Skip to main content

Data Policies and Data Routing

Use providers.targets[].data_policy to declare provider retention and training guarantees, then use data-routing-policy to keep routing inside those declared limits.

Provider data_policy blocks

data_policy is metadata attached to a provider target. By itself it does not change routing. It becomes actionable when you add data-routing-policy to the chain.

providers:
targets:
- id: openai-zdr
provider: openai
model: gpt-5.4-mini
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
data_policy:
zero_data_retention: true
training_opt_out: true
retention_days: 0
FieldTypeNotes
zero_data_retentionbooleanDeclares that the provider does not retain request or response data.
training_opt_outbooleanDeclares that the provider does not use traffic for model training.
retention_daysintegerDeclared retention period in days. Use 0 for no retention.

data-routing-policy

data-routing-policy filters the provider target list before normal routing and fallback.

policies:
chain:
- data-routing-policy
- audit-logger

policy:
data-routing-policy:
require_zero_data_retention: true
require_no_training: true
max_retention_days: 0
on_no_compliant_provider: block
log_provider_selection: true
FieldTypeNotes
require_zero_data_retentionbooleanKeep only providers with zero_data_retention: true.
require_no_trainingbooleanKeep only providers with training_opt_out: true.
max_retention_daysintegerExclude providers whose retention_days exceeds the threshold.
on_no_compliant_providerstringblock or warn.
log_provider_selectionbooleanEmit diagnostics about why targets were excluded.

Full example

pack:
name: config-data-policies-example
version: 1.0.0
enabled: true
providers:
targets:
- id: trusted-zdr
provider: openai
model: gpt-5.4-mini
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
data_policy:
zero_data_retention: true
training_opt_out: true
retention_days: 0
- id: general-purpose
provider: azure
provider_type: azure-openai
format: openai
model: your-azure-openai-model
base_url: https://replace-with-resource-name.openai.azure.com
secret_key_ref:
env: KEEPTRUSTS_AZURE_OPENAI_API_KEY
azure_api_version: your-supported-api-version
azure_deployment: your-azure-deployment
data_policy:
zero_data_retention: false
training_opt_out: true
retention_days: 30
policies:
chain:
- data-routing-policy
- audit-logger
policy:
data-routing-policy:
require_zero_data_retention: true
require_no_training: true
max_retention_days: 0
on_no_compliant_provider: block
log_provider_selection: true
audit-logger: {}

Replace the model placeholders, Azure deployment, resource name, and API version with values currently enabled for each provider account before running the gateway.

Advanced regulated-routing metadata

The current schema accepts these additional fields when you need stricter execution guarantees:

  • data_policy.allow_internet_egress
  • data_policy.local_only_processing
  • data_policy.in_memory_only
  • data_policy.sanitized
  • data_policy.accepts_tokenized_input
  • data-routing-policy.allow_internet_egress
  • data-routing-policy.local_only_processing
  • data-routing-policy.require_in_memory_only
  • data-routing-policy.sanitize_before_provider
  • data-routing-policy.tokenize_sensitive_fields

Use these only when the target metadata is accurate. The gateway evaluates them as operator-declared routing constraints, not as provider-side attestations gathered automatically.

Provider data-policy metadata does not configure audit retention. Set retention and storage controls in their owning platform configuration; audit-logger is an allow-only chain marker in the current gateway.

Next steps