Stereos
Stereos
Blog

Zero data retention: What it is, and why it's more effective than policy

Stereos
StereosTeam · February 25, 2026 · 6 min read
Zero data retention: What it is, and why it's more effective than policy

The Gap Between Policy and Architecture

Most enterprise AI usage policies share a structural flaw: they regulate employee behavior at the endpoint, but say nothing about what the AI provider does with the data after it arrives. You can prohibit employees from pasting sensitive documents into ChatGPT. You can require legal sign-off before using AI on client materials. You can run annual training on data classification.

None of that controls whether OpenAI's abuse monitoring system logs your prompts for 30 days. None of it prevents Anthropic from retaining a conversation flagged by a safety classifier. The policy lives in your employee handbook. The data lives on someone else's infrastructure.

Zero data retention is the architectural answer to this gap — and it is significantly more durable than policy language alone.

What Zero Data Retention Actually Means

Zero data retention (ZDR) is a provider-level commitment that your inputs and outputs are not stored after the API response is returned. Under a ZDR arrangement, data is processed in real time and immediately discarded — no logging, no storage of prompts or model outputs, no access by human reviewers.

This is distinct from what most AI providers do by default. OpenAI, for example, retains abuse monitoring logs for up to 30 days for all API usage unless a customer has a ZDR agreement in place. Anthropic's commercial data retention policy similarly retains inputs and outputs for a defined period under standard terms.

With ZDR in place, the moment the response leaves the provider's servers, your data is gone from their systems — subject to limited exceptions for legal compliance and abuse detection.

ZDR Is an Enterprise Feature — and You Have to Ask for It

This is where most security teams are caught off guard: zero data retention is not enabled by default at any major AI provider. It is an enterprise-tier feature that requires a formal request, eligibility review, and in most cases an approved commercial agreement. If you have not explicitly requested and been approved for ZDR, your organization is operating under standard retention terms regardless of what your internal AI usage policy says.

OpenAI

OpenAI's zero data retention offering is available to API customers in regulated industries — healthcare, finance, and similar sectors with strict data privacy requirements. To request it, organizations must contact OpenAI's sales team directly and receive formal approval. There is no self-serve option in the API dashboard. Once approved, the store parameter is permanently treated as false for your organization, regardless of how individual API calls are configured. Background mode is incompatible with ZDR. OpenAI's enterprise privacy documentation describes the full scope of commitments.

Anthropic

Anthropic's ZDR applies to commercial API customers who have an arrangement in place — it does not apply to Claude.ai consumer plans, Claude for Work, or Claude for Enterprise product interfaces. Under a ZDR arrangement, Anthropic's commitment is that inputs and outputs are not stored after the API response is returned, except where required by law or to combat misuse. Anthropic retains User Safety classifier results even under ZDR to enforce their Usage Policy — a carve-out worth noting in any compliance documentation.

The full list of what is and is not covered is more nuanced than most security teams realize. Anthropic publishes a detailed ZDR eligibility table that breaks this down by endpoint.

What ZDR Covers — and What It Doesn't

Understanding the boundaries of ZDR is as important as understanding what it covers. The eligibility rules are more specific than the high-level description suggests.

What’s covered at Anthropic

  • Messages API (/v1/messages) — standard Claude API calls

  • Token Counting API (/v1/messages/count_tokens)

  • Claude Code — when authenticated with a commercial organization API key (not OAuth/enterprise seats)

  • Web Search, Web Fetch, Memory Tool — real-time tools that return results without storing them

What’s NOT covered at Anthropic

  • Batch API — asynchronous processing requires storage; 29-day retention applies

  • Code Execution tool — container data retained up to 30 days

  • Files API — files are retained until explicitly deleted

  • Console and Workbench — ZDR only applies to the API, not the web UI

  • Claude consumer products — Claude Free, Pro, Max, Claude.ai web/desktop/mobile — not covered regardless of any enterprise agreement

  • Beta features — unless explicitly specified in your contract

The full product coverage details are published by Anthropic and worth reading carefully before assuming your use case is covered.

Why ZDR Is More Effective Than Policy

A usage policy operates through accountability: employees acknowledge it, violations can trigger consequences, and auditors can verify it exists. But the mechanism of protection is behavioral — you are relying on employees to follow the policy, every time, under time pressure, with tools they find genuinely useful.

Zero data retention operates through architecture. Once a ZDR arrangement is in place and your team is routing API calls through approved infrastructure, the provider's systems are technically configured not to retain your data. There is no employee decision point. There is no behavior to enforce. The constraint is built into how the system works.

This distinction matters enormously for regulated industries. A policy document satisfies the checkbox. An architectural control — ZDR combined with gateway-enforced routing — satisfies the underlying intent. The difference is what you can actually defend in an incident or audit.

The Critical Dependency: ZDR Only Works for Approved API Traffic

Here is the limitation that most ZDR discussions gloss over: zero data retention only applies to API calls made through your approved, ZDR-enabled credentials. It does not apply to an employee who opens a browser and uses Claude.ai directly. It does not apply to a developer who pastes their personal ChatGPT Plus account into a workflow. It does not apply to any of the Shadow AI activity that is almost certainly happening in your organization right now.

ZDR is a provider commitment scoped to a specific authentication surface. If your employees are not using that surface — if they are using unapproved tools or direct consumer accounts — your ZDR arrangement is protecting exactly zero of those interactions.

This is why ZDR and AI gateway infrastructure are complementary, not interchangeable. ZDR ensures the provider does not retain your data for approved API usage. A private AI gateway ensures that approved API usage is the only path your organization takes.

How to Get ZDR Directly From a Provider

The process is straightforward but requires initiating it — it will not happen automatically.

  1. Contact the provider’s sales team. For both OpenAI and Anthropic, ZDR requires direct engagement. There is no dashboard toggle. You need an enterprise conversation.

  2. Establish your eligibility. ZDR is most readily approved for regulated industries — healthcare, financial services, legal, government. Have your compliance or legal team document why ZDR is a requirement for your organization.

  3. Get it in writing. ZDR should be reflected in your commercial agreement with the provider, not just a verbal assurance. Your legal team should review the specific language before you represent it as a control to auditors.

  4. Enforce routing at the infrastructure level. Once ZDR is in place, ensure all AI API traffic in your organization flows through credentials covered by the agreement. A private AI gateway is the practical mechanism for this — it gives you a single enforcement point where you can confirm that ZDR-eligible endpoints are the only path to the model.

  5. Audit regularly. ZDR arrangements need to be reviewed when you add new AI tools, when providers update their eligibility tables, or when your own usage patterns change. Build a quarterly review into your security program.

Skip the Enterprise Agreement: ZDR-by-Default With Stereos

The process above describes how to get ZDR directly from OpenAI or Anthropic — which is the right path for large enterprises with procurement teams, legal bandwidth, and existing commercial relationships. But most organizations are not there yet. Enterprise ZDR agreements take months to negotiate, require demonstrating eligibility, and are scoped to a single provider's terms. If you are using multiple models, you need a separate arrangement with each one.

Stereos takes a different approach. Every gateway provisioned through Stereos is ZDR-by-default. Your organization does not need a separate enterprise agreement with OpenAI or Anthropic to get the architectural protection that ZDR provides. The gateway is built so that no prompt or response data is stored beyond what is needed to return the API response — the same core guarantee, enforced at the infrastructure layer rather than through a provider-specific legal negotiation.

This matters for a few reasons:

  • Speed. A Stereos gateway can be provisioned in minutes on a 14-day free trial. An enterprise ZDR agreement with a provider can take months.

  • Provider flexibility. Because ZDR is enforced at the gateway layer, it applies regardless of which underlying model you are routing to — OpenAI, Anthropic, or others. You do not need a separate agreement with each provider.

  • Organizational scope. All traffic through the gateway inherits ZDR behavior uniformly. There is no per-project configuration to manage and no risk of a misconfigured key falling back to standard retention.

  • No eligibility review. Provider ZDR programs gate access based on industry and contract size. Stereos does not require you to prove you are in a regulated industry before giving you data protection defaults that should be standard anyway.

For organizations that need ZDR protection today — without waiting on an enterprise procurement cycle — Stereos is the practical path. The gateway also gives you the OTEL observability layer on top, so you get full visibility into what is flowing through it while retaining none of the underlying prompt data.

The Bottom Line

Zero data retention is one of the most concrete data protection controls available for enterprise AI usage — and it is underused because most security teams do not know it exists, or assume it is on by default. It is neither.

If your organization is handling sensitive data through AI APIs, ZDR should be on your security roadmap. The question is only which path to get there: a direct enterprise agreement with each provider, or gateway infrastructure that makes ZDR the default for all of your AI traffic from day one.

A policy tells people what to do. Architecture ensures it actually happens.

Stop writing policies.
Start giving access.

Give your team the freedom to use the AI tools they love, while your security team gets full visibility and control — without the policy wars.

Schedule a demo