NavigationContentFooter
Jump toSuggest an edit

Data, privacy, and security for Scaleway's AI services

Reviewed on 09 December 2024Published on 07 June 2024

Data security measures by Scaleway AI Services

Scaleway’s AI services implement robust security measures to ensure customer data privacy and integrity. Below is an overview of these practices.

Data usage policies

Scaleway’s Managed Inference services adhere to the following data usage policies:

  • Stateless models: Scaleway’s models do not retain any prompts or generated content after processing.

    • Prompts or completions are not stored within the model.
    • Data is not used for training, retraining, or improving the base models.
  • Data isolation: Customer data, including prompts, completions, embeddings, and training data, remains isolated and secure:

    • Data is not accessible to other Scaleway customers.
    • Data is not accessible to the creators of the underlying large language models (LLMs).
    • Data is not used to improve Scaleway or third-party products, services, or models.
  • Service control and hosting: Scaleway maintains full control over the Managed Inference service, hosting the LLMs on its infrastructure in Europe without interaction with third-party services.

Data storage policies

  • Customer Data: Inputs and outputs processed during inference are considered customer data. Scaleway does not log this data unless explicitly permitted by the customer through an opt-in feature, which is not yet available.

Data security measures

  • Hosting: Models deployed or consumed for inference are hosted in Europe within the data center region specified by the customer.
  • Encryption: All traffic between the customer and the inference service is encrypted using in-transit TLS encryption to ensure data protection during transmission.
  • Endpoint Security: Public-facing endpoints are secured with API key tokens.
  • Allowed IPs: Public endpoints can be configured to restrict access to specific IP addresses or IP blocks.
  • Virtual Private Cloud (VPC): The service can be hosted in a Virtual Private Cloud within private subnets. Access to the service can be restricted based on allowed IP ranges.
  • GDPR compliance: Scaleway’s AI services comply with the General Data Protection Regulation (GDPR), ensuring that all personal data is processed in accordance with European Union laws. This includes implementing strong data protection measures, maintaining transparency in data processing activities, and ensuring customers’ rights are upheld.
  • Extraterritorial law protection: As a European company, Scaleway’s AI services are not subject to extraterritorial laws such as the American Cloud Act. This means that customer data hosted in Europe is protected by European laws, which provide a high level of data sovereignty and security.

By integrating these compliance measures, Scaleway reinforces its commitment to providing a secure and legally compliant environment for AI services, aligning with the stringent data protection standards expected by our customers.

Was this page helpful?
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2024 – Scaleway