6 comments

  • snailshare 2 hours ago

    Our take has been that if you are working with one of these large companies, you cannot expect anything to be private. We've worked with a smaller more focused product where we were able to negotiate the necessary controls

      pradeep1177 2 hours ago

      And what are those necessary controls?

        snailshare 26 minutes ago

        Either it needs to run on our hardware, or we need explicit contractual guardrails around use of the data for their purposes. Obviously anything you give Anthropic etc. is going into their training pipeline for instance, and they change their terms of use every week so it's impossible to work with as a small company with no leverage

  • toomuchtodo 2 hours ago

    Sign an enterprise agreement that speaks to data retention and destruction requirements. Part of what you pay for is to shift the liability to the inference vendor.

      pradeep1177 2 hours ago

      These data retention contracts are black boxes; you never know how your IP was leaked, and it could end up in the model's training data. It's like trusting META with your privacy settings.

        toomuchtodo 2 hours ago

        A contract satisfies our infosec program and cyber insurance requirements, confirmed by a corporate legal team. Our role is to manage enterprise risk and potential exposure within our risk appetite, not eliminate it.

        (already minimizing sensitive data storage and transit whenever possible, as an entity operating in a regulated industry)