We don't train on your traffic.
Prompts and completions that pass through idclinks are never used to train any model — ours, our upstream providers', or anyone else's. This is contractual, not just a stated preference.
We're an infrastructure layer. We forward your traffic, we meter it, and we get out of the way. This page is the short version; full SOC 2 type II reports and DPAs are available under NDA.
Prompts and completions that pass through idclinks are never used to train any model — ours, our upstream providers', or anyone else's. This is contractual, not just a stated preference.
Standard requests log metadata only: model, region, replica, token counts, latency, status. Prompt and completion bytes are not persisted. Customers who need a content audit log can opt-in explicitly per project.
Set idc-no-retention: true
on any request and we route to a pool where prompt and completion bytes never leave
volatile memory. No disk, no cache, no audit trail beyond metadata.
EU traffic stays in EU. Other regions are equally pinnable on Enterprise. We document the route in the response headers so you can verify, not just trust.
| Framework | Status | Artifacts available |
|---|---|---|
| SOC 2 Type II | in continuous audit | Full report under NDA, latest audit window covers Nov 2025 – April 2026. |
| GDPR / UK GDPR | compliant | Standard contractual clauses, DPA, ROPA available. |
| CCPA / CPRA | compliant | Subject-access request workflow documented. |
| HIPAA | BAA on request | Available on Enterprise with dedicated capacity and zero-retention routes. |
| ISO 27001 | target Q4 2026 | Currently in surveillance audit; will share certification on issuance. |
All production access is gated by hardware-backed SSO and reviewed quarterly. Privileged sessions are recorded; reviewers rotate to avoid same-team approvals. Customer content is never accessed without a written ticket from the customer.
TLS 1.3 enforced on every external endpoint. Internal service-to-service traffic uses mutual TLS with rotating certificates. Persisted data — billing, metadata, audit logs — is encrypted at rest with envelope keys managed in a hardware security module.
API keys are bcrypt-hashed at rest with a per-key salt. Customer keys are rotateable from the dashboard or the management API. We never email keys; we never log keys in full.
Annual third-party penetration tests; continuous internal red-team exercises against the gateway and management API. Public disclosure program at security@idclinks.com — reports get a same-business-day acknowledgment.
Each routed region is independently sufficient for global traffic at degraded capacity. We run a full region-failure drill every quarter and publish the recovery timeline to customers on Scale and above.
Subprocessor changes are notified to customers 30 days in advance. The current list is documented in our DPA.
| Subprocessor | Purpose | Region |
|---|---|---|
| Upstream model providers | Inference (per-request, per your model selection) | Per region |
| Cloud infrastructure | Compute, network, object storage | US, EU, APAC |
| Payment processor | Card and ACH billing | US |
| Identity provider | Dashboard SSO and MFA | US |
| Email delivery | Transactional and incident notifications | US |