Almost every AI vendor now says it does not train on your data. It is a good promise. The question worth asking is whether it is a contractual setting that could change, or an architectural fact that cannot.
Policy versus architecture
A policy is a commitment in a contract: 'we will not use your data to train shared models.' It can be honoured perfectly and still leave you exposed if the policy changes, the company is acquired, or a setting is misconfigured.
An architecture removes the possibility. If your data is processed on infrastructure you control and never leaves it, there is no shared training pipeline for it to enter in the first place.
Where Pryvan draws the line
Pryvan never trains its models on your data, and the deployment model is built so it cannot. Your prompts and documents stay in your EU-hosted workspace.
Training your own model is a separate, opt-in path: your data fine-tunes a private model that only you can use, on EU compute, isolated from every other customer. Your data trains your model, never ours, and never anyone else's.
The test to apply
Ask any vendor: not 'do you train on my data' but 'could you, technically, if you wanted to'. The answer tells you whether you are relying on a promise or on physics.