Zero Data Retention (ZDR)
When ZDR is enabled, the gateway routes requests only through providers that have verified agreements to delete all request data immediately after processing.
Enable per-request
{
"model": "anthropic/claude-sonnet-4-6",
"messages": [{"role": "user", "content": "Analyze this sensitive data..."}],
"providerOptions": {
"gateway": {
"zeroDataRetention": true
}
}
}Enable team-wide
Set zdrEnabled: true on your team record. All requests from team members will enforce ZDR. Team-wide ZDR overrides per-request zeroDataRetention: false.
How it works
When ZDR is enabled:
-
Operators are skipped. Operators self-report their backing provider. The gateway cannot verify what provider an operator actually routes through, so operators are excluded from ZDR-compliant routing.
-
LiteLLM is skipped. LiteLLM has its own internal fallback chain that may route to non-ZDR providers. Since we can’t control LiteLLM’s routing decisions, it’s excluded.
-
Direct provider only. The gateway calls the provider API directly, selecting only from verified ZDR providers.
-
BYOK fallback preserves ZDR. If your BYOK credentials fail, the fallback to platform credentials still enforces ZDR filtering.
ZDR-verified providers
| Provider | ZDR | No-Train | Policy |
|---|---|---|---|
| Anthropic | Yes | Yes | ZDR policy |
| Amazon Bedrock | Yes | Yes | Data protection |
| Azure OpenAI | Yes | Yes | Data privacy |
| Groq | Yes | Yes | ZDR policy |
| Mistral | Yes | Yes | Terms |
| Fireworks | Yes | Yes | Data handling |
| Together | Yes | Yes | Terms |
| Cerebras | Yes | Yes | Privacy |
| Google Vertex | Yes | Yes | ZDR policy |
| Nebius | Yes | Yes | Legal guide |
| Parasail | Yes | Yes | Terms |
| Baseten | Yes | Yes | Security |
| DeepInfra | Yes | Yes | Data handling |
Compliance data is managed via the admin API (PUT /api/admin/compliance) and can be updated without code deploys.
Trust model
| Routing tier | ZDR behavior |
|---|---|
| Operators | Skipped. Self-reported backing provider is unverifiable. |
| LiteLLM | Skipped. Internal fallback chain is uncontrollable. |
| Direct provider | Routed only to verified ZDR providers. |
| BYOK fallback | ZDR filters preserved on fallback to platform credentials. |
| Operator-only + ZDR | 400 error. Conflicting requirements. |
The Tangle chain verifies operator identity and stake, not behavior. When compliance matters, the gateway routes direct.
Error responses
If no ZDR-compliant provider is available for the requested model:
{
"error": {
"message": "No ZDR providers available for model: deepseek/deepseek-chat. Providers considered: anthropic, groq, mistral, ...",
"type": "invalid_request_error",
"code": "no_providers_available"
}
}