Unless you opt out, Cohere may use the text you send to and receive from the API to train and improve its AI models.
This analysis describes what Cohere's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The agreement authorizes use of customer-submitted inputs and model outputs for model training by default; enterprise customers transmitting confidential, regulated, or sensitive data should confirm their opt-out status before using the API in production.
Interpretive note: The exact opt-out procedure and its operational scope are not fully described in the document excerpt provided; the availability and mechanism of the opt-out may vary by account type or subscription tier.
The terms authorize Cohere to use API inputs and outputs for model improvement unless the customer has completed an opt-out, which is directly relevant for organizations processing confidential business information, personal data, or regulated data through the API.
How other platforms handle this
Writer does not use Customer Data to train its AI models without explicit customer permission. Customer Data means the data, content, and information that customers and their end users submit to or through the Services.
We may leverage OpenAI models independent of user selection for processing other tasks (e.g. for summarization). We may leverage Anthropic models independent of user selection for processing other tasks (e.g. for summarization). We may leverage these models independent of user selection for processi...
We may use the content you provide to us, including prompts and generated images, to train and improve our AI models and services.
Monitoring
Cohere has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Cohere may use Inputs and Outputs to provide, maintain, and improve the Services, including to train or fine-tune Cohere's models, unless Customer has opted out of such use in accordance with Cohere's then-current opt-out procedures.— Excerpt from Cohere's Cohere SaaS Agreement
(1) REGULATORY LANDSCAPE: This provision engages GDPR Article 5 (purpose limitation and data minimization), Article 6 (lawful basis for processing), and Article 9 where sensitive personal data categories are involved. EU supervisory authorities are the relevant enforcement bodies for EEA customers. CCPA Section 1798.100 may apply where California residents' personal data is included in API inputs. HIPAA's minimum necessary standard and business associate requirements are also implicated where health information is processed. (2) GOVERNANCE EXPOSURE: High. Default opt-in to model training data use creates compliance exposure for organizations processing personal data, confidential business information, or regulated data, as the processing purpose (model training) may not align with the original purpose for which data was collected. GDPR's purpose limitation principle requires that data not be further processed in a manner incompatible with the original collection purpose. (3) JURISDICTION FLAGS: EU and EEA customers face the highest regulatory exposure, as GDPR's requirements for explicit lawful basis for secondary processing are stringent. California customers should evaluate CCPA obligations around data use notification. Healthcare customers in the US must assess HIPAA compatibility. Financial services customers in regulated jurisdictions should review whether transmitting client data for model training is permissible under applicable regulations. (4) CONTRACT AND VENDOR IMPLICATIONS: The opt-out mechanism should be identified and documented before production deployment. Vendor assessment processes should include confirmation of the current opt-out procedure and whether it can be incorporated into a data processing addendum. The existence of a default opt-in rather than explicit opt-in may require evaluation under GDPR's consent and legitimate interest frameworks. (5) COMPLIANCE CONSIDERATIONS: Data protection officers should conduct a data protection impact assessment (DPIA) for use cases involving personal data. Privacy notices may need to be updated to reflect that data is processed by a third-party AI provider that may use it for model training. Contract templates should be updated to require opt-out confirmation as a condition of production API deployment.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
How 10 AI platforms describe the use of user data for model training, improvement, and development, based on archived governance provisions.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The agreement authorizes use of customer-submitted inputs and model outputs for model training by default; enterprise customers transmitting confidential, regulated, or sensitive data should confirm their opt-out status before using the API in production.
The terms authorize Cohere to use API inputs and outputs for model improvement unless the customer has completed an opt-out, which is directly relevant for organizations processing confidential business information, personal data, or regulated data through the API.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Cohere.