General
The use of enterprise data for training foundation models depends on the service agreement and the type of plan. For personal or consumer accounts, data can be used to improve models, unless users opt out via privacy settings. However, for enterprise plans, the default policy is that data is not used for training models. Instead, data is typically used to fine-tune existing models or customize AI capabilities without being included in the foundational training. Enterprise customers have full control over whether or not their data is used in any way beyond providing real-time insights or enabling enhanced features. If model training is required, explicit consent is needed, with the organization determining how its data is processed in line with compliance regulations.
Data storage and retention policies vary significantly between enterprise and personal plans. In enterprise plans, data is controlled and managed by the organization, ensuring that it adheres to internal policies, legal requirements, and compliance frameworks such as GDPR or SOC 2. Enterprise customers have the flexibility to set their own retention periods and manage data access based on role-based permissions. For personal plans, users typically have more control over their own data, but it is handled within the constraints of the service provider’s policies, which may not be as customizable or strict as those in enterprise plans. Data retention for personal accounts is usually temporary unless users choose to retain it through their privacy settings.
Enterprise plans offer robust admin controls that allow organizations to manage user access, export data, and implement deletion policies. Admins can set granular access rights, restrict permissions, and manage the retention and deletion of data based on regulatory requirements. For example, admins can configure data retention periods, export usage logs, and enforce data deletion to comply with privacy policies such as HIPAA or GDPR. Personal plans generally provide fewer controls and are more focused on individual user preferences. While basic controls like deleting chats or exporting data may be available, they lack the granularity required for enterprise-scale operations.
Enterprise plans come with enhanced security and compliance guarantees to meet the rigorous standards required by various industries. This includes certifications like SOC 2, GDPR, HIPAA, and others, ensuring that sensitive data is handled securely and in compliance with industry regulations. Enterprises benefit from stronger data privacy protections, including more detailed audit logs and encryption. Personal plans, while still secure, do not typically include these formal certifications and are not designed to meet the same regulatory requirements. Individual users may not have the same level of oversight and control over data privacy, and their data retention policies are generally less strict than those offered in enterprise plans.
Yes, under enterprise plans, the use of browser assistants or third-party integrations is often subject to stricter controls. This is done to ensure that integrations align with the organization’s security standards and governance policies. Admins may be required to approve any third-party tools or assistants before they can be used within the organization. These controls help prevent data breaches or compliance violations arising from unauthorized external tools. Personal plans, on the other hand, offer more flexibility, allowing users to integrate third-party tools or assistants without needing to go through such approval processes, though they might not offer the same level of security and governance oversight.
Enterprise admins typically have access to detailed audit logs that track every interaction within the platform, including data access, changes, and user activities. These logs are essential for ensuring compliance, performing security audits, and addressing any issues that arise. Admins can review logs to identify unusual activities or potential security risks and take appropriate actions. For personal plans, audit logs are generally not as detailed or accessible, and users have limited visibility into the platform’s back-end activities. The level of visibility and audit control is far more extensive in enterprise settings to support governance, security, and regulatory requirements.
Yes, API usage for enterprise customers is governed differently and typically involves stricter controls. Enterprise users may have isolated API environments, ensuring that their data is handled securely and in compliance with their own internal policies. APIs in enterprise plans often come with higher rate limits, additional security features, and dedicated support to address specific business needs. Enterprise customers may also have enhanced monitoring and logging capabilities to ensure that API interactions are secure and compliant with data protection standards. For personal plans, API usage is more likely to be shared and has fewer customization options regarding security, monitoring, and data isolation.
