Docs
Policy Gateway Security & Privacy
Enterprise buyers need clear answers on data handling. This page documents Policy Gateway retention, audit fields, and key isolation.
Prompt and completion text are not stored by default; only policy metadata is retained for audits and billing.
Quick start
Service notes
- Pricing model: Usage-based pricing (~$5 per 1M tokens) billed on total tokens (input + output). See the API pricing page for current plans.
- Data retention: No prompt/output retention by default. Operational telemetry (token counts, timestamps, error codes) is retained for billing and reliability.
- Compatibility: OpenAI-style /v1/chat/completions request and response format with a base URL switch.
- Latency: Depends on model size, prompt length, and load. Streaming reduces time-to-first-token.
- Throughput: Team plans include priority throughput. Actual throughput varies with demand.
- Rate limits: Limits vary by plan and load. Handle 429s with backoff and respect any Retry-After header.
What we store
- Policy configuration revisions and change history.
- Decision metadata: decision, reason_code, triggered_categories, rollout_mode.
- Audit tags: policy_id, policy_user, policy_project_id, policy_target, model, and timestamps.
- Usage counters for quota enforcement.
What we do not store
- Prompt or completion text (processed transiently by default).
- PII beyond the identifiers you attach as policy_user or policy_project_id.
Retention
- Audit logs are retained for 30 days by default.
- Longer retention, exports, and compliance attestations are available on enterprise plans.
Redaction behavior
- Redaction is applied to the response before it is streamed to the client.
- Only decision metadata is stored; redacted content is not logged.
Scoped keys & isolation
- Create a project per app or agent to isolate budgets and audit trails.
- Scoped keys map requests to projects without sharing budgets across apps.
Audit log fields
- decision, reason_code, triggered_categories, rollout_mode, enforced
- policy_id, policy_user, policy_project_id, policy_target
- allowlist_hits, denylist_hits, model, created_at
Common errors & fixes
- 401 Unauthorized: Check that your API key is set and sent as a Bearer token.
- 404 Not Found: Make sure the base URL ends with /v1 and you call /chat/completions.
- 400 Bad Request: Verify the model id and that messages are an array of { role, content } objects.
- 429 Rate limit: Back off and retry. Use the Retry-After header for pacing.