What does zero data retention mean in AI provider contracts?
It depends, because zero data retention is a contract path rather than a legal term with one settled meaning. Counsel should separate no training promises from no stored prompts, outputs, classifier signals, and abuse artifacts.
There is almost no primary law on the phrase zero data retention itself. No statute, regulation, or reported case in the source set defines it across model providers. The governing text is mostly contract: services agreements, DPAs, help-center commitments, approval workflows, and in healthcare-adjacent settings, BAAs or addenda. That is why the comparison looks less like a compliance chart and more like a contract matrix.
The regulated-workflow angle appears in how vendors gate sensitive use. OpenAI's healthcare addendum does not define ZDR abstractly; it ties PHI handling to an endpoint “eligible for Zero Retention”. Anthropic's BAA materials do something similar. Claude Code via API is “Eligible only with ZDR enabled (for qualified accounts)”. The consequence is that ZDR often functions as a gateway condition for higher-sensitivity deployments, not as a freestanding legal category.
The next distinction is more important than it sounds: no training is not the same thing as no retention. Google says it “will not use Customer Data to train or fine-tune any AI/ML models without Customer's prior permission or instruction”. OpenAI says it “will not use Customer Content to develop or improve the Services, unless Customer explicitly agrees”. Both are meaningful. Neither one, by itself, answers whether prompts, outputs, classifier signals, or abuse-monitoring artifacts are stored. That second question is where the real ZDR differences begin.
Perhaps the cleanest positive-law-adjacent point is that even the most aggressive vendor promises remain subordinate to law, abuse prevention, and safety carveouts. OpenAI's services agreement preserves use to provide the service, comply with law, enforce policies, and prevent abuse. xAI's enterprise terms preserve legal and safety-compliance holdbacks. Anthropic's public retention page keeps longer retention for flagged misuse and legal requirements. So the legal baseline is not zero means zero. It is closer to zero means a narrower contractual data path, subject to explicit exceptions.
Sources for this answer
Vendor documentation
A.1 OpenAI, Services AgreementSupports the cited proposition. (OpenAI, Services Agreement)
will not use Customer Content to develop or improve the Services, unless Customer explicitly agrees
See OpenAI, Services Agreement.
Vendor documentation
A.2 Google Cloud, Service Specific TermsSupports the cited proposition. (Google Cloud, Service Specific Terms)
will not use Customer Data to train or fine-tune any AI/ML models without Customer's prior permission or instruction
See Google Cloud, Service Specific Terms.
Vendor documentation
A.3 xAI, Terms of Service - EnterpriseThe xAI Enterprise Terms of Service establish the contractual framework for service usage, including intellectual property ownership, liability disclaimers for AI-generated output, and mandatory procedural waivers for dispute resolution.
Customer acknowledges that no xAI intellectual property rights are assigned or transferred to Customer hereunder. Customer is obtaining only a limited right to access and use the Services during the Subscription Term of this Agreement.
See xAI, Terms of Service - Enterprise.
Vendor documentation
A.4 OpenAI, Healthcare Addendum and BAAPDFSupports the cited proposition. (OpenAI, Healthcare Addendum and BAA)
eligible for Zero Retention
See OpenAI, Healthcare Addendum and BAA.
Vendor documentation
A.5 Anthropic Privacy Center, Business Associate Agreements (BAA) for Commercial CustomersSupports the cited proposition. (Anthropic Privacy Center, Business Associate Agreements (BAA) for Commercial Customers)
Eligible only with ZDR enabled (for qualified accounts)
See Anthropic Privacy Center, Business Associate Agreements (BAA) for Commercial Customers.
Vendor documentation
A.6 Anthropic Privacy Center, I have a zero data retention agreement with Anthropic. What products does it apply to?Zero data retention arrangements with Anthropic are limited to specific eligible APIs and products utilizing a Commercial organization API key.
the only products to which zero data retention applies are eligible Anthropic APIs, and Anthropic products that use your Commercial organization API key (including Claude Code).
See Anthropic Privacy Center, I have a zero data retention agreement with Anthropic. What products does it apply to?.
Vendor documentation
A.7 xAI Docs, FAQ - xAI API SecurityxAI maintains specific data retention and security protocols for its API, including default temporary storage for auditing purposes and an enterprise-grade Zero Data Retention feature that prevents persistent storage of user data.
xAI never trains on your API inputs or outputs without your explicit permission.
See xAI Docs, FAQ - xAI API Security.
Vendor documentation
A.8 Anthropic Privacy Center, How long do you store my organization's data?Anthropic maintains specific data retention policies for its commercial products, including standard 30-day deletion for API inputs and outputs, extended retention for policy violations, and user-controlled deletion for chat history.
For Anthropic API users, we automatically delete inputs and outputs on our backend within 30 days of receipt or generation
See Anthropic Privacy Center, How long do you store my organization's data?.
Which AI providers offer zero data retention for legal workflows?
It depends, because each provider ties zero data retention to different products, approvals, and feature limits. The practical comparison is which layer still stores prompts, outputs, history, logs, tool traffic, or cached data.
The comparison that matters is not who says enterprise privacy most often. It is which layer of the stack still stores data.
| Provider or channel | Public ZDR posture | What still survives in public materials |
|---|---|---|
| Anthropic | ZDR for some approved enterprise API customers and eligible org-key products | Retained User Safety classifier results; flagged sessions can be retained up to 2 years; code execution and MCP connector traffic are outside ZDR. |
| Approved ZDR or abuse-monitoring exception, plus product-level configuration choices | Search and Maps grounding keep data for 30 days; files, caches, and live-session state can persist; sanitized records can still be logged. | |
| OpenAI | Sales-led zero-retention lanes tied at least to eligible API and healthcare-linked contexts | Public baseline is less consolidated; self-serve ChatGPT Business is not enough; some feature and sharing paths remain outside the simple headline. |
| xAI | Enterprise-only ZDR with no persisted request or response data | No server-side threaded history; baseline enterprise terms still reserve rights in de-identified data; enterprise workspace retention is a separate question. |
| Azure OpenAI | Not branded as ZDR, but modified abuse monitoring can shut off storage and human review for abuse monitoring | Automated review can still run; stored features such as Threads, Files, vector stores, and stored completions still persist data by design. |
| AWS Bedrock | Baseline provider-layer non-storage for prompts and completions | Customer-enabled invocation logging or prompt caching can recreate persistence on the AWS side. |
The first consequence is that zero often means a smaller product. xAI's public ZDR disables server-side conversation history. Anthropic's ZDR does not follow all the way into code execution or MCP connector exchanges. Google cannot disable retention for some grounding and stateful features because those features depend on retaining something. Companies that buy stricter non-retention promises often give up convenience, statefulness, or managed debugging at the same time. “there is no way to disable the storage of this information”
The fourth consequence is that OpenAI is the hardest provider in this set to summarize from public materials alone. The public record supports real zero-retention lanes. It also supports a healthcare and enterprise gating story. What it does not yet provide, at least in the source set, is the same single-page baseline-versus-ZDR matrix that Google and xAI now publish. That does not make OpenAI weaker on contract. It makes diligence more dependent on the paper behind the sales process.
The last consequence is economic, even though the economics are mostly hidden. Public docs across the set describe approval gates, account-team involvement, or enterprise-only access. They do not supply a reliable market schedule for ZDR pricing or minimum annual spend. So the market is already structured like an enterprise feature market, even where the exact threshold remains offstage.
Sources for this answer
Vendor documentation
B.2 Anthropic Privacy Center, I have a zero data retention agreement with Anthropic. What products does it apply to?Zero data retention arrangements with Anthropic are limited to specific eligible APIs and products utilizing a Commercial organization API key.
the only products to which zero data retention applies are eligible Anthropic APIs, and Anthropic products that use your Commercial organization API key (including Claude Code).
See Anthropic Privacy Center, I have a zero data retention agreement with Anthropic. What products does it apply to?.
Vendor documentation
B.3 Anthropic Privacy Center, How long do you store my organization's data?Anthropic maintains specific data retention policies for its commercial products, including standard 30-day deletion for API inputs and outputs, extended retention for policy violations, and user-controlled deletion for chat history.
For Anthropic API users, we automatically delete inputs and outputs on our backend within 30 days of receipt or generation
See Anthropic Privacy Center, How long do you store my organization's data?.
Vendor documentation
B.4 Anthropic Docs, Code execution toolAnthropic's code execution tool operates within a secure, isolated, and containerized environment that prohibits external network access to ensure safety.
The code execution tool allows Claude to run Bash commands and manipulate files, including writing code, in a secure, sandboxed environment.
See Anthropic Docs, Code execution tool.
Vendor documentation
B.5 Google Cloud, Vertex AI and zero data retentionGoogle Cloud provides mechanisms for customers to restrict the use of their data for model training and to manage or disable data retention and caching features within Vertex AI.
Google won't use your data to train or fine-tune any AI/ML models without your prior permission or instruction.
See Google Cloud, Vertex AI and zero data retention.
Vendor documentation
B.1 Google AI for Developers, Zero data retention in the Gemini Developer APISupports the cited proposition. (Google AI for Developers, Zero data retention in the Gemini Developer API)
there is no way to disable the storage of this information
See Google AI for Developers, Zero data retention in the Gemini Developer API.
Vendor documentation
B.6 Google Cloud, Abuse monitoringGoogle Cloud employs automated safety classifiers and limited prompt logging to monitor for violations of its Acceptable Use Policy, with the potential for service suspension in cases of severe or recurring abuse.
Google uses automated safety classifiers to detect potential abuse and violations.
See Google Cloud, Abuse monitoring.
Vendor documentation
B.7 OpenAI, Healthcare Addendum and BAAPDFSupports the cited proposition. (OpenAI, Healthcare Addendum and BAA)
eligible for Zero Retention
See OpenAI, Healthcare Addendum and BAA.
Vendor documentation
B.8 OpenAI Help Center, Sharing feedback, evaluation and fine-tuning data, and API inputs and outputs with OpenAIOpenAI does not use API inputs or outputs to train its models by default, but provides an opt-in mechanism for organizations to share such data for model improvement purposes.
By default, we don’t use any inputs or outputs from our products for business users, including ChatGPT Business, ChatGPT Enterprise, and the API, to improve our models.
See OpenAI Help Center, Sharing feedback, evaluation and fine-tuning data, and API inputs and outputs with OpenAI.
Vendor documentation
B.9 OpenAI Help Center, What is ChatGPT Business?ChatGPT Business is a self-serve workspace plan for teams that maintains distinct data privacy protections and is separate from OpenAI's API platform and enterprise-level contracted offerings.
ChatGPT Business is a self-serve plan designed for organizations that want a shared ChatGPT workspace for their teams.
See OpenAI Help Center, What is ChatGPT Business?.
Vendor documentation
B.10 xAI Docs, FAQ - xAI API SecurityxAI maintains specific data retention and security protocols for its API, including default temporary storage for auditing purposes and an enterprise-grade Zero Data Retention feature that prevents persistent storage of user data.
xAI never trains on your API inputs or outputs without your explicit permission.
See xAI Docs, FAQ - xAI API Security.
Vendor documentation
B.11 xAI, Terms of Service - EnterpriseThe xAI Enterprise Terms of Service establish the contractual framework for service usage, including intellectual property ownership, liability disclaimers for AI-generated output, and mandatory procedural waivers for dispute resolution.
Customer acknowledges that no xAI intellectual property rights are assigned or transferred to Customer hereunder. Customer is obtaining only a limited right to access and use the Services during the Subscription Term of this Agreement.
See xAI, Terms of Service - Enterprise.
Vendor documentation
B.12 xAI Docs, Grok.com User GuideGrok Business provides enterprise-grade privacy protections and secure, team-restricted conversation sharing as governed by xAI's terms of service.
Grok Business provides dedicated workspaces for personal and team use, with enhanced privacy and sharing controls.
See xAI Docs, Grok.com User Guide.
Vendor documentation
B.13 Microsoft Learn, Data, privacy, and security for Azure Direct Models in Microsoft FoundryMicrosoft's Azure Direct Models in Foundry maintain strict data privacy protections by ensuring customer prompts, completions, and training data are not used to train foundation models or improve third-party services without explicit authorization.
Your prompts (inputs) and completions (outputs), your embeddings, and your training data: - are NOT available to other customers. - are NOT available to OpenAI or other Azure Direct Model providers. - are NOT used by Azure Direct Model providers to improve their models or services.
See Microsoft Learn, Data, privacy, and security for Azure Direct Models in Microsoft Foundry.
Vendor documentation
B.14 Microsoft Learn, Azure Direct Models abuse monitoringMicrosoft employs automated and human-led abuse monitoring systems for Azure Direct Models to detect policy violations, with the potential for service termination if abusive behavior is not remediated.
Azure Direct Models detect and mitigate instances of recurring content and/or behaviors that suggest use of the service in a manner that might violate the Code of Conduct.
See Microsoft Learn, Azure Direct Models abuse monitoring.
Vendor documentation
B.15 Amazon Bedrock User Guide, Data protectionAmazon Bedrock users are advised to avoid inputting sensitive information into free-form text fields to prevent potential exposure in billing or diagnostic logs, while the service architecture ensures model providers lack access to customer prompts and completions.
We strongly recommend that you never put confidential or sensitive information, such as your customers' email addresses, into tags or free-form text fields such as a Name field.
See Amazon Bedrock User Guide, Data protection.
Vendor documentation
B.16 Amazon Bedrock User Guide, Amazon Bedrock abuse detectionAmazon Bedrock utilizes automated, non-human-reviewed systems to monitor user inputs and model outputs for policy violations, with the authority to block requests, report illegal content, and suspend user access for non-compliance.
Amazon Bedrock implements automated abuse detection mechanisms to identify potential violations of AWSâs Acceptable Use Policy
See Amazon Bedrock User Guide, Amazon Bedrock abuse detection.
Vendor documentation
B.17 Amazon Bedrock User Guide, Prompt caching for faster model inferenceAmazon Bedrock provides an optional prompt caching feature for on-demand inference that reduces latency and input token costs by allowing models to reuse cached context, subject to specific model-dependent token minimums and TTL constraints.
Prompt caching is an optional feature that you can use with supported models on Amazon Bedrock to reduce inference response latency and input token costs.
See Amazon Bedrock User Guide, Prompt caching for faster model inference.
Vendor documentation
B.18 Amazon Bedrock User Guide, Monitor model invocation using CloudWatch Logs and Amazon S3Amazon Bedrock provides a model invocation logging feature that allows users to capture request and response data, including large payloads and binary files, by configuring Amazon S3 or CloudWatch Logs as destination storage.
You can use model invocation logging to collect invocation logs, model input data, and model output data for all invocations in your AWS account used in Amazon Bedrock in a Region.
See Amazon Bedrock User Guide, Monitor model invocation using CloudWatch Logs and Amazon S3.
Vendor documentation
B.19 Anthropic Docs, MCP connectorThe Anthropic MCP connector allows direct integration with remote MCP servers via the Messages API, but it is subject to standard data retention policies rather than Zero Data Retention (ZDR) and requires servers to be publicly exposed via HTTP.
Claude's Model Context Protocol (MCP) connector feature enables you to connect to remote MCP servers directly from the Messages API without a separate MCP client.
See Anthropic Docs, MCP connector.
Vendor documentation
B.20 OpenAI Help Center, OpenAI Compliance Platform for Enterprise and Edu CustomersOpenAI's Compliance Platform enables enterprise and educational customers to integrate ChatGPT workspace logs and metadata with third-party eDiscovery, DLP, and SIEM tools to support auditing, security, and data retention requirements.
The Compliance Platform provides access to logs and metadata from your ChatGPT workspace that you can connect with your eDiscovery, DLP, or SIEM tools.
See OpenAI Help Center, OpenAI Compliance Platform for Enterprise and Edu Customers.
Vendor documentation
B.21 Microsoft Learn, Limited access for Azure Direct ModelsAccess to and use of Azure Direct Models are governed by specific eligibility criteria, Product Terms, and registration requirements for modified safety guardrails.
certain Azure Direct Models (or versions of them) are designated as Limited Access Services, and access and use are subject to eligibility criteria determined by Microsoft.
See Microsoft Learn, Limited access for Azure Direct Models.
Can cloud platforms change AI zero data retention risk?
Yes, cloud platforms can materially change the retention analysis even when the underlying model is the same. Azure and Bedrock can limit native provider access while customer-side logging, caching, files, and stored features still create persistence.
The second consequence is that native-vendor comparison is only part of the problem. Azure and Bedrock are not just reseller channels. They change the retention story. Azure isolates prompts and completions from OpenAI, then overlays Microsoft's own abuse-monitoring rules. Bedrock goes further at the provider layer. AWS says it doesn't store or log your prompts and completions and that model providers do not get access to them. For some legal teams, that architectural separation could matter more than whether the underlying model vendor offers native ZDR on direct sale.
The third consequence is that provider-side minimization and customer-side persistence can move in opposite directions. Google's ZDR materials still preserve caches, files, and session state in some paths. Bedrock offers invocation logging and prompt caching. Microsoft documents stored features explicitly. So a stronger provider-side ZDR term does not necessarily mean a smaller total data footprint. It can mean the durable record moved from the provider to the customer or the cloud intermediary. For some companies that is the point. For others it just changes where retention risk sits.
Sources for this answer
Vendor documentation
C.1 Microsoft Learn, Data, privacy, and security for Azure Direct Models in Microsoft FoundryMicrosoft's Azure Direct Models in Foundry maintain strict data privacy protections by ensuring customer prompts, completions, and training data are not used to train foundation models or improve third-party services without explicit authorization.
Your prompts (inputs) and completions (outputs), your embeddings, and your training data: - are NOT available to other customers. - are NOT available to OpenAI or other Azure Direct Model providers. - are NOT used by Azure Direct Model providers to improve their models or services.
See Microsoft Learn, Data, privacy, and security for Azure Direct Models in Microsoft Foundry.
Vendor documentation
C.2 Amazon Bedrock User Guide, Data protectionAmazon Bedrock users are advised to avoid inputting sensitive information into free-form text fields to prevent potential exposure in billing or diagnostic logs, while the service architecture ensures model providers lack access to customer prompts and completions.
We strongly recommend that you never put confidential or sensitive information, such as your customers' email addresses, into tags or free-form text fields such as a Name field.
See Amazon Bedrock User Guide, Data protection.
Vendor documentation
C.3 Google Cloud, Vertex AI and zero data retentionGoogle Cloud provides mechanisms for customers to restrict the use of their data for model training and to manage or disable data retention and caching features within Vertex AI.
Google won't use your data to train or fine-tune any AI/ML models without your prior permission or instruction.
See Google Cloud, Vertex AI and zero data retention.
Vendor documentation
C.4 Google AI for Developers, Zero data retention in the Gemini Developer APISupports the cited proposition. (Google AI for Developers, Zero data retention in the Gemini Developer API)
there is no way to disable the storage of this information
See Google AI for Developers, Zero data retention in the Gemini Developer API.
Vendor documentation
C.5 Amazon Bedrock User Guide, Prompt caching for faster model inferenceAmazon Bedrock provides an optional prompt caching feature for on-demand inference that reduces latency and input token costs by allowing models to reuse cached context, subject to specific model-dependent token minimums and TTL constraints.
Prompt caching is an optional feature that you can use with supported models on Amazon Bedrock to reduce inference response latency and input token costs.
See Amazon Bedrock User Guide, Prompt caching for faster model inference.
Vendor documentation
C.6 Amazon Bedrock User Guide, Monitor model invocation using CloudWatch Logs and Amazon S3Amazon Bedrock provides a model invocation logging feature that allows users to capture request and response data, including large payloads and binary files, by configuring Amazon S3 or CloudWatch Logs as destination storage.
You can use model invocation logging to collect invocation logs, model input data, and model output data for all invocations in your AWS account used in Amazon Bedrock in a Region.
See Amazon Bedrock User Guide, Monitor model invocation using CloudWatch Logs and Amazon S3.
What should in-house counsel ask AI vendors about zero data retention?
Ask about data rights, storage, training, safety review, telemetry, outputs, and the exact enterprise path where zero data retention applies. The public firm commentary supports diligence questions, not a clean spend or approval taxonomy.
The firms in the source set are more aligned than they first look. Morgan Lewis is the most direct on the underlying contracting problem. Its December 11, 2025 note frames AI contracting as allocating rights to data the tool processes, generates, and uses to train, test, or improve the model. That is the right frame for ZDR too. The dispute is rarely only about training. It is also about storage, inspection, derived telemetry, and operational reuse.
Cooley's May 8, 2025 AI governance materials make the diligence point more operational. The slide deck tells buyers to ask about retention of data, retained training rights, confidentiality commitments, ownership of outputs, and the difference between enterprise and individual terms. That lines up almost exactly with the provider record here. Self-serve products and enterprise or API products often sit on materially different retention regimes, even when the marketing language is similar.
Wilson Sonsini is narrower, but still useful. Its AI playbook tells buyers to assess whether the tool will reuse personal data to train the vendor's model and to pin roles and responsibilities down in the DPA. That is not a full ZDR framework. Still, it captures a common failure mode: companies collapse training rights, storage, safety review, and processor-controller allocation into one generic privacy discussion. The public vendor terms do not collapse them. They split them.
Fisher Phillips is less specific on vendor matrices, but the emphasis is consistent: the market problem is knowing which vendor questions matter. That may sound basic. It is not. The public material in this area is still much better on scope and carveouts than it is on price, minimum commitment, or approval thresholds. No firm source in this directory supplies a dependable public spend matrix for who gets ZDR, at what contract value, or on what turnaround.
That absence is itself a useful conclusion. The firms agree on what to diligence. They do not support a clean public taxonomy that says one provider grants ZDR cheaply, another only at high spend, and a third only for regulated workloads. The public record is still thinner than the market probably wants.
Sources for this answer
Law-firm commentary
D.1 Morgan Lewis commentaryContracting for generative AI requires careful allocation of data rights and use restrictions, particularly regarding the ownership of training data, inputs, and outputs, as well as limitations on competitive use.
One of the key concepts in contracting for generative AI (GenAI) is allocating rights to data that the GenAI tool processes and generates, as well as any data used to train, test, and improve the underlying AI model.
See Morgan Lewis, Key Concepts in AI Contracting: Data Rights and Restrictions.
Law-firm commentary
D.2 Cooley commentaryPDFFinancial institutions must implement robust AI governance frameworks, including vendor due diligence and risk assessments, to navigate the evolving state and federal regulatory landscape.
Imposes obligations on both developers and deployers of AI: documentation, disclosure, risk analysis, governance
See Cooley, AI Talks: AI Governance & Financial Services.
Vendor documentation
D.3 OpenAI Help Center, What is ChatGPT Business?ChatGPT Business is a self-serve workspace plan for teams that maintains distinct data privacy protections and is separate from OpenAI's API platform and enterprise-level contracted offerings.
ChatGPT Business is a self-serve plan designed for organizations that want a shared ChatGPT workspace for their teams.
See OpenAI Help Center, What is ChatGPT Business?.
Vendor documentation
D.4 Anthropic Privacy Center, I have a zero data retention agreement with Anthropic. What products does it apply to?Zero data retention arrangements with Anthropic are limited to specific eligible APIs and products utilizing a Commercial organization API key.
the only products to which zero data retention applies are eligible Anthropic APIs, and Anthropic products that use your Commercial organization API key (including Claude Code).
See Anthropic Privacy Center, I have a zero data retention agreement with Anthropic. What products does it apply to?.
Vendor documentation
D.5 xAI Docs, FAQ - xAI API SecurityxAI maintains specific data retention and security protocols for its API, including default temporary storage for auditing purposes and an enterprise-grade Zero Data Retention feature that prevents persistent storage of user data.
xAI never trains on your API inputs or outputs without your explicit permission.
See xAI Docs, FAQ - xAI API Security.
Law-firm commentary
D.6 Wilson Sonsini commentaryPDFThe EU regulatory landscape for AI tools is governed by a complex framework of overlapping legislation, including the AI Act, the GDPR, and the Digital Services Act, all of which impose specific compliance obligations on companies operating in or providing services to the EU.
The AI Act introduces a new risk-based legal framework for AI tools that will apply across all industry sectors.
See Wilson Sonsini, L-Suite AI Playbook, Chapter 7.
Vendor documentation
D.7 Google Cloud, Vertex AI and zero data retentionGoogle Cloud provides mechanisms for customers to restrict the use of their data for model training and to manage or disable data retention and caching features within Vertex AI.
Google won't use your data to train or fine-tune any AI/ML models without your prior permission or instruction.
See Google Cloud, Vertex AI and zero data retention.
Vendor documentation
D.8 Anthropic Privacy Center, How long do you store my organization's data?Anthropic maintains specific data retention policies for its commercial products, including standard 30-day deletion for API inputs and outputs, extended retention for policy violations, and user-controlled deletion for chat history.
For Anthropic API users, we automatically delete inputs and outputs on our backend within 30 days of receipt or generation
See Anthropic Privacy Center, How long do you store my organization's data?.
Law-firm commentary
D.9 Fisher Phillips / Full Court Press commentaryPDFThe appointment of a federal AI Czar signals a shift toward a deregulatory federal environment, which increases the burden on employers to self-regulate and navigate a growing patchwork of state-level AI compliance requirements.
President Donald Trump’s appointment of David O. Sacks as the new “AI and Crypto Czar” signals a major shift in how the federal government plans to approach artificial intelligence (AI) and its role in the workplace.
See Fisher Phillips / Full Court Press, David O. Sacks Named Artificial Intelligence and Crypto Czar: What Employers Need to Know About a New Era of AI Oversight.
Law-firm commentary
D.10 Orrick commentaryThe EU AI Act imposes varying compliance obligations on organizations based on their specific role in the AI value chain and the risk classification of the AI systems or general-purpose AI models they utilize or develop.
The AI Act affects a wide range of operators along the AI value chain, including providers, deployers, importers, distributors and product manufacturers. The obligations vary depending on an organization’s role.
See Orrick, The EU AI Act: 6 Steps to Take Before 2 August 2026.
What AI zero data retention gaps remain unresolved?
Unclear, because the market has not converged on whether zero data retention covers only inference traffic or every derivative and adjacent workflow record. The open issues are classifier results, sanitized logs, tool traffic, subprocessors, de-identified data, and feature-specific storage.
- Perhaps the biggest open question is whether “zero” means no stored prompts and outputs, or no stored derivative signal at all. Anthropic openly keeps User Safety classifier results under ZDR. Google treats sanitized logs as compatible with ZDR. xAI takes a stricter line and says moderation results are not stored. The market does not yet speak with one definition.
- It is still unsettled whether a useful ZDR promise should be read against the model call only or against the whole workflow. Vendors usually separate inference from grounding, files, caches, thread state, tool use, and connector traffic. Legal workflows often rely on exactly those features. We think that gap is where many surprises now live.
- Another open question is how far de-identified-data rights, affiliate access, and subprocessors survive a ZDR promise. xAI's enterprise terms preserve de-identified-data rights. OpenAI's services agreement permits delivery through subprocessors. Bedrock removes one version of the concern by keeping model providers out of the data path, but customer-side AWS logging can still exist. The final contract could narrow those edges, but the public materials do not collapse them into one answer.
- It also remains unclear how much of the real bargain lives in public documentation versus order forms, approval emails, and account-team commitments. The public docs clearly establish that approvals exist. They do not disclose standard turnaround, spend thresholds, or a full rulebook for revocation. That opacity is common across the set.
- The last unresolved line is scope beyond inference: feedback, evaluations, fine-tuning, files, and stored history. The public pattern suggests that the strongest ZDR language usually covers inference traffic first. Everything adjacent is more fragmented. That could stay true, or the market could eventually converge on a broader definition. It has not yet.
Sources for this answer
Vendor documentation
E.1 Anthropic Privacy Center, I have a zero data retention agreement with Anthropic. What products does it apply to?Zero data retention arrangements with Anthropic are limited to specific eligible APIs and products utilizing a Commercial organization API key.
the only products to which zero data retention applies are eligible Anthropic APIs, and Anthropic products that use your Commercial organization API key (including Claude Code).
See Anthropic Privacy Center, I have a zero data retention agreement with Anthropic. What products does it apply to?.
Vendor documentation
E.2 Google AI for Developers, Zero data retention in the Gemini Developer APISupports the cited proposition. (Google AI for Developers, Zero data retention in the Gemini Developer API)
there is no way to disable the storage of this information
See Google AI for Developers, Zero data retention in the Gemini Developer API.
Vendor documentation
E.3 xAI Docs, FAQ - xAI API SecurityxAI maintains specific data retention and security protocols for its API, including default temporary storage for auditing purposes and an enterprise-grade Zero Data Retention feature that prevents persistent storage of user data.
xAI never trains on your API inputs or outputs without your explicit permission.
See xAI Docs, FAQ - xAI API Security.
Vendor documentation
E.4 Google Cloud, Vertex AI and zero data retentionGoogle Cloud provides mechanisms for customers to restrict the use of their data for model training and to manage or disable data retention and caching features within Vertex AI.
Google won't use your data to train or fine-tune any AI/ML models without your prior permission or instruction.
See Google Cloud, Vertex AI and zero data retention.
Vendor documentation
E.5 Anthropic Docs, Code execution toolAnthropic's code execution tool operates within a secure, isolated, and containerized environment that prohibits external network access to ensure safety.
The code execution tool allows Claude to run Bash commands and manipulate files, including writing code, in a secure, sandboxed environment.
See Anthropic Docs, Code execution tool.
Vendor documentation
E.6 Microsoft Learn, Data, privacy, and security for Azure Direct Models in Microsoft FoundryMicrosoft's Azure Direct Models in Foundry maintain strict data privacy protections by ensuring customer prompts, completions, and training data are not used to train foundation models or improve third-party services without explicit authorization.
Your prompts (inputs) and completions (outputs), your embeddings, and your training data: - are NOT available to other customers. - are NOT available to OpenAI or other Azure Direct Model providers. - are NOT used by Azure Direct Model providers to improve their models or services.
See Microsoft Learn, Data, privacy, and security for Azure Direct Models in Microsoft Foundry.
Vendor documentation
E.7 xAI, Terms of Service - EnterpriseThe xAI Enterprise Terms of Service establish the contractual framework for service usage, including intellectual property ownership, liability disclaimers for AI-generated output, and mandatory procedural waivers for dispute resolution.
Customer acknowledges that no xAI intellectual property rights are assigned or transferred to Customer hereunder. Customer is obtaining only a limited right to access and use the Services during the Subscription Term of this Agreement.
See xAI, Terms of Service - Enterprise.
Vendor documentation
E.8 OpenAI, Services AgreementSupports the cited proposition. (OpenAI, Services Agreement)
will not use Customer Content to develop or improve the Services, unless Customer explicitly agrees
See OpenAI, Services Agreement.
Vendor documentation
E.9 Amazon Bedrock User Guide, Data protectionAmazon Bedrock users are advised to avoid inputting sensitive information into free-form text fields to prevent potential exposure in billing or diagnostic logs, while the service architecture ensures model providers lack access to customer prompts and completions.
We strongly recommend that you never put confidential or sensitive information, such as your customers' email addresses, into tags or free-form text fields such as a Name field.
See Amazon Bedrock User Guide, Data protection.
Vendor documentation
E.10 Amazon Bedrock User Guide, Monitor model invocation using CloudWatch Logs and Amazon S3Amazon Bedrock provides a model invocation logging feature that allows users to capture request and response data, including large payloads and binary files, by configuring Amazon S3 or CloudWatch Logs as destination storage.
You can use model invocation logging to collect invocation logs, model input data, and model output data for all invocations in your AWS account used in Amazon Bedrock in a Region.
See Amazon Bedrock User Guide, Monitor model invocation using CloudWatch Logs and Amazon S3.
Vendor documentation
E.11 Google Cloud, Abuse monitoringGoogle Cloud employs automated safety classifiers and limited prompt logging to monitor for violations of its Acceptable Use Policy, with the potential for service suspension in cases of severe or recurring abuse.
Google uses automated safety classifiers to detect potential abuse and violations.
See Google Cloud, Abuse monitoring.
Vendor documentation
E.12 OpenAI Help Center, What is ChatGPT Business?ChatGPT Business is a self-serve workspace plan for teams that maintains distinct data privacy protections and is separate from OpenAI's API platform and enterprise-level contracted offerings.
ChatGPT Business is a self-serve plan designed for organizations that want a shared ChatGPT workspace for their teams.
See OpenAI Help Center, What is ChatGPT Business?.
Vendor documentation
E.13 OpenAI Help Center, Sharing feedback, evaluation and fine-tuning data, and API inputs and outputs with OpenAIOpenAI does not use API inputs or outputs to train its models by default, but provides an opt-in mechanism for organizations to share such data for model improvement purposes.
By default, we don’t use any inputs or outputs from our products for business users, including ChatGPT Business, ChatGPT Enterprise, and the API, to improve our models.
See OpenAI Help Center, Sharing feedback, evaluation and fine-tuning data, and API inputs and outputs with OpenAI.
Vendor documentation
E.14 Anthropic Privacy Center, Is my data used for model training?Anthropic does not use inputs or outputs from its commercial products to train its models by default, but may use data if a user explicitly provides feedback or opts into data usage.
By default, we will not use your inputs or outputs from our commercial products (e.g. Claude for Work, Anthropic API, Claude Gov, etc.) to train our models.
See Anthropic Privacy Center, Is my data used for model training?.