Zero-training data policy: how MedStrato protects your competitive intelligence

When you upload a tender document to an AI procurement tool, that document contains some of your most sensitive competitive intelligence: product specifications, pricing strategies, regulatory filing details, and customer relationships. The question every procurement team should ask: does my data end up in the model?

The training data problem

Large language models learn from data. If an AI vendor uses customer data to train or fine-tune their models, your competitive intelligence becomes embedded in the model's knowledge — potentially accessible to future queries from other customers, including your competitors.

This isn't hypothetical. Several AI vendors have faced scrutiny for using customer data in training without clear disclosure. The risk is particularly acute in medical device procurement, where tender response strategies, pricing models, and regulatory approaches are genuine competitive differentiators.

What "zero-training" actually means

A genuine zero-training data policy has three components:

1. No model training: Customer data is never used to train, fine-tune, or improve AI models. The models that process your data today are the same models that would exist if you had never been a customer.
2. No cross-customer learning: Insights, patterns, or knowledge derived from one customer's data are never applied to another customer's queries. Your tender strategies stay in your tenant.
3. Contractual enforcement: The zero-training commitment is in the contract, not just the privacy policy. Privacy policies can change with a website update. Contracts require mutual agreement to modify.

How to verify a vendor's claims

Asking "do you use my data for training?" is step one. But the answer is often "no" even when the reality is more complicated. Dig deeper:

• "Do you use anonymized or aggregated customer data for training?" — Anonymization can be reversed. Aggregated data from a small industry (like medical device procurement) can reveal individual company strategies.
• "Do your API providers (OpenAI, Anthropic, etc.) use the data you send them?" — Many AI tools send data to third-party APIs. Those providers may have their own training data policies. Ask for documentation.
• "Can you show me the contract clause?" — If the no-training commitment isn't in writing, it doesn't exist.
• "What happens to my data after contract termination?" — Deletion timelines and verification procedures matter. "We delete it eventually" is not a policy.

MedStrato's technical architecture

MedStrato's zero-training guarantee is enforced at the architecture level, not just the policy level:

• Isolated processing: Each customer's data is processed in isolated compute environments. No shared state between tenants.
• No model persistence: AI inferences run on base models. No customer-specific fine-tuning or embeddings that persist between sessions.
• Retrieval-only architecture: We use RAG (Retrieval-Augmented Generation) — the AI retrieves information from your documents at query time. Your data stays in your document store, not in model weights.
• API provider agreements: Our agreements with AI infrastructure providers explicitly prohibit using our API traffic for model training. We can share these agreements on request.
• Data deletion: Upon contract termination, all customer data is deleted within 30 days. Deletion is verified and a certificate is provided.

The bottom line

Your tender documents contain years of competitive intelligence: which specs you can meet, which you can't, how you price against competitors, and where your regulatory portfolio is strong or weak. An AI tool that feeds this into a shared model is not a procurement tool — it's a competitive intelligence leak. Demand the zero-training guarantee in writing before uploading your first document.