What is retained
ModelRiver stores the following data for every processed request:
| Data type | Purpose | Retention |
|---|---|---|
| Request payloads | Debugging and replay | Configurable |
| AI responses | Observability and auditing | Configurable |
| Token usage | Cost analytics and billing | Persistent |
| Cache fields | Customer data echo | Tied to request |
| Webhook delivery logs | Delivery status tracking | 30 days |
| Timeline events | Request lifecycle tracing | Tied to request |
Managing retention
- Per-project purge: Contact support to purge logs for specific projects when policies require it.
- Custom retention windows: Enterprise plans support custom retention periods.
- Selective caching: Use cache fields selectively and redact sensitive data before sending to ModelRiver.
Data minimisation
Best practices for minimising data exposure:
- Avoid logging PII: Strip personally identifiable information from request payloads before sending.
- Use cache fields selectively: Only cache the business identifiers you need for observability.
- Redact before sending: Process sensitive content on your side before including it in AI requests.
- Separate environments: Use distinct projects for development, staging, and production to isolate data.
Deletion requests
To request data deletion:
- Email [email protected] with your project name and the scope of deletion
- Include specific date ranges or request IDs if applicable
- Deletion is processed within 7 business days
- You'll receive confirmation once complete
Next steps
- Compliance: Audit trails and regulatory considerations
- API keys: Manage authentication credentials
- Observability: Monitor request data and usage