Compliant with global data protection and security frameworks
Cohere's SOC 2 Type I report covers the trust services categories of Security, Confidentiality, and Availability, and is audited annually.
General Data Protection Regulation (GDPR)
We comply with GDPR data retention requirements, and offer a data processing agreement (DPA) for customers in the EU.
California Consumer Privacy Act (CCPA)
We ensure policies, processes, and controls comply with CCPA requirements.
Health Insurance Portability and Accountability Act (HIPAA)
Cohere is HIPAA compliant, and is prepared and able to execute a standard Business Associate Agreement ("BAA"). To see if you qualify for a BAA, please contact a sales representative.
Built to secure your most sensitive data
Secure infrastructure provider
We host all of our data in physically secure Google Cloud facilities that include 24/7 on-site security, camera surveillance, and more. All customer data is hosted in data centers that are SOC 2, ISO 27001 and HITRUST compliant.
Data encryption in transit & at rest
All data sent to or from Cohere is encrypted using TLS, and all customer data is encrypted using AES-256. Data is only sent when a session is actively being viewed and is deleted right after, unless recordings are explicitly enabled. We use Cloudflare's geographic load balancer and regionally located servers in the Netherlands and UK to ensure that intra-European traffic never leaves Europe.
Data redundancy and resiliency
Cohere's infrastructure has been designed to be fault tolerant. All databases operate in a cluster configuration and the application tier scales using load balancing technology that dynamically meets demand.
Server security and monitoring
All servers are configured using a documented set of security guidelines and images are managed centrally. Changes to the company’s infrastructure are tracked, and security events are logged appropriately.