This page outlines Vellum’s approach to data storage, encryption, and privacy, addressing common questions about how your data is handled within the platform.
Vellum stores all interactions (prompt executions, workflow executions, etc.) in your account to enable:
These interactions are accessible through the respective monitoring tabs in Prompt Deployments and Workflow Deployments, allowing you to review past executions, filter by various parameters, and analyze performance trends.
By default, interaction data is stored indefinitely. However, Enterprise customers can configure data retention policies to automatically delete monitoring data after a specified period (30, 60, 90, or 365 days) to comply with their internal data governance requirements.
When you execute a prompt or workflow:
Vellum does not send your interaction data to LLM providers for any purpose other than generating the requested responses.
All data stored in Vellum, including documents in Document Indexes, is encrypted using AES-256 GCM encryption. This industry-standard encryption protocol ensures that your sensitive information remains secure both in transit and at rest.
Vellum implements multiple layers of security:
Vellum does not send your interactions or feedback to LLM providers for training purposes. Your data is used only for:
When you submit “Completion Actuals” through the Completion Actuals API, this feedback is stored in your account for your own quality monitoring purposes and is not used to train or fine-tune LLMs.
Vellum maintains SOC 2 Type 2 compliance and is HIPAA compliant, demonstrating our commitment to security, availability, and confidentiality. Our security practices are regularly audited to ensure they meet industry standards and healthcare data protection requirements.
For more information about Vellum’s security practices or compliance certifications, please contact your account representative or email support@vellum.ai.