Last Update: August 6, 2023
Cohere maintains robust data usage and retention practices that recognize and respect our customers’ rights regarding their data.
By default, for Cohere’s commercial customers using our API services, we will:
Defining API Data
API data is data provided or generated by commercial customers when directly calling the API, specifically customer prompt, model output, embeddings, documents, and fine-tune data. For clarity, this does not include data sent through our free services or metadata, such as an aggregate count of input prompt tokens.
More Details about our Opt-Out Policies
Commercial customers’ API data is by default opted out of model training and for purposes related to improving our models or enhancing Cohere’s offerings. We do not use raw input prompts or model generations to profile how our models are being used. We may use aggregated metadata, such as a count of input prompt tokens, to understand usage and improve our system performance. For up to 30 days, unless required by law or to meet our contractual commitments, we will also retain API data to monitor for compliance with our terms and acceptable use guidelines, e.g., for abuse and misuses of our services.
Additionally, for highly sensitive scenarios, Cohere may grant a zero data retention opt-out after review. This removes our ability to log any data. Contact us at privacy@cohere.com for more information.
Opting in to share your data helps improve our models for you. API data undergoes a sanitization process before storage. Before being fed into any training models, our team removes common sources of personal information.
Opt-out flags are managed at an organization level within Cohere’s services. You may have multiple Cohere organizations, and you may manage the opt-out flags independently. Opt out selections made prior to August 10, 2023 will remain the same.
More Information on Personal Information and Privacy
Please review our Privacy Policy for more information on how we handle the personal information we collect and process via our website. We do not process personal information through our Playground and/or API and we strongly recommend that our customers do not upload any personal information when using our services.
Commercial customers are by default opted out of training. If you would like to opt-in email us at privacy.cohere.com.
Cohere collects and retains API data up to 30 days, unless required by law or to meet our contractual commitments, to monitor for compliance with our terms and acceptable use guidelines, e.g., for abuse and misuse of our services. After 30 days, commercial customers' API data will be automatically deleted unless requested otherwise. For more information on Cohere’s organizational data retention practices, please contact us at privacy@cohere.com.
All of our services are hosted by Google Cloud Platform, which is located in the United States. We only train and host our models in the United States.
Commercial customers’ API data is by default opted out of model training and for purposes related to improving our models or enhancing Cohere’s offerings. We may use aggregated metadata, such as a count of input prompt tokens, to understand usage and improve our system performance.
If you are opted in to model training, API data undergoes a sanitization process upon storage. Before being fed into any training models, our team removes common sources of personal information.
All data stored for any purpose is subject to our SOC2 controls regarding storage and processing. You can request a copy of the SOC2 Type II report at our Trust Center.
For more information on our privacy practices, please read our Privacy Policy.
We only keep your personal information as long as it is operationally or legally necessary. After that, we will either destroy or anonymize the information.
Yes, upon request, and subject to Cohere’s legal and regulatory obligations, we can delete your personal information. For more information on our privacy practices, including making data deletion requests, please read our Privacy Policy.
Yes, we can provide our DPA to potential customers for review. Please contact legal@cohere.com for more details.
Yes, Cohere is SOC 2 Type I and Type II compliant. If you would like a copy of our SOC 2 Type I and Type II report, please visit our Trust Center.
Cohere complies with all applicable privacy laws as they relate to personal information under the company’s control. We also proactively work with our enterprise customers to ensure that we support them with their privacy compliance.