Data Retention & Logging Disclosure
1. Prompt logging
We do not log prompts. Request bodies (messages, system prompts, tool definitions) are processed in memory for the lifetime of the request and are discarded once the response is delivered. They are never written to disk, message queues or analytics systems.
2. Completion retention
Zero retention. Model outputs are streamed to the caller and are not persisted by SonarCompute in any form after delivery.
3. Training on customer data
Never. We do not train, fine-tune, distill or evaluate models using customer inputs or outputs. We serve open-weight models as published by their original authors.
4. What we do retain
- Usage metadata — model ID, input/output token counts, timestamps, latency, status codes. Retained for 13 months for billing and audit.
- Security logs — source IP, API-key ID, request headers (never bodies). Retained for 90 days for abuse prevention.
- Account & billing records — retained as required by applicable law.
5. Upstream capacity
Inference may be executed on SonarCompute-operated or contracted GPU capacity. All capacity partners are bound by data-processing terms consistent with this disclosure: no prompt persistence, no training use.
6. Data residency
Requests are served from the region closest to the caller. Metadata is stored in our primary infrastructure region. Regional pinning is available for enterprise integrations.
7. Verification
Platform partners may request a technical walkthrough of our logging pipeline as part of onboarding: hello@sonarcompute.com.