profils à titre informatif. Validez toujours les conditions avec le fournisseur avant toute décision opérationnelle.