Skip to content

ZDR Operations & Commands

Implementing Zero Data Retention requires continuous verification, strict configuration management, and robust auditing.

Verification & Audit Guide

A credible ZDR audit requires establishing the Four Pillars of Evidence.

1. Configuration Artifacts

Capture proof that ZDR is enabled across all utilized providers.

Azure OpenAI

Verify that ContentLogging is disabled for the resource.

az cognitiveservices account show --name <resource> --resource-group <rg> \
  --query "properties.capabilities[?name=='ContentLogging'].value"
# Expected output: "false"

AWS Bedrock

Verify that no logging is configured (since ZDR is default, opt-in logging should be empty).

aws bedrock get-model-invocation-logging-configuration
# Expected output: empty or no cloudwatch/s3 config

OpenAI

Configuration artifacts for OpenAI require a screenshot of the Dashboard > Settings > Organization > Data Retention showing ZDR enabled.

2. Negative Tests

Attempt to retrieve data that shouldn't exist to prove the retention policy is active.

OpenAI

Attempt to retrieve a completion by ID. Under ZDR, this should fail.

curl https://api.openai.com/v1/chat/completions/<completion-id> \
  -H "Authorization: Bearer $OPENAI_API_KEY"
# Expected output: 404 or error

AWS Bedrock

Check CloudWatch for model invocation logs. The log group should either not exist or be empty.

aws logs filter-log-events \
  --log-group-name "/aws/bedrock/modelinvocations" \
  --start-time $(date -d '1 hour ago' +%s000)
# Expected output: empty or log group doesn't exist

3. Environment Audit

Ensure that internal infrastructure isn't logging the data you are trying to protect from the provider. - Web framework request body logging: Must be disabled or restricted to post-redaction only. - HTTP client libraries: Set to WARN+ log level in production. - API gateway / load balancer: Configured to not log request bodies. - Error tracking (Sentry, Datadog): Utilize before_send hooks to strip sensitive fields. - LLM observability tools (LangSmith, Langfuse): PII redaction must be explicitly enabled. - Database query logging: Use parameterized queries; avoid full statement logging. - WAF / DLP proxy: Ensure the proxy itself is not storing payloads in its own logs.

4. Contractual Proof

Collect signed agreements to present during compliance audits: - BAA (Business Associate Agreement): Required for HIPAA compliance. - DPA (Data Processing Agreement/Addendum): Required for GDPR compliance. - ZDR Addendum or Amendment: Provider-specific documentation of zero data retention. - SOC 2 Type II report: Downloadable from the provider's trust center.

Commands & Recipes

OpenAI ZDR Request

Once ZDR is enabled at the org/project level, the store parameter is always treated as false.

curl https://api.openai.com/v1/chat/completions \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o",
    "store": false,
    "messages": [{"role": "user", "content": "Hello"}]
  }'

Keep all Bedrock traffic within the AWS network to prevent public internet exposure.

aws ec2 create-vpc-endpoint \
  --vpc-id <vpc-id> \
  --service-name com.amazonaws.<region>.bedrock-runtime \
  --vpc-endpoint-type Interface \
  --subnet-ids <subnet-id> \
  --security-group-ids <sg-id>

AWS Bedrock Guardrails (PII Redaction)

Configure a guardrail to anonymize emails and block SSNs.

aws bedrock create-guardrail \
  --name "pii-guardrail" \
  --blocked-input-messaging "Blocked" \
  --blocked-outputs-messaging "Blocked" \
  --sensitive-information-policy-config '{
    "piiEntitiesConfig": [
      {"type": "EMAIL", "action": "ANONYMIZE"},
      {"type": "US_SOCIAL_SECURITY_NUMBER", "action": "BLOCK"}
    ]
  }'

Azure OpenAI Private Endpoint

Ensure traffic to Azure OpenAI stays off the public internet.

az network private-endpoint create \
  --name openai-pe \
  --resource-group <rg> \
  --vnet-name <vnet> \
  --subnet <subnet> \
  --private-connection-resource-id <openai-resource-id> \
  --group-id account \
  --connection-name openai-conn

# Disable public access
az cognitiveservices account update \
  --name <resource-name> \
  --resource-group <rg> \
  --public-network-access Disabled

OpenRouter ZDR Routing

Enforce ZDR by dynamically failing requests if the chosen provider does not support it.

curl https://openrouter.ai/api/v1/chat/completions \
  -H "Authorization: Bearer $OPENROUTER_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "anthropic/claude-sonnet-4",
    "messages": [{"role": "user", "content": "Hello"}],
    "provider": {
      "data_collection": "deny"
    }
  }'

Self-Hosted Quickstarts

When deploying open-weight models internally to achieve absolute ZDR.

vLLM Quickstart

Best for production serving and high concurrency workloads.

pip install vllm

# Serve a model with OpenAI-compatible API
vllm serve deepseek-ai/DeepSeek-R1-Distill-Qwen-32B \
  --tensor-parallel-size 1 \
  --gpu-memory-utilization 0.8 \
  --enforce-eager \
  --port 8000

# Call it like OpenAI
curl http://localhost:8000/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{
    "model": "deepseek-ai/DeepSeek-R1-Distill-Qwen-32B",
    "messages": [{"role": "user", "content": "Hello"}]
  }'

Ollama Quickstart

Best for local development or simple single-node deployments.

# Install and run in one command
curl -fsSL https://ollama.com/install.sh | sh
ollama run llama4-scout

# Serve with OpenAI-compatible API in the background
ollama serve &
curl http://localhost:11434/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{
    "model": "llama4-scout",
    "messages": [{"role": "user", "content": "Hello"}]
  }'