Data Handling Practices
This page defines exactly what data Stereos processes, what it deliberately does not store, and how all data is protected. We prioritize data minimization.
Zero Data Retention — Enabled by Default
Every customer's AI Gateway is provisioned with zdr: true. Cloudflare does not log, store, or retain prompt or response content. This is not opt-in — it is the default for all Stereos customers.
Data We Process
- •LLM API usage metadata (model, provider, token counts, latency)
- •Spend data and per-key/per-team attribution
- •User account information (name, email, role)
- •OpenTelemetry traces from integrated developer tools
- •DLP event metadata (topic, severity, matched profile names)
- •Gateway key configuration and budget rules
Data We Do Not Store
- ✕LLM prompt content (prompts are not logged by default)
- ✕LLM response content (responses are not logged by default)
- ✕Full credit card or payment instrument details
- ✕Personally identifiable information beyond account fields
- ✕Raw telemetry payloads beyond span metadata
Data Retention Policy
Account data is retained for the duration of your active subscription. Upon account deletion, personal data is removed within 30 days. Anonymized, aggregated metrics may be retained for analytics purposes.
Telemetry spans are retained for 90 days and then automatically purged.
Prompt and response content is never retained — ZDR is enforced at the gateway layer before data reaches Stereos infrastructure.
Encryption
Regional Data Handling
Primary data storage is in the United States (Neon PostgreSQL, US East region). Cloudflare's global edge network processes request metadata worldwide, but persistent data is anchored to the US region. Enterprise customers requiring EU data residency should contact james@trystereos.com to discuss configuration options.