Frequently Asked Questions (Enterprise)

This page is designed to address questions from business or enterprise customers. If you’re an individual customer, please refer to our Consumer FAQ.

---

Does xAI train its models using customer data?

No. We do not use your enterprise or API data, inputs, or outputs for training our models.

---

Who owns inputs and outputs?

As between our enterprise customers and xAI, the customer retains all rights to the inputs they provide and any output they receive from our services, to the extent permitted by law.

---

What security measures does xAI use to protect customer data?

Security measures are outlined in Appendix 2 of our Data Processing Addendum (DPA).

---

Does xAI support customers with compliance with the GDPR and other privacy laws?

Yes, we execute a Data Processing Addendum (DPA) with customers for their use of our enterprise services. This DPA is automatically incorporated into our Enterprise Terms of Service.

---

Is xAI HIPAA compliant?

As of September 2024, Grok for enterprise cannot support HIPAA workloads. If your organization must ensure compliance with HIPAA, do not use our enterprise services.

---

Does xAI review customer data?

We may run customer data submitted to xAI's enterprise services through automated content classifiers and safety tools, including to better understand how our services are used. The classifications created do not contain any of the customer data itself.

---

For how long is customer data retained?

All conversations are automatically deleted within 30 days, unless we are legally required to retain them or they are flagged as potentially violating our Terms of Service or AUP.