Frequently Asked Questions (Enterprise)

This page is designed to address questions from business or enterprise customers. If you’re an individual customer, please refer to our Consumer FAQ.

---

Does D-AI train its models using customer data?

No. We do not use your enterprise or API data, inputs, or outputs for training our models.

---

Who owns inputs and outputs?

As between our enterprise customers and D-AI, the customer retains all rights to the inputs they provide and any output they receive from our services, to the extent permitted by law.

---

What security measures does D-AI use to protect customer data?

Security measures are outlined in Appendix 2 of our Data Processing Addendum (DPA).

---

Does D-AI support customers with compliance with the GDPR and other privacy laws?

Yes, we execute a Data Processing Addendum (DPA) with customers for their use of our enterprise services. This DPA is automatically incorporated into our Enterprise Terms of Service.

---

Is D-AI HIPAA compliant?

As of September 2024, Cotton for enterprise cannot support HIPAA workloads. If your organization must ensure compliance with HIPAA, do not use our enterprise services.

---

Does D-AI review customer data?

We may run customer data submitted to D-AI's enterprise services through automated content classifiers and safety tools, including to better understand how our services are used. The classifications created do not contain any of the customer data itself.

---

For how long is customer data retained?

All conversations are automatically deleted within 30 days, unless we are legally required to retain them or they are flagged as potentially violating our Terms of Service or AUP.