Upstage

Non-compliantapi providerdevelopers.upstage.ai ↗

API Docs ↗Report a change

GDPR Compliance

EU-only data residency

Inference stays in EU

Data Processing Agreement

No training on customer data

Opt-out available

Standard Contractual Clauses

Adequacy decision (HQ country)

No Training

Data Handling

Regions

KR, US, CY

Upstage is headquartered in South Korea and its privacy policy discloses hosting with Amazon Web Services plus overseas transfers to U.S.-based inference providers Fireworks.ai, FriendliAI, Tavily, and RunPod; it also lists LearnWorlds in Cyprus for AI Education. No EU-only processing option or EU region guarantee was found in primary sources. Upstage also offers on-premises deployment in a customer's own infrastructure.

Retention Policy

Privacy policy states: membership data is kept until account withdrawal, with email retained for 90 days after withdrawal; non-member service data is retained for 1 year unless deletion is requested sooner; service usage records/access logs/access IPs are retained for 3 months; transaction/consumer law records are retained 6 months to 5 years as required by law. For disclosed inference subprocessors Fireworks.ai, FriendliAI, Tavily, and RunPod, data is described as not saved after temporary use.

Additional Details

Upstage states on its AWS insurance partner page: 'no customer data is used to train our models.' The public privacy policy also says service improvement and research is a processing purpose, but no API-specific opt-out for such use was found.

Sub-processors

✓Disclosed ↗(includes EU entities)

Certifications & EU AI Act

Certifications

SOC2ISO27001ISO27701HIPAA

EU AI Act Status

monitoring

No explicit public claim of EU AI Act compliance was found in primary sources reviewed. Upstage markets security/compliance features and audit trails, but no formal EU AI Act statement was identified.

Verification

Last verified2026-04-11

Verified byAI-assisted draft (pending review)

Pricing tierfree tier

Sources

Notes

Upstage publishes a detailed privacy policy with a public list of subcontractors and overseas transfers, including several U.S.-based inference providers, so EU-only inference cannot be confirmed and data can leave the EU. No public DPA/AVV or SCC commitment was found in the primary sources reviewed. Upstage does publicly claim that customer data is not used to train its models, and it advertises SOC 2, ISO 27001/27701, and HIPAA-related compliance claims.

Models (1)

Model	Modality	Context	Input	Output
Upstage: Solar Pro 3 upstage/solar-pro-3	text	128K	$0.150	$0.600

← Back to all providers