Registry / Retention / ZDR
Which AI providers offer zero data retention?
Documented retention windows and zero-data-retention options, including whether ZDR is default, configurable, or approval-gated. The cell answers: Is retention documented, and is zero-data-retention available? Statuses below are evidence grades, not endorsements, “no public evidence” means we could not verify it from public sources, not that the answer is no.
Retention is publicly documented: abuse-monitoring logs kept up to 30 days by default (longer if required by law); application state varies by endpoint (e.g. conversations/threads kept until deleted). Zero Data Retention excludes content from abuse-monitoring logs but is "subject to prior approval by OpenAI", it is NOT the default and must be requested, approved, then configured per organization/project.
Retention is documented: standard inference is stateless, but flagged prompts/completions may be stored in a per-geography abuse-monitoring data store for human review; stateful features (Responses/Assistants APIs, stored completions, files) persist data until customer deletion. The ZDR-equivalent is "modified abuse monitoring": customers meeting Limited Access eligibility criteria (in practice managed/enterprise customers) apply via a Microsoft form; once approved, prompt/completion storage and human review are turned off (automated in-flight review still runs, without storage). CAUTION: the widely cited 30-day abuse-monitoring retention figure no longer appears on the current data-privacy or abuse-monitoring pages as fetched 2026-07-05; only Microsoft Q&A answers state it, so no retention_days fact is recorded.
Retention is documented per-feature in public API docs: conversation content is not retained by default, feature-specific TTLs are listed, and safety-flagged content may be kept up to 2 years even under ZDR. ZDR is available but sales-gated: "To request a ZDR arrangement, contact the Anthropic sales team", enabled per-organization by the account team (new orgs need separate enablement). Gating nuance: Claude Fable 5 and Mythos 5 are Covered Models requiring 30-day retention and are NOT available under ZDR (requests 400 unless a workspace-level 30-day retention override is configured). Stateful features used under a ZDR org step outside the ZDR arrangement.
Retention is thoroughly documented, hence not a clean "yes". Bedrock's baseline is zero data retention and zero operator access, inputs/outputs are not stored by default, and older Claude models keep that behavior. But Claude Fable 5 and Claude Mythos 5 are gated on data_retention_mode=provider_data_share: prompts/completions are retained up to 30 days and shared with Anthropic for abuse detection and potential human review (per abuse-detection page). Customers can enforce org-wide ZDR via SCPs, and eligible customers may request full ZDR on those models through their AWS account team (per-account, per-model approval with the model provider), that approval path is why route=sales_contract and default=requires_config. Availability tier is self_serve for the controls themselves.
Retention is documented - by default Vertex AI caches generative AI inputs/outputs for up to 24 hours in the serving data center to reduce latency; customers can disable caching at the project level to achieve zero data retention. Optional request-response logging (e.g. 30-day retention, stored in the customer's project) is off by default. The 24-hour caching documentation is written primarily for Google foundation models; for Claude partner models, Anthropic-style prompt caching is an explicit per-request opt-in, but the project-level ZDR configuration is the documented control. ZDR requires configuration - it is NOT the default (hence default: requires_config).
Retention is documented in detail and zero data retention is achievable, but requires configuration: (1) Gemini models cache inputs/ outputs in-memory (not at-rest) with a 24-hour TTL by default, disableable at the project level; (2) abuse-monitoring prompt logging applies to customers on standard GCP ToS, a ZDR exception can be requested (not applicable on invoiced billing per Google's docs); (3) request-response logging is disabled by default; (4) Grounding with Google Search/Maps stores prompts and outputs for 30 days and cannot be disabled, Google recommends Web Grounding for Enterprise for ZDR; (5) some Advanced AI features (Advanced AI Safety Addendum) may preclude ZDR.
Platform default is documented as zero data retention (Bedrock "does not store model inputs or outputs" by default) and zero operator access. Exceptions are model-specific and documented: OpenAI GPT-5.4/5.5 classifier-flagged traffic retained up to 30 days for abuse detection; Anthropic Claude Fable 5 (and Mythos 5) require opt-in provider_data_share, with prompts/completions retained up to 30 days and shared with Anthropic for abuse detection/potential human review. Retention is configurable per account/project via data_retention_mode (none = guaranteed ZDR; retention-requiring models are blocked under it) and enforceable via IAM/SCP condition keys. ZDR access to retention-requiring models is per-account, per-model via the AWS account team (requires_approval for that subset). With cross-region inference, retained data is stored in the destination region.
Retention is publicly documented (30 rolling days for stateless API abuse monitoring). ZDR exists but is gated: Scale plan only, request via support with justification, approved at Mistral's discretion, and covers only stateless endpoints, stateful features remain out of ZDR scope even after approval. Approved status is visible in Admin Console Privacy settings.
For serverless API deployments Microsoft documents that models are stateless and store no prompts or outputs; content filtering, if enabled, is real-time screening. No Azure-OpenAI-style abuse-monitoring retention window is documented for third-party serverless models. Fine-tuning data is stored in the customer's datastore with encryption at rest (optional CMK) and is deletable at any time. Statement covers the serverless/Foundry Models route; managed-compute deployments are customer-managed infrastructure.
Retention is publicly documented: logged prompts and generations are automatically deleted after 30 days (exceptions for legal requirements and flagged misuse). Zero-data-retention exists but is restricted - "we only allow ZDR for enterprise customers who can make additional commitments about their usage" - so ZDR is enterprise/sales-gated and not a self-serve configuration.
Platform-level (AWS Bedrock). Retention is documented and a zero-data- retention mode ('none') is configurable at account or project level via API; under 'default' mode AWS may retain data for abuse detection. requires_config: new accounts default to 'inherit' (model default), so ZDR must be explicitly set. Cohere models' allowed_modes are not publicly enumerated in the docs (only Anthropic examples are shown), confidence medium on Cohere-specific ZDR eligibility; Cohere models are not listed among models requiring provider_data_share.
Retention is documented in detail. Bedrock's data-retention page states there is "no data retention change to models released before Claude Fable 5", all Bedrock Llama models predate that, so the prior zero-retention baseline (prompts/completions not stored) continues to apply, and customers can additionally set data_retention_mode: none at account or project scope and enforce it org-wide via SCPs for guaranteed ZDR. The provider_data_share gate applies to certain Anthropic models, not Llama. Confidence medium because Llama models' per-model allowed_modes are not publicly enumerated, and under "default" mode AWS notes it may retain data for safety/abuse-detection purposes; opt-in features (e.g. model invocation logging) also create customer-controlled retention. If cross-region inference is enabled, any retained inputs/outputs are stored in destination regions.
For serverless API deployments Microsoft states: "Models are stateless, and they don't store any prompts or outputs", i.e., zero retention of inference content is the documented default, no configuration or approval required. Content filtering (Azure AI Content Safety), when enabled, screens prompts/outputs "in real time". Uploaded fine-tuning data is stored in the customer's datastore until deleted (customer-controlled). Confidence medium because the docs do not spell out ancillary logging (e.g., abuse-monitoring or diagnostic retention) for this deployment mode the way Azure OpenAI docs do.
Default retention is publicly documented: "API requests and responses are temporarily stored on our servers for 30 days" before automatic deletion. "Zero Data Retention (ZDR) is an enterprise feature that prevents xAI from storing any API request or response data" and is "exclusively available to enterprise accounts", hence yes_sales_gated: retention is documented publicly, but ZDR requires an enterprise relationship and is not on by default.
Retention is addressed only in general terms: "We retain Personal Data for as long as necessary to provide our Services and for the other purposes set out in this Privacy Policy." No numeric retention periods are published, and no zero-data-retention option, retention configuration, or enterprise ZDR channel was found in the Open Platform Terms of Service or API documentation. Graded partial because retention is documented (vaguely) but ZDR has no public evidence.
Zero data retention is the documented default for open models: prompt and generation data "exist only in volatile memory for the duration of the request" and are not written to persistent storage without explicit opt-in. The public DPA makes this contractual when the service is used in its Zero Data Retention configuration. Exception: the Responses API stores conversation state for 30 days when store=true (that API's default), set store=false for strict ZDR. Confirm your integration path stays within the ZDR configuration.