Extend processes Customer Data only to execute the document-processing tasks you configure in our platform or APIs. We do not train any models on your data. Our foundation-model providers operate under Zero-Data-Retention (ZDR) terms. We have automatic data-retention policies tied to your billing tier. These can be configured, and you can also delete resources on-demand via our API. For stricter isolation, we can deploy in your cloud (BYOC).
Extend is HIPAA compliant and can support healthcare organizations that need to process protected health information (PHI). Our infrastructure, policies, and procedures are designed to meet HIPAA requirements, and we can execute Business Associate Agreements (BAAs) with covered entities and their business associates.
HIPAA compliance is available across all of our deployments. If you have HIPAA compliance requirements, please contact sales or reach out to us on Slack to discuss your needs.
Extend requires all foundation-model providers to operate under strict zero-retention terms (no storage of prompts or outputs) and no training on Customer Data. You can also allowlist/blocklist specific providers and models to match your risk posture.
We maintain automatic data-retention policies that vary by billing tier and can be configured to fit your policy. Many customers also choose to delete immediately after processing by calling our deletion endpoints:
For customers with heightened security or data-residency needs, Extend can be deployed inside your cloud tenant (or a private VPC) so Customer Data remains in your environment. This model provides strong network-level controls and isolation.
Contact sales to discuss BYOC deployment options or reach out to us on Slack.
For technical questions, check out our API documentation or contact support.