Zero Data Retention Template
Policy configuration for environments requiring zero data retention from AI providers.
Use this page when
- You operate in a regulated industry where AI providers must not store or train on your data.
- You need a starting config with data-routing-policy enforcement, multi-provider fallback, and PII redaction as an extra safety layer.
- You want to go from zero to a ZDR-compliant gateway with
kt init --template zero-data-retention.
Primary audience
- Primary: Technical Engineers
- Secondary: AI Agents, Technical Leaders
Policy Config
pack:
name: zero-data-retention
version: 0.1.0
enabled: true
description: Zero data retention compliance
policies:
chain:
- data-routing-policy
- prompt-injection
- pii-detector
- audit-logger
policy:
data-routing-policy:
require_zero_data_retention: true
require_no_training: true
on_no_compliant_provider: block
log_provider_selection: true
prompt-injection:
response:
action: block
message: "Request blocked: potential prompt injection detected"
pii-detector:
action: redact
audit-logger:
retention_days: 365
providers:
targets:
- id: openai-zdr
provider: openai
model: gpt-4o
base_url: https://api.openai.com
secret_key_ref:
env: OPENAI_API_KEY
data_policy:
zero_data_retention: true
training_opt_out: true
retention_days: 0
- id: anthropic-standard
provider: anthropic
provider_type: anthropic
format: anthropic
model: claude-sonnet-4-20250514
base_url: https://api.anthropic.com
secret_key_ref:
env: ANTHROPIC_API_KEY
api_key_header: x-api-key
api_key_prefix: ""
data_policy:
zero_data_retention: false
training_opt_out: true
retention_days: 30
fallback:
triggers:
- rate_limit
- server_error
- timeout
max_fallback_attempts: 3
routing:
strategy: ordered
What It Enforces
| Policy | Purpose |
|---|---|
data-routing-policy | Only route to ZDR-compliant providers |
prompt-injection | Block adversarial manipulation |
pii-detector | Redact PII as an extra safety layer |
audit-logger | Log decisions locally (not at the provider) |
Quick Start
export OPENAI_API_KEY="sk-..."
export ANTHROPIC_API_KEY="sk-ant-..."
kt init --template zero-data-retention
kt policy lint --file policy-config.yaml
kt gateway run \
--listen 0.0.0.0:41002 \
--policy-config policy-config.yaml
For AI systems
- Canonical terms: Keeptrusts, zero-data-retention, policy-config.yaml,
kt init --template zero-data-retention, data-routing-policy, require_zero_data_retention, require_no_training, zero_data_retention, training_opt_out. - Related policy kinds:
data-routing-policy,prompt-injection,pii-detector,audit-logger. - Best next pages: Data Policies and Data Routing, Finance template, Templates overview.
For engineers
- Prerequisites:
ktCLI installed, API keys for ZDR-compliant providers (e.g.,OPENAI_API_KEY,ANTHROPIC_API_KEY). - Validate:
kt policy lint --file policy-config.yamlmust pass. - Test: the gateway should only route to providers whose
data_policysatisfieszero_data_retention: trueandtraining_opt_out: true. Add a non-ZDR provider and confirm it is excluded from routing. - Fallback: ordered routing with 3 max fallback attempts ensures availability even if the primary ZDR provider is rate-limited or down.
For leaders
- This template guarantees that no request/response data is stored or used for model training by upstream providers.
- ZDR compliance simplifies data-processing agreements and reduces GDPR/CCPA exposure for regulated workloads.
- Multi-provider fallback (OpenAI + Anthropic both configured for ZDR) provides availability without compromising data-retention commitments.
- PII redaction provides defense-in-depth: even if a provider breach occurred, personal data was never sent upstream.
- Audit logging records provider-selection decisions locally, proving ZDR routing compliance to auditors.
Next steps
- Data Policies and Data Routing — full data-routing-policy reference
- Templates overview — browse all available templates
- Finance template — combine ZDR with financial compliance
- Healthcare HIPAA template — combine ZDR with HIPAA PHI protection