Meta’s responsible innovation principles serve as the foundation for all our work. These principles are specifically crafted to protect people’s privacy so they feel empowered to explore, connect and engage with our products.Meta does not train its AI models on Llama API Customer Content or Customer Data.
•Customer Data comprises your account data, roles, and profile fields.
•Customer Content comprises both the inputs you submit to the model (prompts) and the outputs you receive based on your inputs (model responses).
Your Customer Content and Customer Data are used only:
Your Customer Content and your Customer Data are not used for any purposes other than those described in our permitted purposes. Customer Content and Customer Data are not used for personalization of consumer Meta Products or advertising, and personal data collected from the use of Llama API products is not used to personalize ads.Your Customer Content and Customer Data are logically separated except when shared to enforce the AUP, to facilitate payments, or to comply with other legal or regulatory requirements. Your Customer Content and Customer Data are always stored subject to strict access controls, and Meta will not sell any customer or user data as defined in the Terms of Service.
Encryption
All data transmitted between Llama API and backend servers is encrypted with the industry-standard TLS 1.2 and TLS 1.3 protocols.Meta encrypts Customer Content and specific Customer Data when it is stored at rest, except in limited circumstances as described below. We encrypt your data at rest before it is persisted in storage. Specifically, this data is encrypted at rest using strong symmetric encryption algorithms such as ChaCha20-Poly1305 (XChaPoly) and AES-GCM.All Customer Content–see examples below–is encrypted when it’s stored at rest, except when required to comply with legal obligations. Examples:
•API “inputs” or “prompts”
•API “outputs” or “responses”
•Parameters that are added in API code, including configuration parameters
The specific Customer Data listed below are encrypted when stored at rest, except (i) when required to comply with legal obligations, (ii) to ensure adherence to our Acceptable Use Policy, or (iii) when customers submit this information to interact with customer support.
•User profile/account information:
•Name
•Role/Permission
•Location
•Mobile phone number, except when used to send an SMS message to the person
•Email address, and email addresses of invited collaborators except when used to send an email notification to the person
•Date of birth
Payment Data
Meta processes all payment card data according to the Payment Card Industry Data Security Standard (PCI-DSS). Payment card numbers are securely stored, encrypted at rest, and stored separately from your profile data. The data provided to facilitate payments within Llama API is used only to provide billing services and is never used for personalization of consumer Meta Products or advertising.
Meta’s investments in Security
Meta performs regular security and vulnerability testing to assess whether key controls are properly implemented and effective. Meta has a vulnerability management program that includes definition of roles and responsibilities, dedicated ownership of vulnerability monitoring, vulnerability risk assessment and patch deployment.Meta’s security team is responsible for the detection, triage and remediation of vulnerabilities in Meta’s hardware and software. Meta leverages various tools to detect security bugs in its code base, as well as in open-source and third-party code, in order to mitigate or fix security bugs before they make it into shipped Meta’s products and impact our customers.Llama API benefits from Meta’s commitment to the security of your data which manifests through the monitoring, controls and measures we have in place to pre-empt or respond to security risks.
Managing the security lifecycle
Finally, Meta has established and will maintain an Information Security Management System (ISMS) designed to implement industry-standard information security practices. Meta’s ISMS is designed to protect against unauthorized access, disclosure, use, loss or alteration of Customer Data.Meta has a security incident response plan for monitoring, detecting and handling possible incidents. The plan includes the definition of roles and responsibilities, communication protocols and post mortem reviews, including root cause analysis and remediation plans. Meta monitors the service for any security breaches and malicious activity. The monitoring process and detection techniques are designed to detect security incidents according to relevant threats and ongoing threat intelligence.
Meta partners with and serves respected businesses around the world.
Meta is a trusted partner to many organizations around the world. Our customers trust us because they benefit from Meta’s heavy investments in security technology, resilient infrastructure, policies and processes–investments necessary to protect the data of billions of people worldwide using Meta’s products and services.