What is actually stored?

Structural data only: token counts, latency, model identifiers, masked entity types. No prompt or response bodies.

Does zero retention apply to the provider too?

It applies to Privian. Whether the provider retains data depends on their terms and your account configuration with them.

How is zero retention verified?

By auditing the storage layer and the observability pipeline. The gateway has no code path that writes prompt or response bodies to durable storage.

Glossary

What is zero retention?

Zero retention is a guarantee that raw prompts and responses are never persisted — only structural counters are kept.

Definition

Zero retention — short definition

Zero retention: Zero retention is a guarantee that raw prompts and responses are never persisted — only structural counters are kept.

Why it matters

Why this matters

Most data-exposure incidents around LLMs are storage incidents — logs, traces or backups containing prompt bodies. Zero retention eliminates that class of risk by design.

How it works

Step 1
In-memory only
Prompts and responses live in the request lifecycle, not in durable storage.
Step 2
Structural metrics
Token counts, latencies and masked entity types are captured instead of bodies.
Step 3
Auditable pipeline
The observability sink rejects any payload that includes raw bodies.

Related concepts

Implementation

Learn how this works in Privian

From definition to implementation, docs and architecture — the same idea at different layers.

FAQ

Frequently asked questions

What is actually stored?: Structural data only: token counts, latency, model identifiers, masked entity types. No prompt or response bodies.
Does zero retention apply to the provider too?: It applies to Privian. Whether the provider retains data depends on their terms and your account configuration with them.
How is zero retention verified?: By auditing the storage layer and the observability pipeline. The gateway has no code path that writes prompt or response bodies to durable storage.