Data retention in AI APIs - what providers actually keep
"Does this API store my prompts?" is one of the first questions a serious team asks before shipping. The honest answer for most major providers is: yes, briefly, for abuse monitoring - and the details vary more than you'd expect. Here is what the documentation and recent events actually say.
The default: short retention, no training (on the API)
The big providers converge on a similar pattern for paid API traffic, even though the numbers differ.
| Provider | Default API retention | Used for training? | Zero-retention option |
|---|---|---|---|
| OpenAI | Up to 30 days for abuse monitoring | No (API/business data) | Yes, on approval |
| Anthropic (Claude) | 7 days (some models 30) | No, without permission | Yes (ZDR) |
| Google (Gemini, paid) | Limited logging for policy enforcement | No | Yes, on approval |
According to OpenAI's data controls documentation, API inputs and outputs are retained for up to 30 days to detect abuse, then deleted unless legally required to keep them longer. Anthropic went the other direction in 2025: per its Claude platform docs, API log retention was reduced from 30 days to 7 days as of September 14, 2025, with certain models still requiring a 30-day window. Google's Gemini API terms state that for paid services it does not use your prompts or responses to improve its products, and logs them only for a limited period to detect policy violations.
The recurring theme: commercial API data is generally not used to train models by default. That is a real and meaningful distinction from consumer chat apps.
Consumer apps play by different rules
This is where teams get tripped up. Anthropic's August 2025 update to its consumer terms introduced opt-in training: if a Free, Pro, or Max user allows it, retention extends to five years, and existing users had until October 8, 2025 to make a choice. Crucially, Anthropic's own announcement says these changes do not apply to commercial services, "including ... API use." So the privacy posture of the chat product you use personally tells you very little about the API your app calls.
The wildcard nobody controls: legal holds
Retention policy is what a provider intends to keep. A court can override it. In the New York Times copyright litigation, a federal court issued a preservation order in May 2025 requiring OpenAI to retain ChatGPT logs that would normally have been deleted, and by late 2025 - as Bloomberg Law reported - OpenAI was ordered to turn over a sample of 20 million anonymized logs. OpenAI publicly objected on user-privacy grounds, but the order stood.
The lesson is not "OpenAI is careless" - it's that any provider holding your data can be compelled to keep and produce it. The only data that can't be subpoenaed from a provider is data the provider never stored.
What this means for developers
- Read the API terms, not the consumer privacy page. They are frequently different documents with different rules.
- Treat the default retention window as the floor, not the ceiling - legal holds can extend it indefinitely.
- If you handle regulated or sensitive data, pursue a true zero-retention path rather than relying on "we don't train on it."
- Don't over-trust "100% private" marketing. Whoever runs the model still receives your prompt to generate a response.
How multi-provider access changes the calculus
When your stack is locked to one vendor, that vendor's retention policy is your retention policy. Routing through a gateway gives you choice. With AnyModel you hit one OpenAI-compatible endpoint (https://anymodel.org/v1) and reach GPT, Claude, Gemini, DeepSeek, GLM, Kimi, Qwen, and Grok with a single key - switching models is just changing the model id. You can compare options and route sensitive workloads to whichever underlying provider best fits your compliance needs.
For retention specifically, AnyModel offers Ghost Mode: opt-in, zero-retention API keys where we don't store your prompts or responses on our side - only a token counter for billing. To be clear, this covers our layer; the model provider still receives the prompt to answer it. Ghost Mode removes one hop of stored data, not all of them.
Getting started takes one line:
bash <(curl -fsSL "https://anymodel.org/i?tool=codex") <YOUR_API_KEY>
Use tool=claude for Claude Code; for Cursor, Zed, or Aider, point the base URL to https://anymodel.org/v1 with your key. More analysis like this lives on the blog.
Want control over where your prompts go - and a zero-retention option on our side? Create a free account and get 1,000,000 tokens to start (6,000,000 if you link Telegram), no credit card required.
AnyModel