Which AI providers offer prompt logging exceptions for enterprise customers?
No single rule exists: OpenAI, Anthropic, Google, and xAI each use a different gate for prompt logging exceptions, and every gate leaves legal or safety carveouts. The public record does not show a provider-published minimum spend for the exception itself.
There is very little primary law on point. No statute, regulation, or reported case in the source set requires Anthropic, Google, OpenAI, or xAI to offer a prompt-logging exception at all. This is mostly a contracts-and-controls question. The operative text is the provider's service agreement, product retention documentation, and whatever amendment or account-level enablement sits behind it. The legal edge appears in the carveouts. Each provider preserves some ability to retain, review, or disclose data where law, abuse prevention, moderation, or safety requires it.
The result is a clean but narrow public picture. OpenAI's gate is approval-based API control. Anthropic's gate is account-team enablement layered over a feature matrix. Google's gate is an abuse-monitoring exception request plus product exclusions. xAI's gate is enterprise-only API ZDR. None of those public documents supplies a verifiable provider-published minimum spend for the exception itself.
Sources for this answer
Vendor documentation
A.1 OpenAI, Data controls in the OpenAI platformSupports the cited proposition. (OpenAI, Data controls in the OpenAI platform)
abuse monitoring logs are generated for all API feature usage and retained for up to 30 days
See OpenAI, Data controls in the OpenAI platform.
Vendor documentation
A.2 Anthropic, API and data retentionSupports the cited proposition. (Anthropic, API and data retention)
Customer data is not stored at rest after the API response is returned, except where needed to comply with law or combat misuse
See Anthropic, API and data retention.
Vendor documentation
A.3 Google Cloud, Abuse monitoringGoogle Cloud employs automated safety classifiers and limited prompt logging to monitor for violations of its Acceptable Use Policy, with the potential for service suspension in cases of severe or recurring abuse.
Google uses automated safety classifiers to detect potential abuse and violations.
See Google Cloud, Abuse monitoring.
Vendor documentation
A.4 xAI Documentation, FAQ - SecuritySupports the cited proposition. (xAI Documentation, FAQ - Security)
exclusively available to enterprise accounts
See xAI Documentation, FAQ - Security.
Commentary
A.8 Cursor, SecurityCursor maintains a security framework that includes regular third-party penetration testing, strict infrastructure access controls, and optional privacy modes that prevent model providers from retaining or training on user code data.
Infrastructure access is granted according to the principle of least privilege. We enforce multi-factor authentication, deploy cybersecurity tools, and monitor system logs and activity.
See Cursor, Security.
Vendor documentation
A.5 OpenAI, Services AgreementUnder the OpenAI Services Agreement, customers retain ownership of their input and output, while OpenAI is restricted from using customer content to improve its services without explicit consent.
As between Customer and OpenAI, to the extent permitted by applicable law, Customer: (a) retains all ownership rights in Input; and (b) owns all Output. OpenAI hereby assigns to Customer all OpenAI’s right, title, and interest, if any, in and to Output.
See OpenAI, Services Agreement.
Vendor documentation
A.6 Google Cloud Platform Terms of ServiceSupports the cited proposition. (Google Cloud Platform Terms of Service)
may log Customer prompts solely for the purpose of reviewing and determining whether a violation has occurred
See Google Cloud Platform Terms of Service.
Vendor documentation
A.7 xAI, Terms of Service - EnterpriseThe xAI Enterprise Terms of Service establish the contractual framework for service usage, including intellectual property ownership, liability disclaimers for AI-generated output, and mandatory procedural waivers for dispute resolution.
Customer acknowledges that no xAI intellectual property rights are assigned or transferred to Customer hereunder. Customer is obtaining only a limited right to access and use the Services during the Subscription Term of this Agreement.
See xAI, Terms of Service - Enterprise.
What prompt logging limits remain after OpenAI zero data retention is approved?
OpenAI offers Modified Abuse Monitoring and zero data retention only with approval, and zero data retention is narrower than a blanket no-logging promise because endpoint scope, stateful features, legal holds, and abuse carveouts still matter. API customers using zero data retention endpoints were outside one preservation demand because prompts and answers were not retained there.
OpenAI's public API terms are the clearest statement of the baseline. OpenAI says “abuse monitoring logs are generated for all API feature usage and retained for up to 30 days” and that those logs may contain certain customer content, such as prompts and responses, as well as metadata derived from that customer content, such as classifier outputs. The exception is not self-service. The same page says Modified Abuse Monitoring and Zero Data Retention are available only with prior approval and additional requirements. OpenAI's business pages narrow the gate but do not quantify it. One page refers to a qualifying use-case; another says qualifying organizations can configure retention, including ZDR.
The consequence is that OpenAI publishes two different bargains, not one. Modified Abuse Monitoring removes customer content from abuse-monitoring logs while leaving more platform functionality intact. Zero Data Retention goes further but forces store=false behavior on certain endpoints and leaves some stateful endpoints and capabilities outside scope. The public terms also preserve legal and abuse carveouts. OpenAI's Services Agreement allows use of customer content to provide the service, comply with law, enforce policies, and prevent abuse, and it allows retention or sharing of abusive customer content where necessary to protect the service or third parties. OpenAI's June 5, 2025 note on The New York Times preservation demands then makes the legal-hold implication concrete. It says API customers using ZDR endpoints were not affected because prompts and answers were never retained in the first place.
Sources for this answer
Vendor documentation
B.1 OpenAI, Data controls in the OpenAI platformSupports the cited proposition. (OpenAI, Data controls in the OpenAI platform)
abuse monitoring logs are generated for all API feature usage and retained for up to 30 days
See OpenAI, Data controls in the OpenAI platform.
Vendor documentation
B.4 OpenAI, Enterprise privacy at OpenAIOpenAI provides enterprise-level data privacy and security controls, including user ownership of inputs and outputs and a default policy against training models on customer data.
We do not train our models on your data by default
See OpenAI, Enterprise privacy at OpenAI.
Vendor documentation
B.5 OpenAI, Business data privacy, security, and complianceOpenAI provides enterprise-grade data privacy, security, and compliance features, including non-training policies, encryption, and support for various regulatory frameworks such as GDPR, HIPAA, and ISO certifications.
By default, we do not use data from ChatGPT Enterprise, ChatGPT Business, ChatGPT Edu, ChatGPT for Healthcare, ChatGPT for Teachers, or our API platform—including inputs or outputs—for training or improving our models.
See OpenAI, Business data privacy, security, and compliance.
Vendor documentation
B.2 OpenAI, Services AgreementUnder the OpenAI Services Agreement, customers retain ownership of their input and output, while OpenAI is restricted from using customer content to improve its services without explicit consent.
As between Customer and OpenAI, to the extent permitted by applicable law, Customer: (a) retains all ownership rights in Input; and (b) owns all Output. OpenAI hereby assigns to Customer all OpenAI’s right, title, and interest, if any, in and to Output.
See OpenAI, Services Agreement.
Vendor documentation
B.3 OpenAI, How we're responding to The New York Times' data demands in order to protect user privacyOpenAI contends that court-ordered indefinite retention of consumer ChatGPT and API data in the context of litigation against The New York Times conflicts with established privacy norms and the company's internal data retention policies.
The New York Times and other plaintiffs have made a sweeping and unnecessary demand in their baseless lawsuit against us: retain consumer ChatGPT and API customer data indefinitely.
See OpenAI, How we're responding to The New York Times' data demands in order to protect user privacy.
How do Anthropic, Google, and xAI limit prompt logging exceptions?
Anthropic, Google, and xAI all publish prompt logging exceptions, but their limits turn on feature eligibility, abuse-monitoring approval, or enterprise API status. Those exceptions still leave feature exclusions, moderation, legal duties, or compliance carveouts.
Anthropic publishes the most granular feature map. Its API retention page says “Customer data is not stored at rest after the API response is returned, except where needed to comply with law or combat misuse”. That sounds broad until the feature table begins. Anthropic distinguishes between ZDR-eligible and non-eligible features, and it treats Claude Code, the Files API, batch processing, tool calling, MCP connectors, and product interfaces differently. Claude Code has its own ZDR page and its own disablements. Anthropic also says that even under ZDR or HIPAA readiness, flagged chats or sessions may be retained for up to two years.
That makes Anthropic's public position narrower than the headline implies. ZDR exists, but it is feature-specific by design. Anthropic's Frontier Safety Roadmap states the logic unusually plainly: We offer many customers 'zero data retention' policies but doing so universally would hamper misuse detection and learning from real-world usage. The public gate is therefore not enterprise equals no logging. It is closer to some enterprise or commercial uses can be configured this way, provided the feature set allows it and the account team enables it.
Google's public materials split the issue between baseline terms and a Vertex AI exception process. The Google Cloud Platform Terms say that if automated safety tools detect potential abuse or policy violations, Google “may log Customer prompts solely for the purpose of reviewing and determining whether a violation has occurred”. The Vertex AI documentation then says customers can request an abuse-monitoring exception, and if approved Google will not store prompts associated with the approved Google Cloud account for abuse-monitoring purposes. Google's structure is different from OpenAI's because the public promise is framed around abuse-triggered prompt logging, not around a general named retention tier.
Google's carveouts are also product-specific in a way the marketing label can obscure. Vertex AI's zero-data-retention page says Grounding with Google Search and Grounding with Google Maps keep prompts, contextual information, and generated output for 30 days, and that storage cannot be disabled for those features. Gemini Live session resumption can retain prompts and outputs for up to 24 hours if enabled. Customer-side request and response logging to BigQuery is a separate observability feature entirely. So Google ZDR is not one switch. It is an approved exception plus a product configuration choice, plus the absence of optional logging layers that the customer may have turned on for its own reasons.
xAI's public terms are newer and simpler. Its security FAQ says API request and response data are otherwise stored for 30 days for potential audit of abuse or misuse, but that Zero Data Retention is “exclusively available to enterprise accounts”. When enabled, prompts, completions, and associated metadata are processed in real time but never persisted. The same FAQ says moderation still runs in real time, moderation results are not stored, and there is no server-side conversation history under ZDR. xAI's enterprise terms and FAQ preserve the usual backstop: data may still be retained if legally required or if flagged for safety, compliance, moderation, or an apparent terms violation.
Sources for this answer
Vendor documentation
C.1 Anthropic, API and data retentionSupports the cited proposition. (Anthropic, API and data retention)
Customer data is not stored at rest after the API response is returned, except where needed to comply with law or combat misuse
See Anthropic, API and data retention.
Vendor documentation
C.4 Anthropic, Features overviewAnthropic's Claude platform provides various technical features and infrastructure capabilities, such as citations, structured outputs, and prompt caching, designed to optimize model performance, cost, and verifiability.
With Citations, Claude can provide detailed references to the exact sentences and passages it uses to generate responses, leading to more verifiable, trustworthy outputs.
See Anthropic, Features overview.
Vendor documentation
C.5 Anthropic, Zero data retention for Claude CodeAnthropic's Zero Data Retention policy for Claude Code ensures that prompts and model responses are processed in real time and not stored by the provider, subject to specific exceptions for legal compliance or misuse prevention.
When ZDR is enabled, prompts and model responses generated during Claude Code sessions are processed in real time and not stored by Anthropic after the response is returned
See Anthropic, Zero data retention for Claude Code.
Vendor documentation
C.6 Anthropic, Frontier Safety RoadmapAnthropic advocates for a risk-based regulatory framework for AI that scales oversight intensity with model capability, drawing parallels to the governance of high-stakes industries like nuclear energy and finance.
We believe the right framework is a regulatory ladder: requirements that scale with risk.
See Anthropic, Frontier Safety Roadmap.
Vendor documentation
C.7 Google Cloud Platform Terms of ServiceSupports the cited proposition. (Google Cloud Platform Terms of Service)
may log Customer prompts solely for the purpose of reviewing and determining whether a violation has occurred
See Google Cloud Platform Terms of Service.
Vendor documentation
C.2 Google Cloud, Vertex AI and zero data retentionGoogle Cloud provides mechanisms for customers to restrict the use of their data for model training and to manage or disable data retention and caching features within Vertex AI.
Google won't use your data to train or fine-tune any AI/ML models without your prior permission or instruction.
See Google Cloud, Vertex AI and zero data retention.
Vendor documentation
C.8 Google Cloud, Abuse monitoringGoogle Cloud employs automated safety classifiers and limited prompt logging to monitor for violations of its Acceptable Use Policy, with the potential for service suspension in cases of severe or recurring abuse.
Google uses automated safety classifiers to detect potential abuse and violations.
See Google Cloud, Abuse monitoring.
Vendor documentation
C.9 Google Cloud, Log requests and responsesVertex AI provides functionality to log request and response data for Gemini and partner models to BigQuery, subject to specific configuration settings and data size limitations.
Vertex AI can log samples of requests and responses for Gemini and supported partner models. The logs are saved to a BigQuery table for viewing and analysis.
See Google Cloud, Log requests and responses.
Vendor documentation
C.3 xAI Documentation, FAQ - SecuritySupports the cited proposition. (xAI Documentation, FAQ - Security)
exclusively available to enterprise accounts
See xAI Documentation, FAQ - Security.
Vendor documentation
C.10 xAI, Terms of Service - EnterpriseThe xAI Enterprise Terms of Service establish the contractual framework for service usage, including intellectual property ownership, liability disclaimers for AI-generated output, and mandatory procedural waivers for dispute resolution.
Customer acknowledges that no xAI intellectual property rights are assigned or transferred to Customer hereunder. Customer is obtaining only a limited right to access and use the Services during the Subscription Term of this Agreement.
See xAI, Terms of Service - Enterprise.
Vendor documentation
C.11 xAI, Enterprise FAQsxAI enterprise terms establish user ownership of inputs and outputs, restrict the use of business data for model training, and define data retention and privacy obligations.
You own the Inputs and Outputs.
See xAI, Enterprise FAQs.
What should lawyers ask AI vendors about abuse monitoring logs?
Lawyers should ask separately about abuse-monitoring logs, not just model training. Legal commentary supports checking opt-outs, vendor access, customer monitoring duties, and whether any public pricing or spend rule actually exists.
The law-firm and legal-industry commentary is more aligned than it first appears. The shared point is that the provider does not train on my data is not the same as the provider does not log my prompts. The Reuters procurement piece written by two Skadden lawyers says vendors often want rights to use inputs and outputs not only to provide the service but also to investigate abuse or misuse, and that some vendors will permit opt-outs, especially in higher-value commercial settings. That is not a published price table, but it is a useful market observation: leverage seems to matter even where a public minimum-spend threshold is absent.
Beck Reed Riden makes the same distinction from a confidentiality angle. Its March 29, 2026 article says that even enterprise tiers often retain data temporarily for abuse monitoring, typically around 30 days, and may permit limited vendor personnel access for those purposes. Winston & Strawn's trade-secret analysis points in the same direction. Inputs may be retained to monitor tool performance or prevent inappropriate use, and human review can sit on top of that. The firms are not disagreeing on the baseline. They are saying the logging issue survives the enterprise SKU.
The ABA Business Law Today article by lawyers from Fox Rothschild, Cooley, and Morrison & Foerster is probably the crispest diligence formulation in the source set. It says a buyer should seek “Confirmation whether there are exceptions to the otherwise applicable rules around data storage and access for the purposes of abuse monitoring or similar”. That line matters because it treats abuse-monitoring exceptions as a separate diligence item, not as a footnote to privacy or security review.
Debevoise's December 2024 media contracting piece is weaker as authority because the source set only surfaced the search snippet, not a full extracted quotation. Still, the snippet is directionally useful and worth hedging rather than ignoring. It suggests that some end-user customers seek an opt-out in exchange for conducting their own abuse monitoring. That is consistent with OpenAI's published allocation of responsibility once its controls are enabled, and it could explain why logging exceptions often appear as negotiated operational posture rather than as a line item on a pricing page.
What the firms do not provide is just as important. None of the firm sources in this directory supplies a verified matrix saying Anthropic and Google grant exceptions for free while OpenAI and xAI require a minimum purchase, or vice versa. The commentary points to leverage, sensitivity of use case, and negotiated responsibility. It does not support a hard public spend taxonomy.
Sources for this answer
Commentary
D.1 Skadden commentaryCompanies should update their procurement playbooks to address the unique legal, security, and intellectual property risks associated with integrating generative AI tools into their enterprise operations.
Playbooks should require counsel review to these terms together with the enterprise licensing agreement, and if possible, to negotiate so that such terms remain fixed or consent is required for material changes.
See Skadden, AI-focused procurement playbook refresh.
Commentary
D.4 Beck Reed Riden commentaryBecause trade secret statutes lack a human-creation requirement and current case law is unsettled, contract law and proactive governance serve as the primary mechanisms for managing ownership and confidentiality risks associated with AI-generated trade secrets.
Trade secret law is uniquely positioned to fill the AI ownership gap. Unlike patent and copyright, neither the Defend Trade Secrets Act nor the Uniform Trade Secrets Act (nor any case law at the time of this article’s publication) contains a human-creation requirement.
See Beck Reed Riden, Who owns an AI-generated trade secret?.
Law-firm commentary
D.5 Winston & Strawn commentaryCompanies must implement robust confidentiality policies, contractual safeguards, and employee training to mitigate the risk that using Generative AI tools will result in the loss of trade secret protection.
Inputs that are comprised of trade secrets may also be used to further train the tool, and thus be disclosed to users not affiliated with the company that owns the trade secrets.
See Winston & Strawn, Harnessing Generative AI: Best Practices for Trade Secret Protection.
Commentary
D.2 Fox Rothschild / Cooley / Morrison & Foerster commentarySupports the cited proposition. (Fox Rothschild / Cooley / Morrison & Foerster commentary)
Confirmation whether there are exceptions to the otherwise applicable rules around data storage and access for the purposes of abuse monitoring or similar
See Fox Rothschild / Cooley / Morrison & Foerster, Ethical Implications of the Use of Legal Technologies by Innovative M&A Lawyers, including Special Considerations for Use of AI in M&A Transactions.
Law-firm commentary
D.6 Debevoise & Plimpton commentaryPDFWhen drafting and negotiating generative AI contracts in the media industry, parties must carefully address license scope, use restrictions, data privacy, and risk allocation to manage the unique legal and operational challenges posed by GenAI technology.
Licensees must ensure that the license grant is broad enough to permit the full range of necessary activities for its intended GenAI development.
See Debevoise & Plimpton, Generative AI Contracting in the Media Industry.
Vendor documentation
D.3 OpenAI, Data controls in the OpenAI platformSupports the cited proposition. (OpenAI, Data controls in the OpenAI platform)
abuse monitoring logs are generated for all API feature usage and retained for up to 30 days
See OpenAI, Data controls in the OpenAI platform.
What AI prompt logging risks remain after a vendor exception?
A vendor exception does not eliminate the total prompt record; it may leave residual provider retention, disable functionality, or shift durable logs to the customer. The open issues are metadata scope, revocation, contract placement, and customer-side safety work.
| Provider | Public gate | Residual logging or retention that still survives in public docs |
|---|---|---|
| OpenAI | Prior approval for Modified Abuse Monitoring or ZDR on eligible endpoints | Legal-hold rights, abusive-content carveouts, and stateful or ZDR-ineligible features still persist. |
| Anthropic | ZDR arrangement through contract or account team, plus feature-level eligibility | Flagged sessions can be retained up to 2 years; many features, connectors, and product interfaces remain outside ZDR. |
| Abuse-monitoring exception request for the approved Cloud account | Search and Maps grounding keep data for 30 days; some live-session features keep 24-hour state; customer-side BigQuery logs are separate. | |
| xAI | Enterprise-only ZDR for the API | Real-time moderation still runs; no server-side conversation history; legal, safety, and compliance carveouts remain. |
The real comparison is not by price bucket. It is by gate. That table sounds obvious once stated, but most provider marketing does not present the issue that way. Enterprise privacy pages are written around training, security, and business-data separation. Prompt-logging exceptions live deeper in API docs, exception forms, trust pages, or account-team flows. A company reading only the top-line enterprise promise will often overread what it bought.
The second consequence is that the trade is often functionality for visibility. OpenAI's lighter control leaves more features intact than full ZDR. Anthropic's ZDR excludes meaningful parts of the product surface, including some stateful or connector-heavy features. Google cannot disable retention for some grounding features because the retention is tied to debugging and reliability engineering. xAI's ZDR removes server-side conversation history. Perhaps the cleanest way to say it is this: the stricter the retention promise, the more likely it is that statefulness, observability, or managed safety review moves somewhere else or disappears.
The third consequence is that provider-side minimization and customer-side logging can move in opposite directions. Google explicitly offers request and response logging to BigQuery. Reuters' procurement analysis treats prompt and output recordkeeping as its own operational question. So a provider-side logging exception does not necessarily reduce the overall data footprint. It can simply move the durable record from the provider to the customer, which is better for some objectives and worse for others.
The fourth consequence is that the exceptions are real, not hypothetical. Morgan Stanley's OpenAI case study says zero data retention addressed a central security concern in that deployment. Cursor publicly says it has zero-data-retention agreements with OpenAI, Anthropic, Google Vertex, and xAI. Glean's administrative guidance assumes OpenAI zero-retention requests are a live operational path, while also noting that some features still require modified abuse monitoring. Public uptake exists. What is still missing is a public schedule that explains exactly who qualifies, how quickly, and at what contract value. The materials are good on scope and carveouts, fair on gating language, and thin on economics.
- Does each exception cover only prompts and completions, or also derived metadata such as classifier outputs, moderation signals, and operational traces? OpenAI's default logs expressly include classifier outputs, xAI expressly says associated metadata is not persisted under ZDR, and Google's public language is mostly about prompts. The public record does not support one uniform answer across providers.
- Is contract size the real gate even if no provider publishes it? Reuters' procurement piece suggests vendors are more flexible in higher-value engagements, but none of the provider docs here states a fixed annual minimum for the exception itself. Perhaps the real gate is some combination of spend, regulated workload, and willingness to accept shifted abuse-monitoring responsibility.
- Can an exception be revoked in practice? No public document in this source set lays out a clean revocation procedure. What the documents do preserve are override rights for flagged misuse, legal demands, safety review, or sensitive-model access. That could amount to a functional revocation even if the contract never uses that word.
- How much of the commitment is written in public materials versus tucked into order forms, amendments, or account emails? The public docs clearly show that manual approval exists. They do not disclose standard turnaround times or complete eligibility criteria. That leaves a gap between what the market knows and what the account team knows.
- How much debugging and safety work moves back to the customer once the provider stops retaining content? Debevoise's snippet and OpenAI's own language both point in that direction, but the public record is still thin on how much provider review is replaced by customer monitoring in practice.
Sources for this answer
Vendor documentation
E.2 OpenAI, Data controls in the OpenAI platformSupports the cited proposition. (OpenAI, Data controls in the OpenAI platform)
abuse monitoring logs are generated for all API feature usage and retained for up to 30 days
See OpenAI, Data controls in the OpenAI platform.
Vendor documentation
E.4 OpenAI, Services AgreementUnder the OpenAI Services Agreement, customers retain ownership of their input and output, while OpenAI is restricted from using customer content to improve its services without explicit consent.
As between Customer and OpenAI, to the extent permitted by applicable law, Customer: (a) retains all ownership rights in Input; and (b) owns all Output. OpenAI hereby assigns to Customer all OpenAI’s right, title, and interest, if any, in and to Output.
See OpenAI, Services Agreement.
Vendor documentation
E.5 Anthropic, API and data retentionSupports the cited proposition. (Anthropic, API and data retention)
Customer data is not stored at rest after the API response is returned, except where needed to comply with law or combat misuse
See Anthropic, API and data retention.
Vendor documentation
E.6 Anthropic, Zero data retention for Claude CodeAnthropic's Zero Data Retention policy for Claude Code ensures that prompts and model responses are processed in real time and not stored by the provider, subject to specific exceptions for legal compliance or misuse prevention.
When ZDR is enabled, prompts and model responses generated during Claude Code sessions are processed in real time and not stored by Anthropic after the response is returned
See Anthropic, Zero data retention for Claude Code.
Vendor documentation
E.7 Google Cloud, Vertex AI and zero data retentionGoogle Cloud provides mechanisms for customers to restrict the use of their data for model training and to manage or disable data retention and caching features within Vertex AI.
Google won't use your data to train or fine-tune any AI/ML models without your prior permission or instruction.
See Google Cloud, Vertex AI and zero data retention.
Vendor documentation
E.1 Google Cloud, Log requests and responsesVertex AI provides functionality to log request and response data for Gemini and partner models to BigQuery, subject to specific configuration settings and data size limitations.
Vertex AI can log samples of requests and responses for Gemini and supported partner models. The logs are saved to a BigQuery table for viewing and analysis.
See Google Cloud, Log requests and responses.
Vendor documentation
E.3 xAI Documentation, FAQ - SecuritySupports the cited proposition. (xAI Documentation, FAQ - Security)
exclusively available to enterprise accounts
See xAI Documentation, FAQ - Security.
Vendor documentation
E.8 xAI, Terms of Service - EnterpriseThe xAI Enterprise Terms of Service establish the contractual framework for service usage, including intellectual property ownership, liability disclaimers for AI-generated output, and mandatory procedural waivers for dispute resolution.
Customer acknowledges that no xAI intellectual property rights are assigned or transferred to Customer hereunder. Customer is obtaining only a limited right to access and use the Services during the Subscription Term of this Agreement.
See xAI, Terms of Service - Enterprise.
Vendor documentation
E.9 OpenAI, Enterprise privacy at OpenAIOpenAI provides enterprise-level data privacy and security controls, including user ownership of inputs and outputs and a default policy against training models on customer data.
We do not train our models on your data by default
See OpenAI, Enterprise privacy at OpenAI.
Vendor documentation
E.10 OpenAI, Business data privacy, security, and complianceOpenAI provides enterprise-grade data privacy, security, and compliance features, including non-training policies, encryption, and support for various regulatory frameworks such as GDPR, HIPAA, and ISO certifications.
By default, we do not use data from ChatGPT Enterprise, ChatGPT Business, ChatGPT Edu, ChatGPT for Healthcare, ChatGPT for Teachers, or our API platform—including inputs or outputs—for training or improving our models.
See OpenAI, Business data privacy, security, and compliance.
Vendor documentation
E.11 Google Cloud, Abuse monitoringGoogle Cloud employs automated safety classifiers and limited prompt logging to monitor for violations of its Acceptable Use Policy, with the potential for service suspension in cases of severe or recurring abuse.
Google uses automated safety classifiers to detect potential abuse and violations.
See Google Cloud, Abuse monitoring.
Vendor documentation
E.12 Anthropic, Features overviewAnthropic's Claude platform provides various technical features and infrastructure capabilities, such as citations, structured outputs, and prompt caching, designed to optimize model performance, cost, and verifiability.
With Citations, Claude can provide detailed references to the exact sentences and passages it uses to generate responses, leading to more verifiable, trustworthy outputs.
See Anthropic, Features overview.
Commentary
E.13 Skadden commentaryCompanies should update their procurement playbooks to address the unique legal, security, and intellectual property risks associated with integrating generative AI tools into their enterprise operations.
Playbooks should require counsel review to these terms together with the enterprise licensing agreement, and if possible, to negotiate so that such terms remain fixed or consent is required for material changes.
See Skadden, AI-focused procurement playbook refresh.
Vendor documentation
E.14 OpenAI, Morgan Stanley uses AI evals to shape the future of financial servicesFinancial institutions can successfully deploy generative AI tools by implementing rigorous evaluation frameworks, maintaining human oversight of automated outputs, and ensuring data privacy through strict retention policies.
Morgan Stanley met this challenge by implementing an evaluation (eval) framework to test every AI use case before deployment. Evals measure how models perform against real-world use cases and guide improvements, with expert feedback, at every step.
See OpenAI, Morgan Stanley uses AI evals to shape the future of financial services.
Commentary
E.15 Cursor, SecurityCursor maintains a security framework that includes regular third-party penetration testing, strict infrastructure access controls, and optional privacy modes that prevent model providers from retaining or training on user code data.
Infrastructure access is granted according to the principle of least privilege. We enforce multi-factor authentication, deploy cybersecurity tools, and monitor system logs and activity.
See Cursor, Security.
Commentary
E.16 Glean, Set up Glean with OpenAI GPT ModelsGlean allows customers to configure their own OpenAI accounts for billing and capacity management, unless they opt for the Glean Key service where Glean manages these resources.
customers hosted on GCP or AWS to configure Glean to use GPT models directly through their own OpenAI account for billing and capacity management.
See Glean, Set up Glean with OpenAI GPT Models.
Vendor documentation
E.17 Google Cloud Platform Terms of ServiceSupports the cited proposition. (Google Cloud Platform Terms of Service)
may log Customer prompts solely for the purpose of reviewing and determining whether a violation has occurred
See Google Cloud Platform Terms of Service.
Vendor documentation
E.18 OpenAI, Trusted access for the next era of cyber defenseOpenAI employs a risk-based framework for cybersecurity model deployment that balances broad access for legitimate defenders with identity verification and iterative, capability-scaled safeguards.
To enable responsible use at scale, we need systems that can validate trustworthy users and use cases in more automated and more objective ways.
See OpenAI, Trusted access for the next era of cyber defense.
Vendor documentation
E.19 Anthropic, Frontier Safety RoadmapAnthropic advocates for a risk-based regulatory framework for AI that scales oversight intensity with model capability, drawing parallels to the governance of high-stakes industries like nuclear energy and finance.
We believe the right framework is a regulatory ladder: requirements that scale with risk.
See Anthropic, Frontier Safety Roadmap.
Law-firm commentary
E.20 Debevoise & Plimpton commentaryPDFWhen drafting and negotiating generative AI contracts in the media industry, parties must carefully address license scope, use restrictions, data privacy, and risk allocation to manage the unique legal and operational challenges posed by GenAI technology.
Licensees must ensure that the license grant is broad enough to permit the full range of necessary activities for its intended GenAI development.
See Debevoise & Plimpton, Generative AI Contracting in the Media Industry.