Data Policies and Data Routing
Use providers.targets[].data_policy to declare provider retention and training guarantees, then use data-routing-policy to keep routing inside those declared limits.
Provider data_policy blocks
data_policy is metadata attached to a provider target. By itself it does not change routing. It becomes actionable when you add data-routing-policy to the chain.
providers:
targets:
- id: openai-zdr
provider: openai
model: gpt-5.4-mini
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
data_policy:
zero_data_retention: true
training_opt_out: true
retention_days: 0
| Field | Type | Notes |
|---|---|---|
zero_data_retention | boolean | Declares that the provider does not retain request or response data. |
training_opt_out | boolean | Declares that the provider does not use traffic for model training. |
retention_days | integer | Declared retention period in days. Use 0 for no retention. |
data-routing-policy
data-routing-policy filters the provider target list before normal routing and fallback.
policies:
chain:
- data-routing-policy
- audit-logger
policy:
data-routing-policy:
require_zero_data_retention: true
require_no_training: true
max_retention_days: 0
on_no_compliant_provider: block
log_provider_selection: true
| Field | Type | Notes |
|---|---|---|
require_zero_data_retention | boolean | Keep only providers with zero_data_retention: true. |
require_no_training | boolean | Keep only providers with training_opt_out: true. |
max_retention_days | integer | Exclude providers whose retention_days exceeds the threshold. |
on_no_compliant_provider | string | block or warn. |
log_provider_selection | boolean | Emit diagnostics about why targets were excluded. |
Full example
pack:
name: config-data-policies-example
version: 1.0.0
enabled: true
providers:
targets:
- id: trusted-zdr
provider: openai
model: gpt-5.4-mini
secret_key_ref:
env: KEEPTRUSTS_OPENAI_API_KEY
data_policy:
zero_data_retention: true
training_opt_out: true
retention_days: 0
- id: general-purpose
provider: azure
provider_type: azure-openai
format: openai
model: your-azure-openai-model
base_url: https://replace-with-resource-name.openai.azure.com
secret_key_ref:
env: KEEPTRUSTS_AZURE_OPENAI_API_KEY
azure_api_version: your-supported-api-version
azure_deployment: your-azure-deployment
data_policy:
zero_data_retention: false
training_opt_out: true
retention_days: 30
policies:
chain:
- data-routing-policy
- audit-logger
policy:
data-routing-policy:
require_zero_data_retention: true
require_no_training: true
max_retention_days: 0
on_no_compliant_provider: block
log_provider_selection: true
audit-logger: {}
Replace the model placeholders, Azure deployment, resource name, and API version with values currently enabled for each provider account before running the gateway.
Advanced regulated-routing metadata
The current schema accepts these additional fields when you need stricter execution guarantees:
data_policy.allow_internet_egressdata_policy.local_only_processingdata_policy.in_memory_onlydata_policy.sanitizeddata_policy.accepts_tokenized_inputdata-routing-policy.allow_internet_egressdata-routing-policy.local_only_processingdata-routing-policy.require_in_memory_onlydata-routing-policy.sanitize_before_providerdata-routing-policy.tokenize_sensitive_fields
Use these only when the target metadata is accurate. The gateway evaluates them as operator-declared routing constraints, not as provider-side attestations gathered automatically.
Provider data-policy metadata does not configure audit retention. Set retention and storage controls in their owning platform configuration; audit-logger is an allow-only chain marker in the current gateway.