Comment by kbyatnal
16 days ago
We work with fortune 500s in sensitive industries (healthcare, fintech, etc). Our policies are:
- data is never shared between customers
- data never gets used for training
- we also configure data retention policies to auto-purge after a time period
But how to get these guarantees from the upstream vendors? Or do you run the LLMs on premises?
If you're using LLM APIs there are SLAs from the vendors to make sure your inputs are not used as training data and other guarantees. Generally these endpoints cost more to use (the compliance fee essentially) but they solve the problem.