Try it
Policy GatewayDocsPricing
Log inGet API key
Trust Center

Security & Privacy at abliteration.ai

How we protect your data, manage credentials, and maintain operational security. OpenAI-compatible API with privacy-first defaults.

Last updated: January 22, 2026

Security Practices

  • TLS 1.3: All API traffic is encrypted in transit.
  • Rate limiting: Automatic protection against abuse and runaway costs.
  • Input validation: Requests are validated before processing.
  • Isolated execution: Model inference runs in isolated environments.
  • Monitoring: 24/7 uptime monitoring and anomaly detection.

Key Management

  • Encrypted at rest: API keys are encrypted using AES-256 before storage.
  • Hashed passwords: User passwords are hashed with bcrypt, never stored in plaintext.
  • Scoped keys: Policy Gateway supports project-scoped keys with granular permissions.
  • Key rotation: You can rotate API keys at any time from your dashboard.
  • Revocation: Compromised keys can be revoked immediately.

Retention Defaults

  • Prompts & completions: Not stored by default. Processed transiently.
  • Operational telemetry: Retained for billing and reliability.
  • Audit logs (Policy Gateway): Configurable retention with export to your SIEM.
  • Account data: Retained while your account is active, deleted on request.
  • Billing records: Retained as required by law (typically 7 years).

Data Processing

  • Prompts and completions are processed in memory and never written to disk.
  • Your content is never used for model training or fine-tuning.
  • We do not share your data with third parties except as required for payment processing.
  • Cloud infrastructure runs under strict data processing agreements.

Compliance & Auditing

  • Policy Gateway: Enterprise audit logging with export to Splunk, Datadog, Elastic, S3, and Azure Monitor.
  • PII redaction: Automatic detection and redaction of emails, phone numbers, SSNs, and payment cards.
  • GDPR: Data subject access and deletion requests honored within 30 days.

Third-Party Processors

  • Payment processing: PCI-DSS compliant processor (Stripe).
  • Cloud hosting: Major cloud providers with industry-standard security controls.
  • Email delivery: Transactional email provider for account notifications.
  • All processors operate under data processing agreements with appropriate safeguards.