# Data handling and privacy We run a routing and metering layer between you and the suppliers who serve your inference. This page covers what passes through, what we store, and what we do not. ## Zero data retention We do not store your prompts or completions. Your requests pass through our routing layer and are served by qualifying suppliers. Neither we nor our suppliers retain the content of your requests or responses. Your data is not used for training, fine-tuning, or any purpose beyond serving the request in front of it. This applies to every [live instrument](/docs/instrument-specifications/current-instruments.md) and to both API surfaces: the Consumption API at `https://api.thegrid.ai/v1` and the Anthropic Messages beta at `https://messages-beta.api.thegrid.ai/v1`. It is the default, not a paid tier or an optional setting. ZDR covers inference content, not the operational metadata we need to bill, route, and resolve disputes. That data is described next. ## We don't retain any inference content We retain the operational data needed to bill, route, and resolve disputes: * **Retained**: timestamps, the instrument used, which supplier served your request, token counts (input and output), time to first token, throughput, error codes, the trade and unit your tokens were drawn from, every order you placed and trade executed on the order book, and account metadata (email, API key hashes, Stripe customer ID, account settings, mode preference). * **Not retained**: prompt content, completion content, message history, files or images in requests, and any application-level data in the request or response body. ## Payment processing Stripe handles all payment processing, credit storage, and card management. When you add a payment method or load credits, the transaction goes through Stripe. We hold a reference to your Stripe customer record, not your card number, expiry, or CVC. We do not custody user funds and are not in scope for PCI obligations beyond what Stripe's integration model already covers. For invoices, billing history, or refunds, check your dashboard or contact . ## API key management You generate and manage API keys at [app.thegrid.ai/profile/api-keys](https://app.thegrid.ai/profile/api-keys). Keys are scoped to your account and revocable from the dashboard at any time. Each key is displayed once at creation, so store it somewhere your team can recover it. We store only a hash, not the key itself. A lost key can be revoked and replaced, not retrieved. If a key is compromised, revoke it and create a new one. Revocation invalidates the key for both the Consumption API and the Trading API. The Trading API uses a separate model. Every request is signed with an Ed25519 keypair. You generate the keypair locally, register the public key with us, and sign each request with the private key. The signed payload is the concatenation of the timestamp, HTTP method, request path, and request body. Your private key never leaves your environment. ## Additional questions SOC 2 Type II audit is in progress; the current attestation is available on request via . Other compliance documentation, including DPAs, subprocessor lists, data residency commitments, and breach notification SLAs, is handled case by case. Reach out to with the specific framework or requirement. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://thegrid.ai/docs/data-handling-and-privacy/data-handling-and-privacy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.