Data Policies

Introduction

At A4F, we are committed to providing a secure and transparent platform. This document outlines A4F's approach to data policies, how your data is handled when using our service, and your responsibilities as a developer, particularly concerning the data policies of the underlying LLM providers you access through A4F.

Our goal is to empower you with the information and tools necessary to make informed decisions about data privacy and compliance for your applications.

A4F's Data Handling

A4F primarily acts as a gateway or proxy, routing your API requests to the specific LLM provider and model you select. Our general data handling principles are:

• No Training on API Data (by A4F): A4F does not use the content of your API prompts or the completions generated by models for training our own models or for any purpose other than facilitating the API request to the end provider and providing you with usage analytics.
• Metadata Logging: We log metadata associated with your API requests for billing, monitoring, rate limiting, and to provide you with usage statistics on your dashboard. This metadata includes timestamps, model requested, token counts, status codes, and anonymized IP information for security.
• Optional Prompt Logging: As detailed in our Privacy Documentation, A4F does not store your prompts or responses unless you explicitly opt-in to prompt logging features (e.g., for debugging purposes if such a feature is offered).

End-Provider Data Policies

When you make an API request through A4F to a specific model (e.g., provider-X/model-name), your request data (including prompts and potentially other parameters) is transmitted to that underlying LLM provider (e.g., OpenAI, Anthropic, Google).

Each of these end-providers has its own distinct data usage, retention, and training policies. It is crucial that you, the developer, are aware of and comply with the terms of these end-providers.

Key aspects to look for in end-provider policies include:

• Whether they use API-submitted data for training their models.
• Options to opt-out of data usage for training (if available).
• Data retention periods.
• Data processing locations and security measures.

A4F provides links to the terms of service for many integrated providers in the Provider Routing documentation. We encourage you to review these directly.

Developer Responsibilities

As a developer using A4F, you are responsible for:

• Understanding End-Provider Terms: Familiarizing yourself with the data policies of any underlying LLM provider you choose to use via A4F.
• Informing Your Users: If your application processes end-user data through LLMs, you must ensure your own privacy policy and terms accurately reflect how their data might be handled by both your service and the LLMs you utilize.
• Implementing Controls: If you have specific data policy requirements (e.g., data must not be used for training), you need to implement logic in your application to select A4F provider prefixes that correspond to end-providers meeting those requirements.
• Compliance: Adhering to all applicable data protection laws and regulations (e.g., GDPR, CCPA) relevant to your application and your users.

Tools & Strategies for Policy Alignment

A4F facilitates access; data policy compliance primarily involves your choices and application logic:

• Explicit Provider Routing: The most direct way to align with specific data policies is to use A4F's provider prefixes (e.g., provider-1/model-name) to route requests only to end-providers whose policies meet your needs. For detailed guidance on implementing this, see our Data Policy Filtering guide.
• Model Selection: Choose models from providers known to offer favorable data terms (e.g., zero data retention options, clear opt-outs from training). Our Models page aims to provide relevant information and links.
• Conceptual API Features (Future): A4F may explore future API parameters or account settings to help manage data policy preferences more directly. Any such features would be officially documented. Currently, control is via explicit provider selection.

Data Security at A4F

A4F employs industry-standard security measures to protect the data transiting our platform and the metadata we store. This includes:

• Encryption in transit (HTTPS/TLS).
• Secure handling of API keys.
• Regular security assessments and updates.

However, the overall security of your data also depends on the security practices of the end-providers you choose and your own application's security.