Zero Data Retention: The Default Nobody Ticked for AI

A true story from a 22-person HR firm

The head of HR at a Rotterdam recruiting firm — call her Anne — used ChatGPT Plus for two years. Every CV she received went through it for summarisation. Every rejection letter was drafted by it. She paid €22 a month. She thought she was compliant. She had a Plus subscription, after all.

In January 2026 the firm's ISO 27001 auditor asked a simple question: "Does your AI provider retain the prompts your employees send?" Anne did not know. The auditor checked. The answer, for ChatGPT Plus, was yes — prompts were retained for 30 days for abuse monitoring, and could be used for model improvement unless explicit settings had been changed in Anne's account. They had not been.

Two years of CVs. Every name, phone number, address, education history, and salary expectation. All retained, partially reviewable by OpenAI personnel, and — until Anne's personal settings were flipped, which had never happened — eligible for training data.

The audit finding was one line: "Uncontrolled processing of personal data through consumer AI provider without Data Processing Agreement or zero data retention configuration." The ISO certification was suspended pending remediation. The firm lost two public-sector tenders that required the certification.

Anne did nothing wrong in any intuitive sense. She used a paid, well-known tool. She read no fine print because she did not know there was fine print that mattered. That gap — between what a reasonable business owner believes their paid subscription buys them, and what it actually buys them — is the most common compliance failure among European companies using AI in 2026.

What exactly does zero data retention mean?

Zero data retention (ZDR) is a specific technical and contractual guarantee from an AI provider: after your prompt is processed, nothing is stored. Not for abuse review, not for quality monitoring, not for training, not for human evaluation. The prompt enters, the response leaves, and the buffer is wiped.

ZDR is not the same as "secure" or "privacy-friendly" or "enterprise-ready". Those are marketing terms. ZDR is a checkbox in a contract and a setting in an API configuration. Either the provider deletes your data or they do not. There is no middle position.

Which AI providers actually offer zero data retention?

Four of the major LLM providers offer ZDR — but only at the API tier, and only with the right contract in place. Not through consumer subscriptions.

• OpenAI — ZDR is available via API with an enterprise agreement. OpenAI Enterprise Privacy page confirms ZDR terms. ChatGPT Plus and Team do not qualify.
• Anthropic — ZDR is the default via the commercial API. Consumer Claude.ai tier changed its defaults in late 2025 to opt-in training, but the API offers a stronger guarantee.
• Google — Gemini API for Workspace customers offers ZDR under specific contractual terms. AI Studio free tier does not.
• Mistral — EU-based provider. Offers ZDR at the API level and does not train on customer data by default on commercial plans.

Every one of those ZDR configurations is a paid API access pattern. Not a consumer chat tier. Not a Plus subscription. Not a Team subscription without the right agreement. This is the invisible gap — and it is the gap that Anne fell into.

Why has this become a legal requirement in 2026?

The EU AI Act, adopted in 2024 and phasing in throughout 2025 and 2026, combined with existing GDPR Article 5 (data minimisation and storage limitation) and Article 32 (security of processing), creates a practical baseline: personal data must not be retained longer than necessary, and processors must demonstrate appropriate technical measures.

ZDR is the cleanest way to meet both. If the provider never stores your prompt, there is no retention question to answer. If a regulator asks "where is this data now?", the answer is "nowhere". That is a defensible position. "We think it might have been deleted after 30 days unless it was used for training" is not.

The EU AI Act adds a second layer: transparency and accountability obligations scale with the risk category of your AI use. HR processing, for example, falls into higher-risk categories where documentation burden is heavier. ZDR simplifies that documentation dramatically.

The gap between what you think you have and what you actually have

This is the real problem for growing companies. Large enterprises have legal teams who review every API contract and configure retention settings deliberately. A 22-person recruiting firm does not. They have a subscription and an assumption.

The assumption goes something like this: "We pay €25 per user per month for a business AI tool. That must include the appropriate legal posture." The reality: the legal posture depends on which specific contract you have signed and which specific settings are enabled. Price is unrelated.

If you cannot answer three questions with confidence, you have the same gap Anne had:

• Which specific AI provider(s) are my employees using?
• Is each provider covered by a signed Data Processing Agreement with explicit zero data retention terms?
• Can I produce, for any given day in the last six months, a list of what personal data was processed by AI?

Three no answers means an audit finding waiting to happen.

The Custos BYOK-ZDR Stack

The response to this gap is structural. We call it the BYOK-ZDR Stack — a three-layer configuration that turns the ZDR question from an ongoing compliance burden into a one-time setup.

Layer one: Bring Your Own Key. You connect your own API keys from OpenAI, Anthropic, Google or Mistral. Your employees use them through Custos, but the contractual relationship is between you and the provider directly. You hold the enterprise agreement with the ZDR terms — not Custos, not your employees.

Layer two: ZDR-only provider list. Custos only supports the four providers that offer ZDR at the API tier. There is no path in the product to use a consumer-tier ChatGPT account. Employees cannot accidentally route client data to a tool without ZDR because the tool is not in the product.

Layer three: EU-only routing. Every request goes through Custos infrastructure in Frankfurt (Supabase) and Amsterdam (TransIP). Your data never leaves the EEA on the way to the provider. The provider processes under its own ZDR configuration. And returns. And nothing is retained anywhere along the chain.

Applied together, these three layers close the gap Anne fell into. A regulator asking "where is this data now?" gets a single, short, evidence-backed answer: "nowhere". That is what ZDR-as-a-baseline actually means in practice.

Is this a silver bullet?

No. ZDR does not prevent employees from sharing data they should not share in the first place. It removes the retention question, not the input question. You still need a clear policy on what data is and is not allowed to enter AI tools — and you still need the visibility to enforce it.

ZDR is a building block. A necessary one. But it only works as part of a broader posture: vetted providers, logged access, budgeted usage, trained employees. Alone it closes one risk. Together with the 3V Rule from our Shadow AI piece, it closes most of them.

The practical bottom line

In 2026, running AI processing of personal data without zero data retention is the equivalent of running email without TLS in 2015. Technically possible. Legally questionable. Increasingly unacceptable to auditors, procurement teams, and regulators.

The fix is not complicated. It is not expensive. It is just not the default. Until you make it the default at your own organisation, it will not happen.

That is the work — and it is the one piece of AI compliance that, once done, stays done.