Deployment Mode · 2 of 5
Zero Data Retention AI.
Same frontier models. Different contract. ZDR endpoints are the way to use Claude, GPT, and Gemini on customer data, regulated workloads, and material business information without those queries being retained, logged for training, or used to improve the provider's service. The model quality stays. The data exposure goes away.
For workloads where public cloud is too permissive and self-hosted is too slow to ship - ZDR is the answer. BrainPack routes to it automatically when the data classification requires it.
ZDR Is The Answer to a Question Most Vendors Will Not Ask You.
Read your default OpenAI API terms. Read your default Anthropic API terms. Read your default Azure OpenAI terms. They are not the same as the marketing page. Hidden in the legal language are clauses about content monitoring, abuse detection, prompt logging, and - depending on configuration and product tier - possible use of your data for safety training, evaluation, or service improvement. None of this is malicious. All of it is real. And almost none of it is appropriate for the data your CFO sends to AI when nobody is reviewing the API headers.
Zero Data Retention is a different contractual posture on the same models. Same Claude, same GPT, same Gemini, same latency, same quality - different terms. The provider commits in writing that the data is not retained on their side beyond the moment of inference, not logged for training, not reviewed for service improvement, and in many configurations not even used for abuse monitoring. The compliance posture is meaningfully better. The price is somewhat higher. The unlock is the ability to send sensitive data to frontier models without the audit-trail problem that public cloud creates.
ZDR is the most mis-explained deployment mode in 2026. Vendors mention it but rarely explain when it is the right answer, when it is not enough, and how it orchestrates with the other modes. This page covers all of that. Honestly.
What ZDR Actually Means. The Contract.
A Contractual Term, Not A Technical One.
Zero Data Retention means routing inference through endpoints where the provider has contractually agreed not to persist your inputs or outputs. The query and response are processed in memory and discarded after the inference call completes. The data is not added to training corpora, not used for fine-tuning any current or future model, and not aggregated or sampled for service improvement.
The activation path runs through enterprise contracts directly with the provider, or through enterprise gateways (Azure OpenAI, AWS Bedrock, Anthropic for Enterprise) that offer ZDR as a configuration option. Default abuse monitoring the content review most public cloud APIs run for prompt injection and policy violations is either removed entirely or retained under strict access controls, depending on the specific contract.
ZDR is not a product feature it is a service tier. The lack of provider-side retention does not eliminate logging; it shifts the locus of the audit log to your environment. What was sent, who sent it, and what came back still need to be recorded somewhere under ZDR, that somewhere is no longer the provider. The deployment decision is a contract-and-audit decision, not a "does the provider store it" decision.
BrainPack treats ZDR as one execution surface among five. The Connect, Orchestrate, and Govern layers do not change. What changes is the contractual terms governing the inference call and the fact that the full audit trail of every input, output, and routing decision is maintained entirely on your side.
How It Actually Works — Govern LayerWhen ZDR Is The Right Mode.
Five Workloads Where It Wins.
Five workload categories where ZDR is the better choice when frontier model quality matters and the data is sensitive enough that default retention terms are not acceptable.
Confidential Internal Data On Frontier Models
Internal strategy documents, M&A analysis, board materials, unpublished financials. The data is not regulated in a way that mandates self-hosting, but it is sensitive enough that you do not want it sitting in a vendor's training pipeline or retained for service improvement. ZDR lets you keep frontier model quality without the retention.
Customer Data Under NDA Or MSA Restrictions
Contracts with enterprise customers often prohibit their data from being used to train third-party models or retained by subprocessors. ZDR endpoints satisfy those clauses while keeping the workload on the same providers your team already builds against.
Production Customer-Facing Apps Handling PII
Support agents, account assistants, anything that touches customer records, contact details, or transaction history. Default public cloud terms create disclosure and audit complexity. ZDR removes the retention question from the contractual surface entirely.
Regulated Industries On Cloud Models
Financial services, healthcare administration, legal workloads that need frontier model quality but operate under regulatory regimes (SEC, HIPAA, GLBA, attorney-client privilege) where vendor data retention creates compliance risk. ZDR is often the bridge between "we can use this model" and "we cannot."
When You Need The Audit Trail On Your Side
Internal audit, legal hold, regulatory examinations. Provider-side logs are a liability you cannot fully control what is retained, where it lives, or how long. Under ZDR, the provider retains nothing and the full audit trail of inputs, outputs, and routing decisions lives in your environment, where your existing logging and retention policies already apply.
When ZDR Is The Wrong Mode.
And Where The Workload Should Go Instead.
Five workload categories where ZDR is the wrong answer and where BrainPack routes work to self-hosted, on-premise, air-gapped, or back to standard public cloud instead.
Data That Cannot Leave Your Network At All
Defense contracts with controlled classifications, intelligence workloads, anything covered by air-gap requirements. ZDR still sends the inference call across the public internet to a third-party provider. If the data classification prohibits that transit at all, the workload belongs on-premise or air-gapped — no contractual retention term solves a network-egress problem.
Workloads Where Sovereignty Trumps Quality
Banking core data in jurisdictions with strict residency rules, government workloads with FedRAMP High or equivalent obligations, healthcare data in countries that prohibit cross-border processing. The provider's data center geography matters more than the contract terms. Self-hosted in your region or on-premise is the right call.
Core IP You Will Never Allow Off-Property
Source code for the products you sell, proprietary algorithms, trade secrets, manufacturing process documentation. Even with zero retention, the inference still runs on a third-party vendor's compute. For organizations whose competitive moat is the IP itself, self-hosted open source on dedicated GPU is the right choice — no third-party AI vendor in the data path, ever.
General Productivity Work That Does Not Need It
Drafting emails, summarizing public documents, brainstorming, analyzing already-public information. ZDR carries a cost premium and a smaller model selection than standard public cloud. Spending it on workloads that do not require it wastes budget and capacity that should be reserved for data that actually needs the contract.
When You Need Capabilities Not Yet On ZDR Tiers
Frontier model releases land on standard public cloud first. ZDR endpoints, self-hosted, and on-premise all lag by weeks or months on the newest reasoning, multimodal, and coding capabilities. If a workload genuinely requires day-one access to a new model and the data class permits it, standard public cloud is the right surface not ZDR.
Where to route them instead
How ZDR Orchestrates.
With Every Other Deployment Mode.
ZDR is the bridge mode. Public cloud is fast but default terms. Self-hosted is controlled but model lags. ZDR sits between - frontier model quality with contractual data protection. The orchestration matters more than any single mode.
A real BrainPack deployment looks like this:
Same user interface. Same agent library. Five different routing decisions made automatically by the Govern layer based on data classification. The user does not pick the mode. The mode picks itself based on what the data is. ZDR is one of the five - and for many enterprises, the one most workloads should land on once they outgrow public cloud.
The user never picks the deployment mode. The mode picks itself.
ZDR Inside the BrainPack Layer.
Routing to a ZDR endpoint is technically simple. Doing it well at enterprise scale requires several things on top of the API call.
Active enterprise contracts
BrainPack maintains ZDR-eligible enterprise agreements with Anthropic, OpenAI (via Azure or direct), Google Vertex, AWS Bedrock, and Mistral. The contracts are negotiated centrally and applied per workload. You do not separately procure ZDR - it is part of the operating layer.
Automatic routing by data classification.
The Govern layer classifies queries based on content, user role, and policy. Queries that match ZDR-required categories are routed to ZDR endpoints - automatically, with no opportunity for a developer to accidentally route them to default-terms endpoints. The classification happens before the data leaves your environment.
Multi-region ZDR.
Different regulatory frameworks require different physical regions for data processing. BrainPack routes ZDR queries to the correct region per workload - EU data to EU-resident ZDR endpoints, US healthcare data to US-resident endpoints, and so on.
Provider failover with same posture
If the primary ZDR provider has an outage, the orchestrator routes to a backup ZDR-eligible provider - never falling back to a default-terms public cloud endpoint. The contractual posture is preserved through outages.
Audit log on your side
Even though the provider does not retain the queries, BrainPack's Govern layer maintains full audit logs in your environment. What was sent, who sent it, what came back, when. The lack of provider-side retention does not mean the lack of accountability; it means the accountability lives in your own log infrastructure.
Cost transparency
ZDR is typically more expensive per token than default-terms inference. BrainPack tracks the cost differential, attributes it to the workloads using ZDR, and produces chargeback reports that show why the cost is what it is. ZDR cost is rarely a budget conversation; data exposure is.
Costs And Speed.
What You Actually Get.
ZDR carries a contractual premium and a smaller model selection than standard public cloud. In return, the retention question disappears from the inference call entirely.
To first capability. Standard public cloud integration plus enterprise contract activation or gateway configuration.
Per call. Slightly higher than standard public cloud gateways like Azure OpenAI and Bedrock add a routing hop. Still well inside production thresholds.
Over standard public cloud rates for the same model. The premium is the contract, not the compute. Pay-per-token billing remains.
Behind standard public cloud on new model releases. Enterprise tiers light up after the public tier. Plan accordingly for workloads that need day-one capability.
The real expense of ZDR is not the premium it is routing workloads here that did not need to be here. Standard public cloud handles general productivity work at a lower cost and on newer models. The Govern layer prevents over-routing the same way it prevents under-routing.
ZDR, Running Now.
Alongside Every Other Mode, Per Data Class.
ZDR is the mode most regulated enterprise workloads end up running on, alongside public cloud for non-sensitive work and self-hosted for IP-protected analysis.
ZDR handles employee-specific HR data - recruitment screening, performance review summaries, compensation analysis. Public cloud handles policy Q&A and onboarding content. One unified HR interface; two routing paths.
ZDR handles customer service interactions and individual customer analysis. Public cloud handles merchandising analytics on aggregated, non-personal data. Same agent library, two compliance postures.
ZDR handles individual customer support cases; public cloud handles supply chain analytics; self-hosted handles supplier contract analysis. All three modes operating simultaneously, governed centrally.
ZDR Is Where Frontier Models Become Compliant.
Most enterprise AI workloads end up routed through ZDR endpoints once they pass the first compliance review. Talk to an architect about which workloads in your environment should be on public cloud, ZDR, self-hosted, on-premise, or air-gapped - and how the orchestration policy should be configured.