Glossary
Sovereignty & Compliance

Zero Data Retention (ZDR)

Zero data retention (ZDR) means an inference provider does not persist the content of your requests - your prompts and the model's responses - after the request has been served, and does not use that content to train models. Only the transient processing needed to generate the answer touches your data; nothing is logged, stored, or reused once the response is returned.

What zero data retention actually means

By default, many AI providers log request and response content - for debugging, analytics, abuse monitoring, or model improvement - and some reserve the right to train on it. Zero data retention removes that: the prompt is processed, the response is generated, and the content is discarded, with no copy kept and no training use. It is the difference between your data passing through a system and your data accumulating inside it. Customers ask for it because it is the cleanest answer to "what happens to my data after you answer?" - especially for confidential, regulated, or personal-data workloads.

"Zero" only means something if it is defined precisely. A credible ZDR posture states exactly what is and is not retained: request and response content - the sensitive part - should not be stored, while a minimal amount of operational metadata (token counts for billing, timestamps, rate-limit counters) is usually still processed and must be disclosed. It should also be clear how transient mechanisms are handled: streaming buffers and any prompt or KV caching used to speed up repeated context are ephemeral by design rather than a content log, but a serious claim spells out their behavior and retention window instead of hiding them.

Why it matters - a separate axis from residency

Retention is a different question from where data lives or which law applies. Data can be EU-resident, under EU GDPR, and still be retained in logs - which expands the surface for breaches, discovery requests, and accidental training leakage. Zero retention shrinks that surface to the instant of processing: there is simply less data to leak, subpoena, or misuse, because it does not persist. It also aligns directly with GDPR's storage-limitation and data-minimization principles - you cannot over-retain what you never keep.

This is why ZDR, residency, jurisdiction, and the DPA work together rather than substituting for one another: residency controls where the data is, jurisdiction controls who can compel access, the DPA puts the rules in a contract, and retention controls how long the data exists at all. The strongest privacy posture combines them - and ZDR is the one that most directly answers the question customers ask most often.

Zero data retention at Infercom

Infercom does not retain the content of your requests: your prompts and the model's responses are not logged or stored after a request is served, and we never use your data to train models - commitments set out in our Data Processing Agreement and Terms of Service. The one place your data exists beyond the moment of processing is prompt caching: when it is used to speed up repeated context, a KV cache - a transformed numerical representation derived from your prompt, not a stored copy of your text - is held ephemerally in the racks' in-memory (DDR) tier on our EU infrastructure, never written to durable storage or logs and never used for training. The only data we keep is operational: usage logs for billing (such as token counts) and your account details, like the login email. The sensitive part - the content itself - persists only as long as it takes to answer.

Sources

Related terms

See how EU jurisdiction, data residency, and a signable DPA come together on our EU sovereign AI platform - control you can hold us to, not a badge.

Ready to Build the Future of AI in Europe?

Join forward-thinking organizations deploying sovereign AI with world-class performance