Privacy & security

We are SOC Type 2 compliant and take data privacy extremely seriously. Our policies around customer data — anything you upload to the platform and all inputs you send/outputs you generate — are detailed here in sections 8-12. All data in transit and at rest uses SSL encryption.

To summarize, OctoAI can only use your customer data to provide the service to you and not for any other purpose. Providing the service does include debugging, troubleshooting, and ensuring ToS compliance. Customer prompt data is persisted in logs for 15 days and then deleted. Outputs are never stored, and we do not use your data to train models unless you decide to use our fine-tuning service directly. Access to customer logs is controlled on a need to know basis and audited.