What 'Never Trained on Your Data' Means Technically
"We don't train on your data" appears on many landing pages; it deserves to mean something specific. Here is what it means in idapt's architecture, stated concretely enough to hold us to.
No training, in both directions
Your content (chats, files, agent memory) is never used to train models: not ours, and not passed to providers for theirs on our platform lanes. The same stance faces outward: the public site blocks AI training crawlers in robots.txt, because a company asking models not to train on your data should extend the courtesy it asks for.
Isolation is enforced by the database
Access control is not an application-layer habit; row-level security policies in the database enforce that a request sees only rows its identity may see. The application cannot forget to filter, because the data layer refuses unfiltered access. Workspace membership and roles (team workspaces) define reach; agents act under the same policy regime with their own principals, never as ambient superusers.
Keys and secrets
Provider keys and stored secrets live in an encrypted vault: encrypted at rest, injected at use, never logged, never echoed back. BYOK traffic additionally inherits whatever data agreements your own provider account carries: for some organizations that contractual position is the point.
The lane that beats every policy
Policies bind organizations; physics binds everyone. Local inference runs models on your hardware: prompts served locally are never transmitted, and every reply attributes where it ran so the claim is checkable per message. For the most sensitive work, "never leaves the machine" is a stronger sentence than any privacy policy, ours included.
Production hygiene
Application logs treat user content as radioactive: operational events log identifiers and durations, not your words. Public marketing pages state only claims tied to shipped behavior, which is why this post names mechanisms rather than adjectives.
The privacy page tracks the full data path in plain language, and it is reviewed like the legal document it summarizes. If a claim there ever drifts from the code, that is a bug, and we treat it as one.
Found this helpful? Share it: