Cerebras Privacy Policy

This is Cerebras' privacy policy explaining how the company collects and uses your personal data when you use their AI computing services, website, and related products. The most important thing to know is that Cerebras collects your name, email, company information, payment data, and browsing behavior, and may combine it with data purchased from third parties like LinkedIn, Facebook, and marketing partners — but states it does not retain your AI model inputs and outputs. You can contact privacy@cerebras.ai to request access to, correction of, or deletion of your personal data.

This document is Cerebras Systems Inc.'s Privacy Policy, effective August 27, 2024, governing the collection, storage, use, and disclosure of Personal Data from users of Cerebras' website, AI training, inference, and chatbot services, with legal basis grounded in contractual necessity, legitimate interests, legal compliance, and consent. The policy creates obligations for Cerebras to process data for defined business purposes including service delivery, marketing, analytics, and legal compliance, while users are bound by the acknowledgment-of-policy mechanism triggered by mere access or use of the Services. Notably, the policy explicitly states that inputs and outputs from training, inference, and chatbot services are not retained, which is a materially favorable deviation from many AI platform competitors, though the policy permits broad combination of user data with third-party data including social media platforms and public databases. The policy engages GDPR (including data subject rights and cross-border transfer mechanisms), CCPA/CPRA for California residents, and general FTC Act Section 5 unfair and deceptive practices standards; compliance teams should note that the policy relies on a passive acknowledgment-of-use consent mechanism rather than affirmative opt-in, which may be insufficient under GDPR Article 7. Material compliance considerations include the absence of explicit legal bases enumerated per GDPR Article 6, the broad third-party data combination practice, and the lack of detail on international data transfer safeguards such as SCCs or BCRs.