Enterprise Data Commitments

Last Update: December 5, 2025

Cohere maintains robust controls to protect enterprise data and respect our enterprise customers’ rights regarding their data.

Control Your Data

Cohere offers several deployment solutions to meet the diverse needs of enterprise customers. Bring Cohere models or our workplace systems North and Compass to your data with private deployments and deployments on third-party cloud AI/ML platforms. You can also use the Cohere SaaS Platform to leverage Cohere-managed infrastructure.

In third-party cloud AI/ML platforms and private deployment solutions, Cohere does not receive any customer inputs (prompts) or outputs (generations).

Keep reading to learn more about our robust enterprise data controls in the Cohere SaaS Platform.

Opt Out from Data Use in Training

You can opt out from your prompts and generations being used to train Cohere models in your dashboard settings at any time.

To verify and update your settings, select “Data Controls” under your Settings in the left hand menu bar of the Cohere Platform. Adjust the toggle to ‘Off’ to opt out.

Robust Logging and Monitoring

We log and monitor the use of our SaaS Platform for compliance with our customer agreements, Usage Policy, and for security risks to our services.If we detect possible misuse of our SaaS Platform, our safety and security teams may review user prompts, generations, and logs to enforce our customer agreements, including our Usage Policy, and secure our services from misuse. Our safety team may also aggregate flagged prompts and generations after removing customer identifiers to evaluate our models’ ability to detect safety issues and enforce our Usage Policy.

Data Handling and Retention

We apply the following data handling and retention controls on the SaaS Platform:
  • We automatically delete logged prompts and generations after 30 days, unless we need it to comply with a legal requirement or customer contract, or unless your usage is flagged as potentially violating our terms, including our Usage Policy (e.g. abuse or misuse of our services). Data you allow us to use for training purposes may be retained separately in accordance with our agreement with you.
  • We filter and strip common types of personal information from prompts and generations before they are made available for possible use in training for Cohere models (if you are opted in).
  • If your usage is flagged as potentially violating our terms, including the Usage Policy, we may retain and review the flagged user prompts and associated logs to enforce our policies. We may also aggregate flagged prompts and generations after removing customer identifiers to evaluate our models’ ability to detect safety issues and enforce our Usage Policy.
  • If you have been approved for zero data retention, Cohere does not log any customer prompts or generations. See our FAQ below for more information.
  • Cohere also collects and uses certain usage data that doesn’t identify customers like frequency and duration of usage, features accessed, user preferences, and aggregate counts of input prompt tokens to understand how our services are used, and improve performance.

Privacy and Security Compliance

We support our enterprise customers’ privacy and data security compliance needs by offering multiple deployment options so customers can control access to data and personal information under their control.

Seamlessly complete your privacy and security compliance reviews by visiting Cohere’s Trust Center where you can request a copy of our certifications (including ISO 27001 and ISO 42001) or of our SOC 2 Type II Report or review our other compliance resources. Contact privacy@cohere.com if you are a SaaS Platform customer and need a Data Processing Addendum.

Enterprise Data Commitments FAQ

  • Our Enterprise Data Commitments apply to enterprise data of our commercial, paying customers. For the SaaS Platform, this means customers who have a credit card on file in their account. While we make certain features available for free for trial purposes, Cohere’s AI solutions are not intended for personal, family, or household purposes. Our Terms of Use and Privacy Policy apply to data we receive from users using a trial API key to access our SaaS Platform.
  • Enterprise customers can access opt out toggle in the Cohere dashboard settings. If you are opted out, prompts and generations will not be used to train Cohere models. Check with your organization’s administrator if you do not have access to the settings page, or contact us at support@cohere.com.
  • The answer depends on how you use our AI solutions and the deployment option you choose. See a summary below for the Cohere SaaS platform and consult your customer agreement for full details:
    1. Prompts and Generations: Prompts are what you input into the model, and generations are model outputs. For private and third party partner deployments, Cohere does not have access to nor process any customer prompts/generations. On the SaaS Platform, these are logged and automatically deleted after 30 days, subject to certain exceptions outlined above (e.g. your usage is flagged as misusing the Platform). Prompts and generations that you allow Cohere to use for training purposes may be retained separately. To verify and update your opt in or opt out settings, select “Data Controls” under your Settings in the left hand menu bar of the Cohere Platform. Adjust the toggle to ‘Off’ to opt out. Your change in settings will apply to data created after you make that change.
    2. Log Data: Log data are generated automatically when you use our SaaS Platform. We do not receive log data in other deployment types. Log data records things like organizational ID and dates an action is taken. Log data are necessary for our services to work, and for us to monitor for security risks to our services and compliance with our terms of use, including our Usage Policy.
    3. Usage data: Usage data are metadata collected automatically when you use our SaaS Platform. We may also receive certain usage data for third-party cloud AI/ML platform or private deployments, in accordance with our commercial agreements. Usage data can include frequency and duration of usage, features accessed, user preferences, and aggregate counts of input prompt tokens. We use usage data to understand how our services are used and improve performance.
    4. Business Contact Information: We collect business contact information (first and last name, email address, password) from users of our services as part of the registration process.
  • For the SaaS Platform, we automatically delete logged prompts and generations after 30 days, unless we need to retain them to comply with a legal requirement or a customer contract, or unless your usage is flagged as potentially violating our terms, including our Usage Policy (e.g. abuse or misuse of our services). For private and third party partner deployments, Cohere does not have access to nor process any customer prompts/generations. Prompts and generations that you allow Cohere to use for training purposes may be retained separately. To verify and update your opt in or opt out settings, select “Data Controls” under your Settings in the left hand menu bar of the Cohere Platform. Adjust the toggle to ‘Off’ to opt out. Your change in settings will apply to data created after you make that change.
  • Cohere relies on just-in-time (JIT) techniques to manage who has access to our system and implements role-based accesses based on the least privilege principle. Access to logs containing prompts and generations is limited to authorized employees and service providers bound by confidentiality and security controls that require access for engineering support, legal compliance, and safety and security monitoring. You can view a list of sub-processors by visiting Cohere’s Trust Center.
  • Customers can request account deletion within the self delete workflow in the Cohere dashboard. To request account deletion follow these steps:
    1. Login to your Cohere account via the Cohere dashboard
    2. Under settings, click profile then Danger Zone
    3. Click Delete My Account
    Account deletions are processed automatically within 7 days—your API keys will be revoked and account data (e.g. name, email, organization ID) will be deleted. Deleting your account does not delete prompts or generations, which are deleted automatically after 30 days unless exceptions apply. Exceptions include circumstances where a legal requirement or a customer contract require a longer retention period, or where your usage is flagged as potentially violating our terms, including our Usage Policy (e.g. abuse or misuse of our services).
  • For SaaS Platform customers, prompts and generations are deleted automatically after 30 days unless exceptions apply. Exceptions include circumstances where a legal requirement or a customer contract require a longer retention period, or where your usage is flagged as potentially violating our terms, including our Usage Policy (e.g. abuse or misuse of our services). For private and third party partner deployments, Cohere does not have access to nor process any customer prompts/generations.
    1. We collect business contact information (first and last name, email address, password) from users of our services as part of the registration process. We use this information to communicate with you and provide our AI solutions. For more information on our privacy practices, please read our Privacy Policy.
    2. If you intend to upload personal information about your own end users to the Cohere SaaS Platform, you are responsible for complying with applicable privacy laws. Please request a copy of our DPA before proceeding at privacy@cohere.com.
  • Yes, we can provide our DPA to potential customers of the Cohere SaaS Platform for review. Please contact privacy@cohere.com for more details. No DPA is required for private deployments and deployments on third-party cloud AI/ML platforms as Cohere will not receive any customer prompts/generations.
  • Zero data retention (ZDR) means we do not log any prompts or generations. When ZDR is enabled, we cannot monitor for misuse/abuse of our services in the same way. Because of this, we only allow ZDR for enterprise customers who can make additional commitments about their usage of the Cohere Services. ZDR does not affect usage data, which Cohere still receives. Contact support@cohere.com to make a ZDR request with a copy to your sales representative, if you have one. If you are dealing with sensitive data, you can also consider a third-party cloud AI/ML platform or private deployment. Learn More.
  • Cohere complies with all applicable privacy laws as they relate to personal information under the company’s control. We also proactively work with our enterprise customers to ensure we support them with their privacy compliance.