firebase / genkit

An open source framework for building AI-powered apps with familiar code-centric patterns. Genkit makes it easy to develop, integrate, and test AI features with observability and evaluations. Genkit works with various models and platforms.
Apache License 2.0
781 stars 117 forks source link

Firebase Genkit privacy policy ? #849

Closed agGitHub closed 2 months ago

agGitHub commented 2 months ago

Hello,

I dont' manage to find details concerning the Firebase Genkit privacy policy. Namely, I don't manage to know how input and output data is used by Google. Is input or output data used by Google for marketing purposes or for training the models ? Any retention of the data ? etc....

Thanks.

MichaelDoyle commented 2 months ago

Hey @agGitHub Terms of Service (ToS) is going to vary by model and/or provider. You'll need to refer to the model provider's specific terms. Here are the policies for the Google providers:

agGitHub commented 2 months ago

@MichaelDoyle Thanks for your answer. What about the privacy when using for example Groq through a GenKit plugin ? https://github.com/TheFireCo/genkit-plugins/blob/main/plugins/groq/README.md

MichaelDoyle commented 2 months ago

The same principle applies; any data sent to a 3rd party would be subject to the terms of that specific service provider (in this case Groq).

agGitHub commented 2 months ago

@MichaelDoyle Thanks for your reply. Not clear in my mind: if I use Groq plugin, Groq terms apply => ok. But do Google AI, Firebase GenKit, Google Gloud or more general Google terms apply ? Does Google use the data for marketing or Ai training purposes ? Thanks.

MichaelDoyle commented 2 months ago

Hey @agGitHub, I can't give you specific legal advice, but I will address your question as best as I can. You should consult with your available legal council and/or refer you to each products specific ToS for more information on how data is or isn't used.

The TL;DR, though, is that no data is going to pass through Google services specifically on their way to Groq. i.e. we are not proxying these requests, so there are no Google terms that would apply to your usage of Groq specifically.

The complexity here is that you will likely be building an application composed of many parts (i.e. plugins) and each will come with their own separate ToS. For example, you might use Firebase for the "trace" store, Pinecone for a vector store and Google AI for your generative AI model. In that case, your interactions with each of those would have separate terms. You would need to sign up specifically for each service individually and accept it's terms before you can integrate it. Genkit is not in the middle of that at all. For example, you would need to accept Google AI's terms before you can get an API key, and then you would provide that API key in your configuration.

The way to think about this is exactly the same as if you went and separately downloaded the Firebase, Pinecone and Google AI SDKs and integrated all of these into your application on your own, without Genkit's help.

Keep in mind, Genkit is an open source code library. It's just there to help you compose various services together through standardized interfaces. For example, models, vector stores, etc. The Genkit library itself does not collect any data, and it's totally possible and reasonable to use Genkit without interacting with any Google services at all if you choose.

pavelgj commented 2 months ago

@MichaelDoyle explained it well. Just want to highlight the bit at the end which is the most important part: Firebase Genkit is a library (code that you use in your app code), it's a not a hosted service. So when you're interacting with Firebase Genkit library itself it's all happening in your code wherever you run it, Firebase/Google does not handle/see your data. Plugins are different, they might be sending your data to a 3P service (ex. vertexai plugin send data to vertexai, groq plugin sends data to groq, etc.)