// Trust & Security Report

    OpenAI OpCo, LLC (OpenAI) logo

    OpenAI OpCo, LLC (OpenAI)

    OpenAI Codex is OpenAI's agentic coding product line: the ChatGPT-integrated Codex web/app experience, the Codex CLI (local terminal agent), the Codex IDE/VS Code extension, cloud-hosted Codex environments, and the underlying Codex model family accessible via the OpenAI API. It runs on the same OpenAI account, infrastructure, and policy stack as ChatGPT and the API Platform rather than being a separately incorporated product.

    Certifications held

    9

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    OpenAI's most recent SOC 2 Report covers the period of January 1, 2025 to June 30, 2025 ... covering controls relevant to Security, Availability, Confidentiality, and Privacy Trust Services Criteria for the API Platform, ChatGPT Enterprise, ChatGPT Edu, and ChatGPT Team.

    Verify on trust.openai.com
    ISO/IEC 27001:2022
    HELD

    OpenAI has received an ISO/IEC 27001 Certificate, which documents OpenAI's operation of an Information Security Management System that conforms to the requirements of ISO/IEC 27001:2022 for OpenAI's API, ChatGPT Enterprise, and ChatGPT Edu services.

    Verify on trust.openai.com
    ISO/IEC 27017:2015 (cloud security controls)
    HELD

    ISO/IEC 27017:2015 - Coverage: Included with ISO 27001 certification above (API, ChatGPT Enterprise, ChatGPT Edu).

    Verify on trust.openai.com
    ISO/IEC 27018:2019 (PII in public cloud)
    HELD

    ISO/IEC 27018:2019 - Coverage: Included with ISO 27001 certification above (API, ChatGPT Enterprise, ChatGPT Edu).

    Verify on trust.openai.com
    ISO/IEC 27701:2019 (privacy information management)
    HELD

    ISO/IEC 27701:2019 - Coverage: PIMS requirements, control implementation guidance, and additional control set.

    Verify on trust.openai.com
    ISO/IEC 42001:2023 (AI management system)
    HELD

    OpenAI maintains an ISO/IEC 42001:2023 AI Management System covering OpenAI's consumer and business AI products and models in its role as an AI producer and AI provider.

    Verify on trust.openai.com
    PCI DSS v4.0.1
    HELD

    PCI DSS v4.0.1 - Coverage: components of ChatGPT that support delegated payment processing.

    Verify on trust.openai.com
    HIPAA (via BAA, not a certification)
    HELD

    Eligible Services for the BAA include OpenAI's Zero Retention API and ChatGPT Enterprise ... HIPAA compliance with OpenAI requires using API endpoints configured for zero data retention, meaning OpenAI does not store, log, or use your data for model training.

    Verify on help.openai.com
    GDPR (posture via DPA + SCCs, not a certification)
    HELD

    To the extent OpenAI Ireland Limited transfers EEA and Swiss Data to other OpenAI Affiliates or third parties outside the European Economic Area or Switzerland to provide the Services, it will do so on the basis of agreements containing SCCs that ensure appropriate safeguards ... OpenAI will notify Customer without undue delay after becoming aware of any Personal Data Breach.

    Verify on openai.com
    > Show 2 unconfirmed / not-held certifications
    FedRAMP
    NOT CONFIRMED

    Trust Portal lists 'FedRAMP 20x' among frameworks tracked/in-progress, but no vendor page in this review surfaced a completed FedRAMP authorization for the API/ChatGPT products used by Codex; treat as not yet confirmed for general commercial use. No public evidence of a completed authorization applicable to Codex was found.

    source: trust.openai.com
    CSA STAR
    NOT CONFIRMED

    Listed as a tracked framework on the Trust Portal without a specific certificate/scope statement confirming a completed CSA STAR registration or attestation; no public evidence of a completed CSA STAR level 1/2 assessment for Codex specifically was located.

    source: trust.openai.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    US by default; eligible ChatGPT Enterprise, ChatGPT Edu, ChatGPT for Healthcare, and API Platform customers can select data residency in the US, Europe, UK, Japan, Canada, South Korea, Singapore, Australia, India, or the UAE.

    Training posture differs by surface. Consumer ChatGPT/Codex (Free, Plus, Pro individual accounts) may train on content by default unless the user opts out via Data Controls; Codex additionally has a separate 'full environments' training toggle that the general privacy-portal opt-out does not override. Business surfaces (ChatGPT Business, ChatGPT Enterprise, ChatGPT Edu, and the API used by Codex CLI/cloud) are not trained on by default: 'By default, we do not train on any inputs or outputs from our products for business users, including ChatGPT Business, ChatGPT Enterprise, and the API.' API data sent through Codex CLI/SDK is excluded from training by default per OpenAI's API data usage policy ('data sent to the OpenAI API is not used to train or improve OpenAI models unless you explicitly opt in'), with Zero Data Retention available for eligible customers.

    // Security controls

    Encryption in transit

    API and product traffic use TLS; enterprise documentation references standard transport encryption for API/ChatGPT traffic.

    developers.openai.com

    Encryption at rest / key management

    Enterprise Key Management (EKM) lets eligible customers encrypt customer content using their own external KMS (AWS KMS, Google Cloud, Azure Key Vault).

    developers.openai.com

    Zero Data Retention (ZDR)

    Eligible customers can enable Zero Data Retention, which excludes customer content from abuse-monitoring logs and treats the store parameter as always false; requires prior OpenAI approval.

    developers.openai.com

    Local execution sandbox (Codex CLI)

    Codex CLI runs an OS-enforced sandbox with no network access by default and write access limited to the active workspace; an approval policy requires user confirmation before higher-risk actions.

    developers.openai.com

    Cloud environment isolation (Codex cloud)

    Codex cloud tasks run in isolated OpenAI-managed containers; a two-phase runtime separates a network-enabled setup phase from an offline-by-default agent phase, and setup-time secrets are removed before the agent phase starts.

    developers.openai.com

    Malicious-use / cyber-safety monitoring

    Codex models are trained to refuse clearly malicious requests (e.g. credential theft) and automated classifiers route suspicious traffic to more restricted model tiers.

    developers.openai.com

    Abuse-log retention

    By default, abuse-monitoring logs are retained for up to 30 days; some object types (e.g. Assistants API objects) persist longer until deleted, then 30 days post-deletion.

    developers.openai.com

    // Products & data scope

    Codex (consumer, ChatGPT Free/Plus/Pro)AI coding agent, consumer tier

    data: May be used for model training by default unless the user opts out in Data Controls; Codex has an additional separate toggle for training on 'full environments'.

    Not in SOC 2 / ISO 27001 scope (those cover API Platform, ChatGPT Enterprise, ChatGPT Edu, ChatGPT Team, not free/individual consumer ChatGPT).

    Codex (ChatGPT Team / Business / Enterprise / Edu)AI coding agent, business/enterprise tier

    data: Not trained on by default for business users; inherits ChatGPT Enterprise/Team data controls and (for Enterprise/Edu) is within SOC 2 and ISO 27001/27017/27018/27701 scope.

    ChatGPT Business BAA is not offered per public HIPAA guidance; ChatGPT Enterprise/Edu BAAs are available on sales-managed accounts.

    Codex CLI / IDE extension / SDK (API-key based, local agent)Developer tool, API-backed local coding agent

    data: Traffic goes through the OpenAI API; not used for training by default, Zero Data Retention available for eligible customers. Runs locally with OS-level sandboxing.

    No official OpenAI statement located confirming SOC 2/ISO scope explicitly names 'Codex CLI'; it is reasonable to treat it as inheriting API Platform SOC 2/ISO scope since it runs over the API, but this specific inheritance is not spelled out verbatim on the Trust Portal - flagged for advisor review.

    Codex cloud environmentsHosted agent execution environment

    data: Runs in isolated OpenAI-managed containers; agent phase is offline by default after setup.

    Inherits ChatGPT Business/Enterprise compliance posture (SOC 2, enterprise privacy defaults) per OpenAI product documentation, plus optional EU data residency on Enterprise plans.

    // What to watch

    • Multi-surface product: consumer Codex (Free/Plus/Pro) is NOT covered by SOC 2 / ISO 27001 (those certifications scope to API Platform, ChatGPT Enterprise, ChatGPT Edu, ChatGPT Team only) - do not display these certs against the consumer tier without a tier caveat.
    • Codex CLI / IDE extension specifically is not named on the Trust Portal's SOC 2/ISO scope statements; its coverage is inferred from running over the API Platform rather than confirmed verbatim by OpenAI, and an OpenAI community thread shows users are uncertain about this too. Recommend advisor follow-up before asserting SOC 2 coverage for Codex CLI in marketing copy.
    • AI-training posture has a legacy-vs-current nuance specific to Codex: the general ChatGPT privacy-portal training opt-out does NOT override Codex's separate 'full environments' training toggle - a contradiction risk if AIFOXX copy implies one universal opt-out.
    • FedRAMP and CSA STAR appear as tracked/listed frameworks on the Trust Portal but this review could not confirm a completed authorization/certificate for either scoped to Codex-relevant services; graded held=false pending stronger proof.
    • HIPAA and GDPR are contractual/program postures (BAA, DPA + SCCs), not third-party certifications; listed separately from SOC 2/ISO in the output to avoid conflating a signed agreement with an audited certification.

    // At a glance

    Pricing model

    Usage-based API pricing for Codex model calls plus ChatGPT subscription tiers (Plus/Pro/Team/Enterprise/Edu) that bundle Codex access; no self-serve flat price disclosed for a standalone 'Codex' SKU.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on OpenAI OpCo, LLC (OpenAI)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.openai.com

    > Browse all vendor trust reports