From 83c4ed7c9f3b438bdd377ef77afcf6d64e0dbf9a Mon Sep 17 00:00:00 2001 From: harshikaalagh-netizen Date: Fri, 20 Mar 2026 18:11:45 +0530 Subject: [PATCH 01/10] Create articles/openrouter-data-retention-policy.mdx via admin --- .../articles/openrouter-data-retention-policy.mdx | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 apps/web/content/articles/openrouter-data-retention-policy.mdx diff --git a/apps/web/content/articles/openrouter-data-retention-policy.mdx b/apps/web/content/articles/openrouter-data-retention-policy.mdx new file mode 100644 index 0000000000..c7691b6453 --- /dev/null +++ b/apps/web/content/articles/openrouter-data-retention-policy.mdx @@ -0,0 +1,11 @@ +--- +meta_title: "" +display_title: "" +meta_description: "" +author: +- "John Jeong" +featured: false +category: "Product" +date: "2026-03-20" +--- + From 0dfdd827528d365cb4b08a64df8aa6d5478377f3 Mon Sep 17 00:00:00 2001 From: harshikaalagh-netizen Date: Fri, 20 Mar 2026 18:12:59 +0530 Subject: [PATCH 02/10] Update articles/openrouter-data-retention-policy.mdx via admin --- .../openrouter-data-retention-policy.mdx | 70 +++++++++++++++++-- 1 file changed, 66 insertions(+), 4 deletions(-) diff --git a/apps/web/content/articles/openrouter-data-retention-policy.mdx b/apps/web/content/articles/openrouter-data-retention-policy.mdx index c7691b6453..f3d1c89e44 100644 --- a/apps/web/content/articles/openrouter-data-retention-policy.mdx +++ b/apps/web/content/articles/openrouter-data-retention-policy.mdx @@ -1,11 +1,73 @@ --- -meta_title: "" -display_title: "" -meta_description: "" author: -- "John Jeong" + - "John Jeong" featured: false category: "Product" date: "2026-03-20" --- +OpenRouter is an aggregator that routes your API requests to dozens of underlying providers, including OpenAI, Anthropic, Mistral, Google, and many others. + +That creates a data retention question with two layers. What does OpenRouter itself store? And what does the provider your request gets routed to store? + +Both matter. Here is how each works. + +## What OpenRouter Itself Keeps From Your Requests + +By default, OpenRouter does not log your prompts or completions. What it does store is request metadata: timestamps, the model you used, token counts, and latency. That information is retained for billing and operational purposes. + +Your actual conversation content is not retained by OpenRouter unless you specifically opt in to prompt logging. + +## Why You Should Never Enable Prompt Logging + +OpenRouter offers a 1% discount on usage costs in exchange for enabling prompt logging. If you turn this on, OpenRouter stores your prompts and completions. + +There is a significant term attached to this. [OpenRouter's privacy policy](https://openrouter.ai/privacy) states that enabling prompt logging grants OpenRouter an irrevocable right to commercial use of those inputs and outputs. That language is broader than most providers use. It means logged data could be used for purposes beyond just displaying your history in the dashboard. + +If you are evaluating OpenRouter for any use case involving confidential information, sensitive conversations, or regulated data, do not enable prompt logging. The 1% discount is not worth the data rights you are granting. + +## How to Make Sure OpenRouter Never Logs Your Requests + +## **OpenRouter supports ZDR at the request level. You can pass the zdr parameter in individual API calls to prevent OpenRouter from logging that specific request, regardless of your account-wide settings. It also works as an account-wide setting.** + +## **This gives you granular control if you need it. For most use cases, simply not enabling prompt logging achieves the same result for OpenRouter's own data handling.** + +**The Part Most People Miss: What the Underlying Provider Stores** + +**This is where OpenRouter's data policy gets more complicated.** + +**When you send a request through OpenRouter, it routes that request to a provider. That provider processes your prompt under their own data retention policy. OpenRouter does not change what the provider stores. If your request goes to OpenAI's API, OpenAI's 30-day abuse monitoring window applies. If it goes to Anthropic's API, Anthropic's 7-day window applies.** + +**OpenRouter displays the data retention policy for each provider endpoint in its interface. Before routing sensitive data through a model, check the provider policy shown for that endpoint.** + +**By default, OpenRouter does not guarantee which specific provider instance handles your request. It selects based on availability, price, and performance. You can specify a preferred provider using routing parameters in your API call, but unless you do, the selection is automatic.** + +**How to Keep Your Data in the EU** + +**For enterprise customers, OpenRouter supports EU in-region routing. When enabled, your prompts and completions are processed within the European Union and do not leave the EU. This is relevant for organizations operating under GDPR or with contractual data residency requirements.** + +**EU routing is not enabled by default and requires an enterprise account configuration. Contact OpenRouter's team to enable it.** + +**Is OpenRouter Safe for Regulated Industries?** + +**OpenRouter does not publish a HIPAA Business Associate Agreement. If your use case involves protected health information, OpenRouter is not the right routing layer without a BAA in place. The same applies to other regulated data categories.** + +**For compliance-sensitive deployments, the multi-provider nature of OpenRouter adds complexity. You are not just evaluating OpenRouter's compliance posture but also the compliance posture of every provider your requests might be routed to. Unless you lock routing to a specific provider with known compliance certifications, the compliance surface is difficult to bound.** + +**When OpenRouter Works for Sensitive Work and When It Does Not** + +**OpenRouter's value is flexibility and cost optimization across providers. For non-sensitive workloads where you want access to a broad model catalog, routing optimization, and fallback handling, it is a practical tool.** + +**For sensitive work, the two-layer data question requires more active management. You need to be specific about which provider your requests go to, verify that provider's data policy, confirm that OpenRouter ZDR is enabled, and ensure prompt logging is off. That is manageable, but it requires deliberate configuration rather than relying on defaults.** + +**The defaults at OpenRouter are reasonably privacy-conscious. Prompts are not logged out of the box. But the flexibility that makes OpenRouter useful also makes its data handling harder to audit than a direct provider relationship.** + +**Using OpenRouter Through Char** + +**Char supports OpenRouter as an API provider option. When you bring your own OpenRouter API key, your meeting data routes through OpenRouter under your account settings.** + +**If you configure OpenRouter with ZDR enabled and prompt logging off, those settings apply to requests Char sends through your account. If you have locked routing to a specific provider within OpenRouter, requests from Char will follow that configuration.** + +**As with all Char integrations, your meeting notes are stored as plain markdown files on your device. The AI provider processes your data to generate a summary, but the output lives locally. Switching from OpenRouter to a direct provider relationship, or to a local model, does not require any changes to how your notes are organized.** + +**[Download Char for MacOS](https://char.com/download) and use the AI provider your security team actually approves.** \ No newline at end of file From 831abb35d4801da8b9044f1d27fd424b136fd6dc Mon Sep 17 00:00:00 2001 From: harshikaalagh-netizen Date: Fri, 20 Mar 2026 18:13:15 +0530 Subject: [PATCH 03/10] Update articles/openrouter-data-retention-policy.mdx via admin --- .../web/content/articles/openrouter-data-retention-policy.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/web/content/articles/openrouter-data-retention-policy.mdx b/apps/web/content/articles/openrouter-data-retention-policy.mdx index f3d1c89e44..a3a2f71888 100644 --- a/apps/web/content/articles/openrouter-data-retention-policy.mdx +++ b/apps/web/content/articles/openrouter-data-retention-policy.mdx @@ -28,9 +28,9 @@ If you are evaluating OpenRouter for any use case involving confidential informa ## How to Make Sure OpenRouter Never Logs Your Requests -## **OpenRouter supports ZDR at the request level. You can pass the zdr parameter in individual API calls to prevent OpenRouter from logging that specific request, regardless of your account-wide settings. It also works as an account-wide setting.** +OpenRouter supports ZDR at the request level. You can pass the zdr parameter in individual API calls to prevent OpenRouter from logging that specific request, regardless of your account-wide settings. It also works as an account-wide setting. -## **This gives you granular control if you need it. For most use cases, simply not enabling prompt logging achieves the same result for OpenRouter's own data handling.** +This gives you granular control if you need it. For most use cases, simply not enabling prompt logging achieves the same result for OpenRouter's own data handling. **The Part Most People Miss: What the Underlying Provider Stores** From 8d87af251f87dbee16a77660b5a45420c2ec9376 Mon Sep 17 00:00:00 2001 From: harshikaalagh-netizen Date: Fri, 20 Mar 2026 18:14:56 +0530 Subject: [PATCH 04/10] Update articles/openrouter-data-retention-policy.mdx via admin --- .../openrouter-data-retention-policy.mdx | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/apps/web/content/articles/openrouter-data-retention-policy.mdx b/apps/web/content/articles/openrouter-data-retention-policy.mdx index a3a2f71888..561e72a1fc 100644 --- a/apps/web/content/articles/openrouter-data-retention-policy.mdx +++ b/apps/web/content/articles/openrouter-data-retention-policy.mdx @@ -32,29 +32,29 @@ OpenRouter supports ZDR at the request level. You can pass the zdr parameter in This gives you granular control if you need it. For most use cases, simply not enabling prompt logging achieves the same result for OpenRouter's own data handling. -**The Part Most People Miss: What the Underlying Provider Stores** +## What OpenRouter's Underlying Provider Stores -**This is where OpenRouter's data policy gets more complicated.** +This is where OpenRouter's data policy gets more complicated. -**When you send a request through OpenRouter, it routes that request to a provider. That provider processes your prompt under their own data retention policy. OpenRouter does not change what the provider stores. If your request goes to OpenAI's API, OpenAI's 30-day abuse monitoring window applies. If it goes to Anthropic's API, Anthropic's 7-day window applies.** +When you send a request through OpenRouter, it routes that request to a provider. That provider processes your prompt under their own data retention policy. OpenRouter does not change what the provider stores. If your request goes to OpenAI's API, OpenAI's 30-day abuse monitoring window applies. If it goes to Anthropic's API, Anthropic's 7-day window applies. -**OpenRouter displays the data retention policy for each provider endpoint in its interface. Before routing sensitive data through a model, check the provider policy shown for that endpoint.** +OpenRouter displays the data retention policy for each provider endpoint in its interface. Before routing sensitive data through a model, check the provider policy shown for that endpoint. -**By default, OpenRouter does not guarantee which specific provider instance handles your request. It selects based on availability, price, and performance. You can specify a preferred provider using routing parameters in your API call, but unless you do, the selection is automatic.** +By default, OpenRouter does not guarantee which specific provider instance handles your request. It selects based on availability, price, and performance. You can specify a preferred provider using routing parameters in your API call, but unless you do, the selection is automatic. -**How to Keep Your Data in the EU** +## How to Keep Your Data in the EU -**For enterprise customers, OpenRouter supports EU in-region routing. When enabled, your prompts and completions are processed within the European Union and do not leave the EU. This is relevant for organizations operating under GDPR or with contractual data residency requirements.** +For enterprise customers, OpenRouter supports EU in-region routing. When enabled, your prompts and completions are processed within the European Union and do not leave the EU. This is relevant for organizations operating under GDPR or with contractual data residency requirements. -**EU routing is not enabled by default and requires an enterprise account configuration. Contact OpenRouter's team to enable it.** +EU routing is not enabled by default and requires an enterprise account configuration. Contact OpenRouter's team to enable it. -**Is OpenRouter Safe for Regulated Industries?** +## Is OpenRouter Safe for Regulated Industries? -**OpenRouter does not publish a HIPAA Business Associate Agreement. If your use case involves protected health information, OpenRouter is not the right routing layer without a BAA in place. The same applies to other regulated data categories.** +OpenRouter does not publish a HIPAA Business Associate Agreement. If your use case involves protected health information, OpenRouter is not the right routing layer without a BAA in place. The same applies to other regulated data categories. -**For compliance-sensitive deployments, the multi-provider nature of OpenRouter adds complexity. You are not just evaluating OpenRouter's compliance posture but also the compliance posture of every provider your requests might be routed to. Unless you lock routing to a specific provider with known compliance certifications, the compliance surface is difficult to bound.** +For compliance-sensitive deployments, the multi-provider nature of OpenRouter adds complexity. You are not just evaluating OpenRouter's compliance posture but also the compliance posture of every provider your requests might be routed to. Unless you lock routing to a specific provider with known compliance certifications, the compliance surface is difficult to bound. -**When OpenRouter Works for Sensitive Work and When It Does Not** +## **When OpenRouter Works for Sensitive Work and When It Does Not** **OpenRouter's value is flexibility and cost optimization across providers. For non-sensitive workloads where you want access to a broad model catalog, routing optimization, and fallback handling, it is a practical tool.** From 1a567c563756c2b04ebd9978e85808c7b4d8c397 Mon Sep 17 00:00:00 2001 From: harshikaalagh-netizen Date: Fri, 20 Mar 2026 18:15:56 +0530 Subject: [PATCH 05/10] Update articles/openrouter-data-retention-policy.mdx via admin --- .../openrouter-data-retention-policy.mdx | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/apps/web/content/articles/openrouter-data-retention-policy.mdx b/apps/web/content/articles/openrouter-data-retention-policy.mdx index 561e72a1fc..3d19a5ec00 100644 --- a/apps/web/content/articles/openrouter-data-retention-policy.mdx +++ b/apps/web/content/articles/openrouter-data-retention-policy.mdx @@ -56,18 +56,18 @@ For compliance-sensitive deployments, the multi-provider nature of OpenRouter ad ## **When OpenRouter Works for Sensitive Work and When It Does Not** -**OpenRouter's value is flexibility and cost optimization across providers. For non-sensitive workloads where you want access to a broad model catalog, routing optimization, and fallback handling, it is a practical tool.** +OpenRouter's value is flexibility and cost optimization across providers. For non-sensitive workloads where you want access to a broad model catalog, routing optimization, and fallback handling, it is a practical tool. -**For sensitive work, the two-layer data question requires more active management. You need to be specific about which provider your requests go to, verify that provider's data policy, confirm that OpenRouter ZDR is enabled, and ensure prompt logging is off. That is manageable, but it requires deliberate configuration rather than relying on defaults.** +For sensitive work, the two-layer data question requires more active management. You need to be specific about which provider your requests go to, verify that provider's data policy, confirm that OpenRouter ZDR is enabled, and ensure prompt logging is off. That is manageable, but it requires deliberate configuration rather than relying on defaults. -**The defaults at OpenRouter are reasonably privacy-conscious. Prompts are not logged out of the box. But the flexibility that makes OpenRouter useful also makes its data handling harder to audit than a direct provider relationship.** +The defaults at OpenRouter are reasonably privacy-conscious. Prompts are not logged out of the box. But the flexibility that makes OpenRouter useful also makes its data handling harder to audit than a direct provider relationship. -**Using OpenRouter Through Char** +## Using OpenRouter Through Char -**Char supports OpenRouter as an API provider option. When you bring your own OpenRouter API key, your meeting data routes through OpenRouter under your account settings.** +Char supports OpenRouter as an API provider option. When you bring your own OpenRouter API key, your meeting data routes through OpenRouter under your account settings. -**If you configure OpenRouter with ZDR enabled and prompt logging off, those settings apply to requests Char sends through your account. If you have locked routing to a specific provider within OpenRouter, requests from Char will follow that configuration.** +If you configure OpenRouter with ZDR enabled and prompt logging off, those settings apply to requests Char sends through your account. If you have locked routing to a specific provider within OpenRouter, requests from Char will follow that configuration. -**As with all Char integrations, your meeting notes are stored as plain markdown files on your device. The AI provider processes your data to generate a summary, but the output lives locally. Switching from OpenRouter to a direct provider relationship, or to a local model, does not require any changes to how your notes are organized.** +As with all Char integrations, your meeting notes are stored on your device. The AI provider processes your data to generate a summary, but the output lives locally. Switching from OpenRouter to a direct provider relationship, or to a local model, does not require any changes to how your notes are organized. -**[Download Char for MacOS](https://char.com/download) and use the AI provider your security team actually approves.** \ No newline at end of file +[Download Char for MacOS](https://char.com/download) and use the AI provider your security team actually approves. \ No newline at end of file From 50ae514545258c425bc3c97f8381a8f61942c885 Mon Sep 17 00:00:00 2001 From: harshikaalagh-netizen Date: Fri, 20 Mar 2026 18:17:43 +0530 Subject: [PATCH 06/10] Update articles/openrouter-data-retention-policy.mdx via admin --- .../content/articles/openrouter-data-retention-policy.mdx | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/apps/web/content/articles/openrouter-data-retention-policy.mdx b/apps/web/content/articles/openrouter-data-retention-policy.mdx index 3d19a5ec00..b75e3b26b6 100644 --- a/apps/web/content/articles/openrouter-data-retention-policy.mdx +++ b/apps/web/content/articles/openrouter-data-retention-policy.mdx @@ -1,8 +1,11 @@ --- +meta_title: "OpenRouter Data Retention Policy: What You Need to Know" +meta_description: "OpenRouter routes your requests across dozens of AI providers. That means two data retention questions, not one. Here's how to think about both." author: - "John Jeong" + - "Harshika" featured: false -category: "Product" +category: "Guides" date: "2026-03-20" --- @@ -36,7 +39,7 @@ This gives you granular control if you need it. For most use cases, simply not e This is where OpenRouter's data policy gets more complicated. -When you send a request through OpenRouter, it routes that request to a provider. That provider processes your prompt under their own data retention policy. OpenRouter does not change what the provider stores. If your request goes to OpenAI's API, OpenAI's 30-day abuse monitoring window applies. If it goes to Anthropic's API, Anthropic's 7-day window applies. +When you send a request through OpenRouter, it routes that request to a provider. That provider processes your prompt under their own data retention policy. OpenRouter does not change what the provider stores. If your request goes to OpenAI's API, [OpenAI's 30-day abuse monitoring window](https://char.com/blog/chatgpt-data-retention-policy/) applies. If it goes to Anthropic's API, [Anthropic's 7-day window](https://char.com/blog/anthropic-data-retention-policy/) applies. OpenRouter displays the data retention policy for each provider endpoint in its interface. Before routing sensitive data through a model, check the provider policy shown for that endpoint. From 1e2b5bcc5357f8f538c639a9b5eb99ed4a8c32c5 Mon Sep 17 00:00:00 2001 From: harshikaalagh-netizen Date: Fri, 20 Mar 2026 18:17:53 +0530 Subject: [PATCH 07/10] Update articles/openrouter-data-retention-policy.mdx via admin From 500e3a42fe5cf3077e0f236be759668af35c7ccd Mon Sep 17 00:00:00 2001 From: harshikaalagh-netizen Date: Fri, 20 Mar 2026 18:18:04 +0530 Subject: [PATCH 08/10] Update articles/openrouter-data-retention-policy.mdx via admin From 7df5b9e749deff1bb9facaa1006b71935b4f45b9 Mon Sep 17 00:00:00 2001 From: harshikaalagh-netizen Date: Fri, 20 Mar 2026 18:33:13 +0530 Subject: [PATCH 09/10] Update articles/openrouter-data-retention-policy.mdx via admin --- apps/web/content/articles/openrouter-data-retention-policy.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/web/content/articles/openrouter-data-retention-policy.mdx b/apps/web/content/articles/openrouter-data-retention-policy.mdx index b75e3b26b6..c05b4b5d5b 100644 --- a/apps/web/content/articles/openrouter-data-retention-policy.mdx +++ b/apps/web/content/articles/openrouter-data-retention-policy.mdx @@ -57,7 +57,7 @@ OpenRouter does not publish a HIPAA Business Associate Agreement. If your use ca For compliance-sensitive deployments, the multi-provider nature of OpenRouter adds complexity. You are not just evaluating OpenRouter's compliance posture but also the compliance posture of every provider your requests might be routed to. Unless you lock routing to a specific provider with known compliance certifications, the compliance surface is difficult to bound. -## **When OpenRouter Works for Sensitive Work and When It Does Not** +## When OpenRouter Works for Sensitive Work and When It Does Not OpenRouter's value is flexibility and cost optimization across providers. For non-sensitive workloads where you want access to a broad model catalog, routing optimization, and fallback handling, it is a practical tool. From 5527afd56f970053609216d1d566dcade1ab960c Mon Sep 17 00:00:00 2001 From: harshikaalagh-netizen Date: Fri, 20 Mar 2026 18:33:29 +0530 Subject: [PATCH 10/10] Update articles/openrouter-data-retention-policy.mdx via admin