What zero data retention actually means
By default, many AI providers log request and response content - for debugging, analytics, abuse monitoring, or model improvement - and some reserve the right to train on it. Zero data retention removes that: the prompt is processed, the response is generated, and the content is discarded, with no copy kept and no training use. It is the difference between your data passing through a system and your data accumulating inside it. Customers ask for it because it is the cleanest answer to "what happens to my data after you answer?" - especially for confidential, regulated, or personal-data workloads.
"Zero" only means something if it is defined precisely. A credible ZDR posture states exactly what is and is not retained: request and response content - the sensitive part - should not be stored, while a minimal amount of operational metadata (token counts for billing, timestamps, rate-limit counters) is usually still processed and must be disclosed. It should also be clear how transient mechanisms are handled: streaming buffers and any prompt or KV caching used to speed up repeated context are ephemeral by design rather than a content log, but a serious claim spells out their behavior and retention window instead of hiding them.
Why it matters - a separate axis from residency
Retention is a different question from where data lives or which law applies. Data can be EU-resident, under EU GDPR, and still be retained in logs - which expands the surface for breaches, discovery requests, and accidental training leakage. Zero retention shrinks that surface to the instant of processing: there is simply less data to leak, subpoena, or misuse, because it does not persist. It also aligns directly with GDPR's storage-limitation and data-minimization principles - you cannot over-retain what you never keep.
This is why ZDR, residency, jurisdiction, and the DPA work together rather than substituting for one another: residency controls where the data is, jurisdiction controls who can compel access, the DPA puts the rules in a contract, and retention controls how long the data exists at all. The strongest privacy posture combines them - and ZDR is the one that most directly answers the question customers ask most often.
Zero data retention at Infercom
Infercom does not retain the content of your requests: your prompts and the model's responses are not logged or stored after a request is served, and we never use your data to train models - commitments set out in our Data Processing Agreement and Terms of Service. The one place your data exists beyond the moment of processing is prompt caching: when it is used to speed up repeated context, a KV cache - a transformed numerical representation derived from your prompt, not a stored copy of your text - is held ephemerally in the racks' in-memory (DDR) tier on our EU infrastructure, never written to durable storage or logs and never used for training. The only data we keep is operational: usage logs for billing (such as token counts) and your account details, like the login email. The sensitive part - the content itself - persists only as long as it takes to answer.
Sources
Related terms
Data Residency
Where your data is physically stored and processed - a necessary part of sovereignty, but not the same as control over who can legally reach it.
Data Processing Agreement (DPA)
The GDPR Article 28 contract that governs how an inference provider may process the personal data in your prompts - and a basic test of whether a provider is enterprise-ready.
GDPR for AI Inference
What Europe's data-protection law requires when your prompts contain personal data - a lawful basis, a processor agreement, and processing that stays within reach of EU law.
See how EU jurisdiction, data residency, and a signable DPA come together on our EU sovereign AI platform - control you can hold us to, not a badge.