Enterprise Data Commitments
Last Update: October 8, 2024
Cohere maintains robust controls to protect enterprise data and respect our enterprise customers’ rights regarding their data.
Control Your Data
Cohere offers several deployment solutions to meet the diverse needs of enterprise customers. Bring Cohere models to your data with private deployments and deployments on third-party cloud AI/ML platforms, or use the Cohere SaaS Platform to leverage Cohere-managed infrastructure.
In third-party cloud AI/ML platforms and private deployment solutions, Cohere does not receive any customer inputs (prompts) or outputs (generations).
Keep reading to learn more about our robust enterprise data controls in the Cohere SaaS Platform.
Opt Out from Data Use in Training
Sharing your data for training on the Cohere SaaS Platform helps improve our models for you, but if you want to opt out, we make it easy.
You can opt out from your prompts, generations, and finetune data being used to train Cohere models in your dashboard settings at any time.
If you upload content from third-party applications to the Cohere SaaS Platform, like Google Drive, Cohere does not use any of this content, or your prompts or generations about that content, to train our models. No action is needed on your part to opt out.
Robust Logging and Monitoring
We automatically log and monitor the use of our SaaS Platform for compliance with our customer agreements, Usage Policy, and for security risks to our services.
If we detect possible misuse of our SaaS Platform, our in-house custom classifiers and prompt injection guard filters (which label potentially violative prompts) trigger additional threat detection efforts to enforce our customer agreements, including our Usage Policy, and secure our services from misuse. Our safety and security teams may review user prompts, generations, and logs for these purposes. Our safety team may also aggregate flagged prompts and generations after removing customer identifiers to evaluate our models’ ability to detect safety issues and enforce our Usage Policy.
Data Handling and Retention
We apply the following data handling and retention controls on the SaaS Platform:
- We automatically delete logged prompts and generations after 30 days, unless we need it to comply with a legal requirement or customer contract, or unless your usage is flagged as potentially violating our terms, including our Usage Policy (e.g. abuse or misuse of our services). Data you allow us to use for training purposes is stored and handled in accordance with our agreement with you.
- You control retention of conversation history and finetune data sets. You can delete chat history and finetune datasets directly in your account, and deleted chat histories and finetune datasets are purged from Cohere’s backend systems after 7 days.
- We filter and strip common types of personal information from prompts and generations before they are used for training Cohere models (if you are opted in).
- If your usage is flagged as potentially violating our terms, including the Usage Policy, we may retain and review the flagged user prompts and associated logs to enforce our policies. We may also aggregate flagged prompts and generations after removing customer identifiers to evaluate our models’ ability to detect safety issues and enforce our Usage Policy.
- If you have been approved for zero data retention, Cohere does not log any customer prompts or generations. See our FAQ below for more information.
- Cohere also collects and uses certain usage data that doesn’t identify customers like frequency and duration of usage, features accessed, user preferences, and aggregate counts of input prompt tokens to understand how our services are used, and improve performance.
Privacy and Security Compliance
We support our enterprise customers’ privacy and data security compliance needs by offering multiple deployment options so customers can control access to data and personal information under their control.
Seamlessly complete your privacy and security compliance reviews by visiting Cohere’s Trust Center where you can request a copy of our SOC 2 Type II Report and review our privacy documentation as well as other compliance resources.
Common FAQs for Cohere SaaS Platform
What do our Enterprise Data Commitments apply to?
Our Enterprise Data Commitments apply to enterprise data of our commercial, paying customers. For the SaaS Platform, this means customers who have a credit card on file in their account. While we make certain services available for free for trial purposes, Cohere services are not intended for personal, family or household purposes. Our Terms of Use and Privacy Policy apply to data we receive from users using a trial API key to access our SaaS Platform.
I want to opt-out of prompts and generations being used for training Cohere models. What should I do?
Enterprise customers can access opt out flags in the Cohere dashboard settings. If you are opted out, prompts and generations are not used to train Cohere models. Check with your organization’s administrator if you do not have access to the settings page, or contact us at support@cohere.com. Your opt out selection will automatically apply to your prompts and generations in the Cohere AI Application for Slack.
Is the data I upload to fine-tune a model used to train Cohere models?
Enterprise customers can access opt out flags in the Cohere dashboard settings. If you are opted out, finetune data is not used to train Cohere models. Check with your organization’s administrator if you do not have access to the settings page, or contact us at support@cohere.com. The fine-tune models you create are yours alone and never shared with another customer, even if you choose to share your fine-tune data for training with Cohere.
Is the content I upload from a third-party application used to train Cohere models?
No. If you upload content from third-party applications to the Cohere SaaS Platform, like Google Drive, Cohere does not use any of this content, or your prompts or generations about that content, to train our models. You do not need to take any action to opt out.
What data does Cohere collect?
The answer depends on how you use our services and the deployment solution you choose. See a summary below and consult your customer agreement for full details:
- Prompts and Generations: Prompts are what you input into the model, and generations are model outputs. You can opt out of our use of this data for training on our SaaS Platform, or choose a deployment solution where we never receive this data.
- Finetune Data: Finetune data are documents, data, or datasets you upload to fine-tune and customize a model. You can opt out of our use of this data for training on our SaaS Platform, or choose a deployment solution where we never receive this data.
- Logs: Logs are generated automatically when you use our SaaS Platform. We do not receive logs in other deployment types. Logs record things like organizational ID and dates an action is taken. Logs are necessary for our services to work, and for us to monitor for security risks to our services and compliance with our terms of use, including our Usage Policy.
- Usage data: Usage data are metadata collected automatically when you use our SaaS Platform. We may also receive certain usage data for third-party cloud AI/ML platform or private deployments, in accordance with our commercial agreements. Usage data can include frequency and duration of usage, features accessed, user preferences, and aggregate counts of input prompt tokens. We use usage data to understand how our services are used and improve performance.
- Business Contact Information: We collect business contact information (first and last name, email address, password) from users of our services as part of the registration process.
How long does Cohere retain enterprise data?
For the SaaS Platform, we automatically delete logs containing prompts and generations after 30 days, unless we need it to comply with a legal requirement or a customer contract, or unless your usage is flagged as potentially violating our terms, including our Usage Policy (e.g. abuse or misuse of our services). You can delete chat history and fine tune datasets directly in your account.
Who can view stored prompts, generations, & finetune data?
Cohere relies on just-in-time (JIT) techniques to manage who has access to our system and implements role-based accesses based on the least privilege principle. Access to logs containing prompts and generations, as well as finetune data, is limited to authorized employees and service providers bound by confidentiality and security controls that require access for engineering support, legal compliance, and safety and security monitoring. You can view a list of sub-processors by visiting Cohere’s Trust Center.
Can I delete data submitted to the SaaS Platform?
Please contact privacy@cohere.com to submit a deletion request.
What personal information do we collect from our customers and how do we use it?
- We collect business contact information (first and last name, email address, password) from users of our services as part of the registration process. We use this information to communicate with you and provide our services. For more information on our privacy practices, please read our Privacy Policy.
- If you intend to upload personal information about your own end users to the Cohere SaaS Platform, you are responsible for complying with applicable privacy laws. Please request a copy of our DPA before proceeding at privacy@cohere.com.
I am a prospective Cohere customer, can I see a copy of your Data Processing Addendum (DPA)?
Yes, we can provide our DPA to potential customers of the Cohere SaaS Platform for review. Please contact privacy@cohere.com for more details. No DPA is required for private deployments and deployments on third-party cloud AI/ML platforms as Cohere will not receive any customer prompts/generations.
Does Cohere have any security certifications or reports?
Yes, Cohere receives a SOC 2 Type II report. If you would like a copy of our SOC 2 Type II report, please visit our Trust Center.
What is zero data retention and how do I request it?
Zero data retention (ZDR) means we do not log any prompts or generations. When ZDR is enabled, we cannot monitor for misuse/abuse of our services in the same way. Because of this, we only allow ZDR for enterprise customers who can make additional commitments about their usage of the Cohere Services. ZDR does not affect usage data, which Cohere still receives. Contact privacy@cohere.com to make a ZDR request with a copy to your sales representative, if you have one. If you are dealing with sensitive data, you can also consider a third-party cloud AI/ML platform or private deployment. Learn More.
What is Cohere’s approach to privacy compliance?
Cohere complies with all applicable privacy laws as they relate to personal information under the company’s control. We also proactively work with our enterprise customers to ensure we support them with their privacy compliance.