LLM governance / policy control planeDocs

Policy Gateway Security & Privacy

What Policy Gateway stores, what it does not store, and how audit logs, redaction, and scoped keys work.

This page documents what Policy Gateway persists and what stays transient during a request.

Prompt and completion text are not stored by Policy Gateway; usage logs store token counts for billing.

Updated Jan 14, 2026Policy Gateway

Quick start

Service notes

  • Pricing model: Usage-based pricing (~$5 per 1M tokens) billed on total tokens (input + output). See the API pricing page for current plans.
  • Data retention: No prompt/output retention by default. Operational telemetry (token counts, timestamps, error codes) is retained for billing and reliability.
  • Compatibility: OpenAI-style /v1/chat/completions request and response format with a base URL switch.
  • Latency: Depends on model size, prompt length, and load. Streaming reduces time-to-first-token.
  • Throughput: Team plans include priority throughput. Actual throughput varies with demand.
  • Rate limits: Limits vary by plan and load. Handle 429s with backoff and respect any Retry-After header.

What Policy Gateway stores

#
  • Policy configuration (current config plus revision history when saved).
  • Project records (name, status, monthly limits).
  • Policy API key metadata (label, project_id, key_preview, revoked flags).
  • Audit history entries when org_controls.audit_logs is enabled.
  • Usage logs for billing (token counts, credits, timestamps).
  • Quota usage counters per window (requests and tokens).

What we do not store

#
  • Prompt, completion, and image content (processed in-memory per request).
  • Raw API keys (only a hash and preview are stored).
  • Full user PII unless you include it in policy metadata fields.

Retention

#
  • Policy history is capped by POLICY_HISTORY_LIMIT (default 50) and pruned by count.
  • Quota usage is keyed by window (daily/weekly/monthly) and rolls forward each window.
  • Config and project records persist until updated or deleted.

Redaction behavior

#
  • When rules.redact is true and enforcement is active, responses are pattern-redacted.
  • Patterns include emails, phone numbers, SSNs, payment cards, and API keys.
  • Redaction happens before streaming chunks are sent, and response text is not logged.

Scoped keys & isolation

#
  • Create a project per app or agent to isolate budgets and audit trails.
  • Scoped keys attach a project id automatically and can be revoked independently.

Audit log fields

#
  • Common: id, type, created_at, policy_id, policy_name.
  • Enforcement: decision, reason_code, triggered_categories, allowlist_hits, denylist_hits, rollout_mode, enforced.
  • Metadata: policy_user, quota_subject, policy_target, project_id, project_label, data_classification, model.
  • Simulation: scenario_categories plus decision metadata.
  • Revision: config snapshot.

Export destinations

#

Forward audit logs into tools your security team already uses.

Exports are available on enterprise plans; contact help@abliteration.ai to enable a log export sink.

Identifiers and privacy

#
  • Policy Gateway stores the identifiers you send (policy_user, policy_project_id stored as project_id, policy_target).
  • policy_user and project_id are normalized to lowercase slugs; policy_target is lowercased and whitespace is collapsed.
  • Avoid direct PII in identifiers if you do not want it stored.

Common errors & fixes

  • 401 Unauthorized: Check that your API key is set and sent as a Bearer token.
  • 404 Not Found: Make sure the base URL ends with /v1 and you call /chat/completions.
  • 400 Bad Request: Verify the model id and that messages are an array of { role, content } objects.
  • 429 Rate limit: Back off and retry. Use the Retry-After header for pacing.

Related links