Security

Last updated: Oct 14, 2024

At LlamaGen.AI, we prioritize the security and privacy of your data. This page outlines our comprehensive approach to safeguarding your information and ensuring the integrity of our AI-powered platform.

If you discover a potential security vulnerability, please report it immediately to our dedicated security team at security@llamagen.ai.

For any security-related inquiries or concerns, please contact us at security@llamagen.ai.

While LlamaGen.AI is trusted by several large organizations, we are continuously enhancing our security measures and expanding our capabilities. We recommend that users in highly sensitive environments carefully evaluate the use of LlamaGen.AI, as with any AI tool. This page provides transparency into our current security posture and ongoing improvements to help you make an informed risk assessment.

Certifications and Third-Party Assessments

LlamaGen.Ai is in process of completing SOC 2 Type I (expected May, 2025). Please email security@llamagen.ai to request a copy of the report.

We commit to doing at-least-annual penetration testing by reputable third parties. Our first report is available as of May, 2025. Please email security@llamagen.ai to request a copy of the report.

Infrastructure Security

We depend on the following subprocessors, roughly organized from most critical to least. Note that data is sent up to our servers to power all of LlamaGen.Ai's AI features (see AI Requests section).

AWS

Sees data

:Our infrastructure is primarily hosted on AWS. Most of our servers are in the US, with some latency-critical servers located in AWS regions in Asia (Tokyo) and Europe (London).

Modal

Sees data

:Our custom models are hosted with Modal, the servers located in the continental USA,but we do run workers in Europe and Asia. Modal's control plane is hosted in Virginia.

OpenAI

Sees data

:We rely on many of OpenAI's models to give AI responses. Requests may be sent to OpenAI even if you have an Anthropic (or someone else's) model selected in chat (e.g. for summarization). We have a zero data retention agreement with OpenAI.

Anthropic

Sees data

:We rely on many of Anthropic's models to give AI responses. Requests may be sent to Anthropic even if you have an OpenAI (or someone else's) model selected in chat (e.g. for summarization). We have a zero data retention agreement with Anthropic.

Google Cloud Vertex API

Sees data

:We rely on some Gemini models offered over Google Cloud's Vertex API to give AI responses. Requests may be sent to Google Cloud Vertex API even if you have an OpenAI (or someone else's) model selected in chat (e.g. for summarization).

Replicate

Sees data

:We use Replicate for model deployment and management. Replicate's infrastructure is hosted on AWS and GCP.

Cloudflare

Sees no data

:We use Cloudflare as our CDN and web security provider.

Beam Analytics

Sees no data

:We use Beam Analytics for some of our analytics data, for users who do not have privacy mode enabled.

PostHog

Sees no data

:We use PostHog for logging and monitoring.

HighlightIO

Sees no data

:We use HighlightIO for logging and monitoring.

Axiom

Sees no data

:We use Axiom for logging and monitoring.

Slack

Sees no data

:We use Slack as our partner communication tool. .

Discord

Sees no data

:We use Discord as our internal communication tool. We may send snippets of prompts of non-privacy users in our internal chats for debugging.

Google Workspace

Sees no data

:We use Google Workspace for our email and collaboration tools.

Stripe

Sees no data

:We use Stripe for payment processing.

HashiCorp

Sees no data

:We use HashiCorp tools for infrastructure management.

Vercel

Sees no data

:We use Vercel for static site generation and deployment.

Lemonsqueezy

Sees no data

:We use Lemonsqueezy for payment processing and affiliate tracking, Lemonsqueezy was acquired by Stripe.

Trigger.dev

Sees no data

:We use Trigger.dev for background jobs.

upstash

Sees no data

:We use upstash for rate limiting and caching.

Client Security

LlamaGen.Ai takes client-side security seriously. We implement various measures to ensure the safety of your local environment:

End-to-end encryption for all communications between the client and our servers
Regular security audits of our client-side code
Automatic updates to patch any discovered vulnerabilities

AI Requests

To provide its features, LlamaGen.Ai makes AI requests to our server. This happens for many different reasons. For example, we send AI requests when you ask questions in chat, we send AI requests on every keystroke so that LlamaGen.Ai can make generations for you, and we may also send AI requests in the background for building up context or looking for bugs to show you.

An AI request generally includes context such as your recently viewed prompts or files, your chat history. This data is sent to our infrastructure on AWS, and then to the appropriate language model inference provider (OpenAI/Anthropic/Google/Replicate).

You own all the data generated by LlamaGen.Ai.

Account Deletion

You have full control over your account data:

You can request account deletion at any time
All associated data, will be permanently removed
Deletion process typically completes within 30 days

Vulnerability Disclosures

We appreciate responsible disclosure of security vulnerabilities:

Please report vulnerabilities through our email security@llamagen.ai
We commit to addressing critical vulnerabilities within 24 hours
A bug bounty program is available for eligible disclosures