Cohere Data Usage Policy

Last Update: October 30, 2023

Cohere maintains robust data usage and retention practices that recognize and respect our customers’ rights regarding their data.


For Cohere’s commercial customers using our API services, we will:


  • Provide an API data opt-out for training and improving our models, or enhancing Cohere’s offerings. Organization administrators may access this in Cohere dashboard settings.
  • Unless required by law or contract, automatically delete API data after 30 days.


Defining API Data

API data is data provided or generated by commercial customers when directly calling the API, specifically customer prompt, model output, embeddings, documents, and fine-tune data. For clarity, this does not include data sent through our free services or metadata, such as an aggregate count of input prompt tokens. It also does not include our end-user products, such as the Playground or Coral.

More Details about our Opt-Out Policies

When opted out, commercial customers’ API data is not used for model training and purposes related to improving our models or enhancing Cohere’s offerings. We do not use raw input prompts or model generations to profile how our models are being used. We may use aggregated metadata, such as a count of input prompt tokens, to understand usage and improve our system performance. For up to 30 days, unless required by law or to meet our contractual commitments, we will also retain API data to monitor for compliance with our terms and acceptable use guidelines, e.g., for abuse and misuses of our services.


Additionally, for highly sensitive scenarios, Cohere may grant a zero data retention opt-out after review. This removes our ability to log any data. Contact us at privacy@cohere.com for more information.


Opting in to share your data helps improve our models for you. API data undergoes a sanitization process before storage. Before being fed into any training models, our team removes common sources of personal information.


Opt-out flags are managed at an organization level within Cohere’s services. You may have multiple Cohere organizations, and you may manage the opt-out flags independently. Opt out selections made prior to August 10, 2023 will remain the same.

More Information on Personal Information and Privacy

Please review our Privacy Policy for more information on how we handle the personal information we collect and process via our website. We do not process personal information through our Playground and/or API and we strongly recommend that our customers do not upload any personal information when using our services.

Common API Data Usage FAQs

  • I want to opt-out of prompts and results used for your training models. What should I do?
  • How long does Cohere retain my data?
    • Cohere collects and retains API data up to 30 days, unless required by law or to meet our contractual commitments, to monitor for compliance with our terms and acceptable use guidelines, e.g., for abuse and misuse of our services. After 30 days, commercial customers' API data will be automatically deleted unless requested otherwise. For more information on Cohere’s organizational data retention practices, please contact us at privacy@cohere.com.

  • Where are your servers located?
    • All of our services are hosted by Google Cloud Platform, which is located in the United States. We only train and host our models in the United States.

  • How is API data stored and processed?
    • Commercial customers’ API data may be opted out of model training and for purposes related to improving our models or enhancing Cohere’s offerings. We may use aggregated metadata, such as a count of input prompt tokens, to understand usage and improve our system performance.


      When you are opted in to model training, API data undergoes a sanitization process upon storage. Before being fed into any training models, our team removes common sources of personal information.


      All data stored for any purpose is subject to our SOC2 controls regarding storage and processing. You can request a copy of the SOC2 Type II report at our Trust Center.

Privacy FAQs

  • What personal information do we collect from our customers?
      • We collect business contact information (first and last name, email address, password), information about the organization, and intended use cases as part of the registration process.
      • We do not process personal information through our Playground and/or API and we strongly recommend that our customers do not upload any personal information when using our services.


      For more information on our privacy practices, please read our Privacy Policy.

  • What do we do with personal information customers share with us?
      • We share business contact information collected during the registration process with third parties that provide services such as cloud computing, data storage, publishing, and analytics
        • e.g. Google, Holistics, Retool, etc.
      • These service providers are not authorized to use or disclose personal information for their own marketing or other purposes.
      • We use business contact information to understand our customers’ use cases, customize their experience, and monitor compliance with our terms and usage guidelines.
  • How long is personal information retained?
    • We only keep your personal information as long as it is operationally or legally necessary. After that, we will either destroy or anonymize the information.

  • Can you delete my personal information?
    • Yes, upon request, and subject to Cohere’s legal and regulatory obligations, we can delete your personal information. For more information on our privacy practices, including making data deletion requests, please read our Privacy Policy.

  • I am a prospective Cohere customer, can I see a copy of your Data Processing Addendum (DPA)?
    • Yes, we can provide our DPA to potential customers for review. Please contact legal@cohere.com for more details.

  • Does Cohere have any security certifications?
    • Yes, Cohere is SOC 2 Type I and Type II compliant. If you would like a copy of our SOC 2 Type I and Type II report, please visit our Trust Center.

  • What is Cohere’s approach to privacy compliance?
    • Cohere complies with all applicable privacy laws as they relate to personal information under the company’s control. We also proactively work with our enterprise customers to ensure that we support them with their privacy compliance.