FAQ

Security

Does xAI train on customers' API requests?

xAI never trains on your API inputs or outputs without your explicit permission.

API requests and responses are temporarily stored on our servers for 30 days in case they need to be audited for potential abuse or misuse. This data is automatically deleted after 30 days.


Is the xAI API HIPAA compliant?

To inquire about a Business Associate Agreement (BAA), please complete our BAA Questionnaire. A member of our team will review your responses and reach out with next steps.


Is xAI GDPR and SOC II compliant?

We are SOC 2 Type 2 compliant. Customers with a signed NDA can refer to our Trust Center for up-to-date information on our certifications and data governance.


Do you have Audit Logs?

Team admins are able to view an audit log of user interactions. This lists all of the user interactions with our API server. You can view it at xAI Console -> Audit Log.