// Trust & Security Report
OpenAI OpCo, LLC (OpenAI)
OpenAI Codex is OpenAI's agentic coding product line: the ChatGPT-integrated Codex web/app experience, the Codex CLI (local terminal agent), the Codex IDE/VS Code extension, cloud-hosted Codex environments, and the underlying Codex model family accessible via the OpenAI API. It runs on the same OpenAI account, infrastructure, and policy stack as ChatGPT and the API Platform rather than being a separately incorporated product.
Certifications held
9
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on trust.openai.com“OpenAI's most recent SOC 2 Report covers the period of January 1, 2025 to June 30, 2025 ... covering controls relevant to Security, Availability, Confidentiality, and Privacy Trust Services Criteria for the API Platform, ChatGPT Enterprise, ChatGPT Edu, and ChatGPT Team.”
Verify on trust.openai.com“OpenAI has received an ISO/IEC 27001 Certificate, which documents OpenAI's operation of an Information Security Management System that conforms to the requirements of ISO/IEC 27001:2022 for OpenAI's API, ChatGPT Enterprise, and ChatGPT Edu services.”
Verify on trust.openai.com“ISO/IEC 27017:2015 - Coverage: Included with ISO 27001 certification above (API, ChatGPT Enterprise, ChatGPT Edu).”
Verify on trust.openai.com“ISO/IEC 27018:2019 - Coverage: Included with ISO 27001 certification above (API, ChatGPT Enterprise, ChatGPT Edu).”
Verify on trust.openai.com“ISO/IEC 27701:2019 - Coverage: PIMS requirements, control implementation guidance, and additional control set.”
Verify on trust.openai.com“OpenAI maintains an ISO/IEC 42001:2023 AI Management System covering OpenAI's consumer and business AI products and models in its role as an AI producer and AI provider.”
Verify on trust.openai.com“PCI DSS v4.0.1 - Coverage: components of ChatGPT that support delegated payment processing.”
Verify on help.openai.com“Eligible Services for the BAA include OpenAI's Zero Retention API and ChatGPT Enterprise ... HIPAA compliance with OpenAI requires using API endpoints configured for zero data retention, meaning OpenAI does not store, log, or use your data for model training.”
Verify on openai.com“To the extent OpenAI Ireland Limited transfers EEA and Swiss Data to other OpenAI Affiliates or third parties outside the European Economic Area or Switzerland to provide the Services, it will do so on the basis of agreements containing SCCs that ensure appropriate safeguards ... OpenAI will notify Customer without undue delay after becoming aware of any Personal Data Breach.”
> Show 2 unconfirmed / not-held certifications
source: trust.openai.comTrust Portal lists 'FedRAMP 20x' among frameworks tracked/in-progress, but no vendor page in this review surfaced a completed FedRAMP authorization for the API/ChatGPT products used by Codex; treat as not yet confirmed for general commercial use. No public evidence of a completed authorization applicable to Codex was found.
source: trust.openai.comListed as a tracked framework on the Trust Portal without a specific certificate/scope statement confirming a completed CSA STAR registration or attestation; no public evidence of a completed CSA STAR level 1/2 assessment for Codex specifically was located.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
US by default; eligible ChatGPT Enterprise, ChatGPT Edu, ChatGPT for Healthcare, and API Platform customers can select data residency in the US, Europe, UK, Japan, Canada, South Korea, Singapore, Australia, India, or the UAE.
Training posture differs by surface. Consumer ChatGPT/Codex (Free, Plus, Pro individual accounts) may train on content by default unless the user opts out via Data Controls; Codex additionally has a separate 'full environments' training toggle that the general privacy-portal opt-out does not override. Business surfaces (ChatGPT Business, ChatGPT Enterprise, ChatGPT Edu, and the API used by Codex CLI/cloud) are not trained on by default: 'By default, we do not train on any inputs or outputs from our products for business users, including ChatGPT Business, ChatGPT Enterprise, and the API.' API data sent through Codex CLI/SDK is excluded from training by default per OpenAI's API data usage policy ('data sent to the OpenAI API is not used to train or improve OpenAI models unless you explicitly opt in'), with Zero Data Retention available for eligible customers.
// Security controls
Encryption in transit
API and product traffic use TLS; enterprise documentation references standard transport encryption for API/ChatGPT traffic.
developers.openai.comEncryption at rest / key management
Enterprise Key Management (EKM) lets eligible customers encrypt customer content using their own external KMS (AWS KMS, Google Cloud, Azure Key Vault).
developers.openai.comZero Data Retention (ZDR)
Eligible customers can enable Zero Data Retention, which excludes customer content from abuse-monitoring logs and treats the store parameter as always false; requires prior OpenAI approval.
developers.openai.comLocal execution sandbox (Codex CLI)
Codex CLI runs an OS-enforced sandbox with no network access by default and write access limited to the active workspace; an approval policy requires user confirmation before higher-risk actions.
developers.openai.comCloud environment isolation (Codex cloud)
Codex cloud tasks run in isolated OpenAI-managed containers; a two-phase runtime separates a network-enabled setup phase from an offline-by-default agent phase, and setup-time secrets are removed before the agent phase starts.
developers.openai.comMalicious-use / cyber-safety monitoring
Codex models are trained to refuse clearly malicious requests (e.g. credential theft) and automated classifiers route suspicious traffic to more restricted model tiers.
developers.openai.comAbuse-log retention
By default, abuse-monitoring logs are retained for up to 30 days; some object types (e.g. Assistants API objects) persist longer until deleted, then 30 days post-deletion.
developers.openai.com// Products & data scope
data: May be used for model training by default unless the user opts out in Data Controls; Codex has an additional separate toggle for training on 'full environments'.
Not in SOC 2 / ISO 27001 scope (those cover API Platform, ChatGPT Enterprise, ChatGPT Edu, ChatGPT Team, not free/individual consumer ChatGPT).
data: Not trained on by default for business users; inherits ChatGPT Enterprise/Team data controls and (for Enterprise/Edu) is within SOC 2 and ISO 27001/27017/27018/27701 scope.
ChatGPT Business BAA is not offered per public HIPAA guidance; ChatGPT Enterprise/Edu BAAs are available on sales-managed accounts.
data: Traffic goes through the OpenAI API; not used for training by default, Zero Data Retention available for eligible customers. Runs locally with OS-level sandboxing.
No official OpenAI statement located confirming SOC 2/ISO scope explicitly names 'Codex CLI'; it is reasonable to treat it as inheriting API Platform SOC 2/ISO scope since it runs over the API, but this specific inheritance is not spelled out verbatim on the Trust Portal - flagged for advisor review.
data: Runs in isolated OpenAI-managed containers; agent phase is offline by default after setup.
Inherits ChatGPT Business/Enterprise compliance posture (SOC 2, enterprise privacy defaults) per OpenAI product documentation, plus optional EU data residency on Enterprise plans.
// What to watch
- Multi-surface product: consumer Codex (Free/Plus/Pro) is NOT covered by SOC 2 / ISO 27001 (those certifications scope to API Platform, ChatGPT Enterprise, ChatGPT Edu, ChatGPT Team only) - do not display these certs against the consumer tier without a tier caveat.
- Codex CLI / IDE extension specifically is not named on the Trust Portal's SOC 2/ISO scope statements; its coverage is inferred from running over the API Platform rather than confirmed verbatim by OpenAI, and an OpenAI community thread shows users are uncertain about this too. Recommend advisor follow-up before asserting SOC 2 coverage for Codex CLI in marketing copy.
- AI-training posture has a legacy-vs-current nuance specific to Codex: the general ChatGPT privacy-portal training opt-out does NOT override Codex's separate 'full environments' training toggle - a contradiction risk if AIFOXX copy implies one universal opt-out.
- FedRAMP and CSA STAR appear as tracked/listed frameworks on the Trust Portal but this review could not confirm a completed authorization/certificate for either scoped to Codex-relevant services; graded held=false pending stronger proof.
- HIPAA and GDPR are contractual/program postures (BAA, DPA + SCCs), not third-party certifications; listed separately from SOC 2/ISO in the output to avoid conflating a signed agreement with an audited certification.
// At a glance
Pricing model
Usage-based API pricing for Codex model calls plus ChatGPT subscription tiers (Plus/Pro/Team/Enterprise/Edu) that bundle Codex access; no self-serve flat price disclosed for a standalone 'Codex' SKU.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on OpenAI OpCo, LLC (OpenAI)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.openai.com