Does OpenAI Train on Your Westlaw or LexisNexis Data?

Short answer: no. The LexisNexis and OpenAI partnership (LexisNexis licenses OpenAI models to power Lexis+ with Protege) does not feed your research into OpenAI's training set, and LexisNexis publicly states that customer data is not used to train foundation models. Westlaw's parent, Thomson Reuters, which also runs its generative products on OpenAI models among others, says the same.

Someone types a sensitive query into Lexis+ with Protege or Westlaw AI, both of which run on OpenAI models among others, and a reasonable question follows: is my research now sitting in OpenAI's next training run? The honest answer is narrower and more useful than the panic version.

There is no public evidence that either vendor pipes your search history or uploaded documents into OpenAI's training set, and both publicly state customer data is not used to train foundation models.

But "not used to train" is not the same as "not retained" or "never touched by OpenAI at all," and that gap is the part nobody explains.

Where your data goes with a privilege-architected legal AI tool

The path a privileged document takes, and the guarantees worth checking in the contract.

The partnership, and the direct answer

The LexisNexis and OpenAI partnership means Lexis+ with Protege routes queries across multiple models, including OpenAI models, on AWS infrastructure. The direct answer to whether it trains AI on your data: no, LexisNexis publicly states that customer data is not used to train foundation models, and OpenAI's standard API does not train on API inputs by default.

  • The partnership: LexisNexis licenses OpenAI models (among others) to power Lexis+ with Protege. Westlaw's parent, Thomson Reuters, runs its generative products (Westlaw AI, CoCounsel) on OpenAI models the same way.
  • Does it train on your data: No. Both vendors publicly state customer data is not used to train foundation models, and OpenAI's standard API does not train on API inputs by default.
  • The real exposure: short-term retention for abuse monitoring (OpenAI's standard API keeps inputs up to 30 days, with enterprise zero-data-retention available), not training. Verify the specifics in the vendor's data processing agreement.
  • The lawsuit people confuse this with: Thomson Reuters v. Ross Intelligence runs the opposite way (a startup copied Westlaw content to train its own tool). It is covered further below and does not bear on whether your searches train these models.

TL;DR

  • No public documentation from Westlaw (Thomson Reuters) or LexisNexis says your research becomes OpenAI training data, and both vendors publicly state the opposite. "Westlaw AI training data" is mostly a framing problem, not a smoking gun.
  • Thomson Reuters v. Ross Intelligence (D. Del., Feb 11, 2025) ran the other way: Judge Bibas held that Ross copying Westlaw headnotes to train a competing research tool was not fair use. It tells you Westlaw's content is protected, not that Westlaw trains on your work.
  • "Training" is one of four distinct things that can happen to your query: pretraining, fine-tuning, abuse-monitoring retention, and RAG retrieval. They have very different privacy stakes. Conflating them is where the fear comes from.
  • OpenAI's standard API keeps inputs for 30 days for abuse monitoring with enterprise opt-out, and does not train on API data by default. The vendor sitting between you and OpenAI is the contract you actually have to read.
  • Your real obligation is not "avoid OpenAI." It is ABA Formal Opinion 512 (July 2024): competence, confidentiality, and the duty to know where client confidences go.
  • Any vendor worth signing with should answer the no-training claim with a contract clause, a sub-processor list, and a retention window. Compliance Check audits a vendor's data clauses against frameworks like CCPA, GDPR, and HIPAA.
Quick check

How long does OpenAI's standard API retain inputs for abuse monitoring?

Part of our legal AI verification and hallucination guide series.

For related verification / hallucination / vendor-trust coverage, see "We Do Not Train on Your Data": How to Verify the Claim and Legal Research With No Data Indexing or Human Review: A Confidentiality Checklist.

The question behind the question

The literal search is "does Westlaw or Lexis train OpenAI on my research." The useful version is three separate questions stacked on top of each other:

  1. Does my query content get fed into a model's training set, becoming part of the weights that other users' answers draw from?
  2. Does my query content get stored anywhere, even temporarily, in a form a human or process could later read?
  3. Who, besides the vendor I paid, sees the content along the way?

These have different answers, different risk profiles, and different places where you verify them. Treat them as one lump and you will either panic about nothing or relax about the wrong thing.

Our full data-flow map of six legal AI vendors handles question three (sub-processors and cloud routing) in detail. This post is about question one, which the data-flow post assumes you already understand.

What "training" actually means (four things, not one)

When people say "they train OpenAI on my data," they usually mean one specific scary thing while imagining all four at once.

1. Pretraining. Building the base model by ingesting enormous text corpora. This happens once, at huge cost, long before you ever log in. Your Tuesday afternoon research query is not in a pretraining run.

The legal fight over pretraining is about scraped public and copyrighted text, not about live customer queries, and it turns on fair use under 17 U.S.C. 107. That is a real and unsettled question (see the Thomson Reuters v. Ross section below), but it has nothing to do with whether your specific search becomes training data. If you want the model side of that question, see which legal AI tools are trained on federal and state case law.

2. Fine-tuning. Adjusting an existing model on a narrower dataset. This is the one that could, in theory, absorb your content, because it operates on smaller, more specific data.

It is also the one every serious vendor explicitly disclaims for customer data. When Westlaw or Lexis says "we do not use customer data to train," fine-tuning is the practice that promise is mostly about.

3. Retention for abuse monitoring. Not training at all. The model provider holds your input for a window so it can investigate misuse. OpenAI's standard API retains inputs for up to 30 days for this purpose and does not train on API inputs by default, with enterprise tiers able to negotiate zero data retention.

Retention is a real exposure (the data exists somewhere for a window) but it is categorically different from "your research is now in the model."

4. RAG retrieval. The model reads documents at answer time and discards them after. Nothing is learned, nothing persists in weights. This is how modern grounded legal AI works, and it is the opposite of training. We walk through the mechanics in how AI legal research actually works with RAG.

Hold those four apart and the original question almost dissolves. The thing people fear (number 2, your research absorbed into the model) is the specific thing vendors disclaim. The thing that is actually happening (number 3, short-term retention, and number 4, retrieval) is real but far less dramatic.

Loading diagram...

The Thomson Reuters v. Ross case (the lawsuit people half-remember)

When someone searches "Westlaw AI training data," the case they are thinking of is Thomson Reuters Enterprise Centre GmbH v. Ross Intelligence Inc. It is the most-cited AI training-data ruling in the United States, and it points the opposite way from the fear most lawyers have.

Ross Intelligence wanted to build an AI legal research tool. Thomson Reuters refused to license its Westlaw headnotes, so Ross paid a third party for "Bulk Memos" built from those headnotes and used them to train its system. Thomson Reuters sued for copyright infringement.

On February 11, 2025, Judge Stephanos Bibas (a Third Circuit judge sitting by designation in the District of Delaware) granted Thomson Reuters partial summary judgment: Ross directly infringed on 2,243 headnotes, and its fair use defense failed (Davis Wright Tremaine, Feb 2025).

How the four fair use factors split (Perkins Coie, Feb 2025):

Fair use factorWho it favored
1. Purpose and character (transformative?)Thomson Reuters
2. Nature of the copyrighted workRoss
3. Amount and substantiality usedRoss
4. Effect on the marketThomson Reuters

Factors 1 and 4 are the heavy ones, and both went to Thomson Reuters. On factor 1, the court held "Ross's use is not transformative because it does not have a 'further purpose or different character'" from the original, since Ross aimed to build a market substitute for Westlaw. On factor 4, the market that mattered included potential licensing of Westlaw's data for AI training.

Two caveats keep this honest. First, Judge Bibas was explicit that Ross used non-generative AI, and he said he was "careful not to send too strong of a signal" about the many pending generative AI cases (Perkins Coie). The big OpenAI and Anthropic training suits are not controlled by this ruling. Second, the case is on appeal: the district court certified the copyright questions under 28 U.S.C. 1292(b), and the Third Circuit granted the interlocutory appeal on June 17, 2025 (National Law Review, 2025). A reversal is possible.

What Westlaw and Lexis actually say

Both major incumbents run their generative products on OpenAI models, among others, and both publish no-training commitments.

We frame these as what their published terms state, because that is what they are. We have not audited either vendor's internal pipelines and we do not invent claims about competitors.

Thomson Reuters (Westlaw, CoCounsel). The published product terms state that customer queries and uploaded documents are not used to train the underlying foundation models or Westlaw's editorial content. Thomson Reuters has decades of regulated-industry compliance behind it (SOC 2, ISO 27001, GDPR DPAs).

LexisNexis (Lexis+ with Protege). The published terms state that customer data is not used to train foundation models. Protege routes across multiple models on AWS infrastructure, and LexisNexis sits inside RELX, an enterprise conglomerate with a corresponding compliance posture.

What neither vendor publishes in full detail:

  • The exact zero-data-retention terms with OpenAI for queries flowing through their products. Both have the scale to negotiate ZDR. Whether they have, and whether it covers every model route, is not spelled out publicly.
  • Internal retention. "Not used to train" says nothing about how long the vendor itself keeps your uploaded documents, embeddings, and query logs before deletion. That is a separate clause, and it usually lives in the DPA, not the marketing page.
  • Whether your query patterns feed product improvement that is not "training a foundation model" but still derives signal from your usage (ranking, retrieval tuning, evaluation sets).

None of that is an accusation. It is the normal shape of enterprise SaaS disclosure: the public page answers training, the contract answers retention.

The mistake is reading a no-training statement as if it answered all three questions from the section above. It answers one. For a side-by-side of how the two incumbents' AI products actually behave, see Lexis AI vs Westlaw AI.

The privacy-law backdrop

Why does this feel weightier for lawyers than for other professionals? Because the duty to protect a confidence is not a preference, and because the legal tradition around privacy expectations is unusually developed.

The Supreme Court's reasonable-expectation-of-privacy line, from Katz v. United States, 389 U.S. 347 (1967), through Carpenter v. United States, 585 U.S. 296 (2018), is about Fourth Amendment limits on government, not about your SaaS vendor. Cite it as analogy, not holding.

But the instinct it captures travels: information you hand to a third party for one purpose should not silently become available for unrelated purposes. Carpenter in particular pushed back on the idea that sharing data with a service provider automatically strips its protection.

That is the exact intuition a lawyer brings to a vendor contract: I disclosed this for research, not for model training or open-ended retention.

The training-data copyright fight, by contrast, is live and unresolved. Whether ingesting text to build a model is fair use under 17 U.S.C. 107 is being litigated across many cases, and Thomson Reuters v. Ross is the one that reached judgment first.

That matters to the model providers' legal exposure. It does not change whether your individual query is in a training set, which remains governed by the vendor's terms, not by the copyright outcome.

Your actual obligation: ABA Formal Opinion 512

This is the load-bearing citation, and it is real. The ABA Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 512 in July 2024, the first formal guidance on generative AI.

The relevant duties:

  • Competence (Rule 1.1). You must understand the benefits and risks of the AI tools you use, including, in plain terms, where the data goes. You do not need to be an engineer. You do need to be able to answer a client's question about it.
  • Confidentiality (Rule 1.6). You must protect client information, which means evaluating whether inputting it into a given tool risks disclosure, and getting informed consent where appropriate.
  • Verification. You must verify AI output rather than relying on it blindly, the duty that has produced a steady stream of sanctions for fabricated citations.

Opinion 512 reframes the whole "does Westlaw train OpenAI" question. The duty is not to find the one vendor that has never heard of OpenAI. The duty is to know, and to be able to state, what your chosen tool does with client confidences.

A no-training statement plus a clear retention clause plus a sub-processor list satisfies competence. A vague privacy page you never read does not, regardless of which model sits underneath.

How to verify a no-training claim before you sign

You do not have to take a marketing line on faith. Put these in writing during the DPA conversation, with the same rep who quoted you the price.

  1. Model-layer ZDR. "Do you hold zero-data-retention status with OpenAI (and any other model provider) for queries flowing through your platform? Provide the contractual reference. If not, state the retention window and abuse-monitoring posture."
  2. Training scope, precisely. "Confirm in writing that customer query content and uploaded documents are not used for pretraining or fine-tuning of any foundation model, and separately, that they are not used to fine-tune or train your own models or improve retrieval, ranking, or evaluation datasets."
  3. Internal retention. "What is the deletion timeline for uploaded documents, embeddings, and query logs inside your own infrastructure, and on what trigger?"
  4. Sub-processors and notice. "Current sub-processor list, notice period before changes, and whether customers get approval or only opt-out rights."
  5. Breach SLA and data residency. "Notification timeline after detection, and where data is physically stored and processed."

A vendor that answers these crisply is one you can sign with and defend to a client. A vendor that routes you to a generic page is telling you something.

This is also exactly the kind of clause-level read that Compliance Check automates: it parses a contract or policy against 11 frameworks (CCPA, GDPR, HIPAA, and others) and surfaces gaps clause by clause, so "does this DPA actually say what the sales deck said" becomes a structured answer instead of a hunch.

FAQ

Is Westlaw data used to train AI? Two different questions hide here. Westlaw's own editorial content (headnotes, the Key Number system) is copyrighted, and a court held that copying it to train a competing tool was not fair use. Separately, Thomson Reuters publicly states that your queries and uploaded documents are not used to train its or any foundation-model vendor's models. The first is settled by Thomson Reuters v. Ross; the second is governed by your contract.

What did Thomson Reuters v. Ross Intelligence decide? On February 11, 2025, Judge Stephanos Bibas (D. Del., sitting by designation) granted Thomson Reuters partial summary judgment, finding Ross infringed 2,243 Westlaw headnotes and that its fair use defense failed. The transformativeness factor and the market-harm factor both favored Thomson Reuters. The ruling is on appeal to the Third Circuit, which granted interlocutory review on June 17, 2025.

Does the Ross ruling apply to ChatGPT and other generative AI? Not directly. Judge Bibas stressed that Ross used non-generative AI and said he was careful not to send too strong a signal about the pending generative AI cases. The large suits against OpenAI, Anthropic, and others involve different facts and are not controlled by this decision.

Does using Westlaw or Lexis AI train OpenAI on my research? There is no public evidence that it does, and both vendors state customer data is not used to train foundation models. OpenAI's standard API also does not train on API inputs by default. The exposure that does exist is short-term retention for abuse monitoring, which is a separate issue from training. Confirm the specifics in the vendor's data processing agreement.

Is my client data confidential when I use legal AI? It depends on the vendor's contract, not on the marketing page. Under ABA Formal Opinion 512, you have a duty to understand where client confidences go before you input them. Get the training scope, retention windows, and sub-processor list in writing.

Are Westlaw headnotes copyrighted? Yes. Judge Bibas held that headnotes clear the minimal creativity threshold for copyright because they distill, synthesize, or explain part of an opinion, even when they quote the opinion closely. That holding is one of the questions now under review at the Third Circuit.

What is the difference between training and retention? Training changes a model's weights so future answers can reflect your data. Retention just stores your input for a window (OpenAI's standard API keeps it up to 30 days for abuse monitoring) without learning from it. A "no training" promise does not by itself answer how long data is retained or who else touches it.

The point of the five questions

"No training" should be a verifiable posture, not a slogan. The right shape for any vendor's answer is a retention clause in the DPA, a sub-processor list with notice terms, and a model-layer ZDR reference, all in writing.

Run the five questions above on whichever tool you are evaluating. The full data-flow map puts the major incumbents side by side without spin.

For more on auditing a vendor's data clauses against frameworks like CCPA, GDPR, and HIPAA, see /features/compliance-check.

Legal AI that reads your documents and knows the law.
Ask a legal question, review a contract, or search thousands of your files. Every answer shows where it came from. 7-day free trial, no card.
Updated July 18, 202617 min read

New legal AI guides, weekly.

Vaquill AI

Vaquill AI

Product & Content

Legal AI suite for US working lawyers: research, drafting, document comparison, document matrix, matters, and citation-verified answers, in one tool.