> ## Documentation Index
> Fetch the complete documentation index at: https://docs.abliteration.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> How Policy Gateway handles your data — retention, encryption, access control.

Policy Gateway does not retain prompt or model output content by default. Operational telemetry (token counts, timestamps, error codes) is kept for billing and reliability; policy events are buffered briefly then shipped to your configured connector for durable retention.

## Data retention

* **Prompt and model output content is not retained** on abliteration.ai's side by default.
* **Policy events** are buffered briefly on the Pub/Sub topic that drives connectors. Configure a [connector](/policy-gateway/connectors) to ship them into storage you control — S3, Azure Blob, your SIEM — for durable retention.
* **Operational telemetry** (token counts, timestamps, error codes) is kept for billing and reliability.

## Encryption

* TLS 1.2+ for all API traffic. HSTS enabled on `api.abliteration.ai`.
* API keys are stored hashed; the plaintext value is shown only at creation.

## Access control

* Keys are scoped to exactly one project. Compromising one key never exposes another project.
* Console access uses role-based permissions.

<Note>
  This page describes platform behavior only. Specific contractual commitments around retention, residency, and compliance are defined in your plan and agreements with abliteration.ai, which take precedence.
</Note>
