Privacy & data use in developer tier

olivier · February 8, 2025, 8:02pm

Could you update your privacy policy to be explicit on how/if you store and use the data (prompts, input, etc) sent to the serverless model inference under each plan tier? Privacy Policy | SambaNova Systems

coby.adams · February 8, 2025, 8:37pm

@olivier This request has been passed on to our legal team. Please note it will not be an immediate turnaround . In the mean time please refer to our current Terms Of Service.

-Coby

robinsonalexander · February 24, 2025, 1:42pm

Hello, there is a update in this important topic ?

hoermann · February 25, 2025, 10:32am

I would be interested too. If this is safe to use in a company context with confidential code base. Especially when using continue.dev with it: Use QwenCoder2.5 32B on the SambaNova Cloud and never wait for replies.

robinsonalexander · February 28, 2025, 6:55am

We understand the situation with the legal team, but we need to be sure that the users: company confidential code base, is keeped confidential. Together AI and Amazon bedrock, are clear with privacy.

ceo1 · March 28, 2025, 2:37am

Considering their core service is inputs/outputs and this is a common question from developers, for your own sake, you should assume that there’s some degree of logging and access.

This doesn’t mean that it is actually happening, but it’s common for companies to be vague on points that they expect users won’t like. Other services are explicit because they know it will enhance their marketability to developers.

Since LLMs are one their specialties, it’s very unlikely this point wasn’t considered, and it doesn’t take two months to get a response from a legal team. Responding “we don’t log inputs and outputs” wouldn’t require a legal team if they actually don’t store/log the inputs and outputs.

So without additional information, I would assume that it is stored for some unknown period of time and is NOT safe to use with confidential information.

tonyd · April 19, 2025, 2:04pm

I seem to have missed this before, but upon taking a closer read, it looks like my privacy concerns are actually well-addressed in SambaNova’s ToS (emphasis added by me):

2. CUSTOMER CONTENT

2.1. Customer Content. As between the parties, Customer or its licensors retain all right, title and interest in and to the Customer Content. You will ensure that Customer Content and its use in our Service do not violate any applicable law or breach any applicable contract or license. Subject to the terms of this Agreement, you hereby grant to SambaNova and its Affiliates a non-exclusive, worldwide, royalty-free right to access, store and/or process the Customer Content during the Term solely to the extent necessary to provide the Service to you or as may be required by law, and for no other purposes. You represent and warrant to us that you have all rights in Customer Content necessary to grant the rights contemplated herein.

5. INTELLECTUAL PROPERTY

5.1. SambaNova Technology. Except for the express limited rights set forth in this Agreement, no right, title or interest in any SambaNova intellectual property is granted to Customer, implied or otherwise. Customer acknowledges that the Service is offered as an online, hosted solution, and that Customer has no right to obtain a copy of the underlying computer code for any Service.

5.2. Service Usage Data. We may collect and use query logs, and any data (but not Customer Content) relating to the operation, support and/or use of the Service (“Service Usage Data”) to provide administration Service, develop, improve, support, and operate our products and Service, or to investigate fraud, abuse or violations of this Agreement.

6. CONFIDENTIAL INFORMATION.

Each party (as “Receiving Party”) will use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but not less than reasonable care) to (i) not use any Confidential Information of the other party (“Disclosing Party”) for any purpose outside the scope of this Agreement, and (ii) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its Affiliates’ employees and contractors who need that access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections not materially less protective of the Confidential Information than those herein. If Receiving Party is required by law or court order to disclose Confidential Information, then Receiving Party shall, to the extent legally permitted, provide Disclosing Party with advance written notification and cooperate in any effort to obtain confidential treatment of the Confidential Information. The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such violative disclosure by the Receiving Party, the Disclosing Party will be entitled to seek appropriate equitable relief in addition to any other remedies available at law.

Some additional context on definitions:

“Confidential Information” shall mean all information that is identified as confidential at the time of disclosure or should be reasonably known to be confidential or proprietary due to the nature of the information disclosed and the circumstances surrounding the disclosure.

“Customer Content” means software, data, text, audio, video or images, or any artificial intelligence or machine learning model or algorithm that you or any User transfers to us for processing, storage or hosting by the Service and any computational results that you or your Users derive from the foregoing through their use of the Service, including machine learning model weights and biases you transfer to us or derive via model training on the Service.

I am not a lawyer, but stated in plain English, this sounds to me like:

“SambaNova and it’s employees won’t sell, transfer, or disclose your prompts or model responses unless compelled to by law. SambaNova and it’s employees won’t steal any of your intellectual property from your prompts or the model responses. SambaNova’s employees have signed confidentiality agreements agreeing to this. SambaNova understands that the privacy of your confidential information / data is very important to you. The only thing SambaNova ever intends to use your confidential information / data for is to actually provide the main functionality of the SambaNova service itself.”

I do have some questions / requests for the SambaNova development team, though:

How do we identify our prompts (and/or model responses) as “confidential”? Is there a formal process for this (e.g. “must send a message to the model explaining the session is confidential”?)
Do we have to do the above every single time?
Can we request either a checkbox (for access through the playground), or an API parameter (for API access), or a default account setting option that explicitly flags either that individual session OR the default setting for our entire account as “confidential”, to help address the ambiguity that led to my two questions above? I searched documentation briefly for such a feature but could not find one.

As well as some questions for other community members / customers in this thread:

Does the above language from the ToS adequately address your concerns about data privacy and confidentiality?
If not, what concerns do you still have? How could these concerns be addressed?