Data We Collect
Transparency is core to our values. This document provides a complete inventory of all data InfraPrism collects, processes, and stores.
Event Data
For each LLM API call, we collect the following metadata:
Always Collected
| Field | Type | Description | Example |
|---|---|---|---|
timestamp | ISO 8601 | When the request was made | 2025-01-15T10:30:00Z |
model | string | Model identifier | gpt-4o, claude-3-5-sonnet |
provider | string | LLM provider | openai, anthropic, azure |
input_tokens | integer | Number of input tokens | 150 |
output_tokens | integer | Number of output tokens | 500 |
total_tokens | integer | Total tokens used | 650 |
latency_ms | integer | Request duration in milliseconds | 1200 |
cost_usd | decimal | Calculated cost in USD | 0.0065 |
success | boolean | Whether the request succeeded | true |
Attribution Data (When Provided)
| Field | Type | Description | Example |
|---|---|---|---|
entity_type | string | Type of entity | customer, team, project, employee |
entity_id | string | Your internal identifier | acme-corp, eng-team |
session_id | string | Conversation/workflow ID | 550e8400-e29b-... |
tags | object | Custom metadata | {"feature": "chatbot"} |
Error Data (On Failure)
| Field | Type | Description | Example |
|---|---|---|---|
error_type | string | Category of error | rate_limit, invalid_request |
error_code | string | Provider error code | 429, 400 |
What We Never Collect
The following data is never sent to InfraPrism:
| Data Type | Status |
|---|---|
| Prompt content | ❌ Never collected |
| Response/completion content | ❌ Never collected |
| System messages | ❌ Never collected |
| Function/tool definitions | ❌ Never collected |
| Function/tool call results | ❌ Never collected |
| Image data | ❌ Never collected |
| Audio data | ❌ Never collected |
| File contents | ❌ Never collected |
| Your API keys | ❌ Never collected |
Account Data
When you create an InfraPrism account, we collect:
| Field | Purpose | Retention |
|---|---|---|
| Email address | Account login, notifications | Until account deletion |
| Name | Display in dashboard | Until account deletion |
| Company name | Organization management | Until account deletion |
| Password hash | Authentication (bcrypt) | Until account deletion |
| Payment info | Billing (via Stripe) | Managed by Stripe |
Usage Data
For service improvement and debugging:
| Data | Purpose | Retention |
|---|---|---|
| Dashboard page views | Analytics | 90 days |
| Feature usage | Product improvement | 90 days |
| Error logs | Debugging | 30 days |
| API request logs | Rate limiting, debugging | 7 days |
Data Retention
Event Data
| Plan | Retention Period |
|---|---|
| Free | 7 days |
| Growth | 90 days |
| Scale | 1 year |
| Enterprise | Custom (up to unlimited) |
Aggregated Analytics
Aggregated data (daily/monthly summaries) is retained indefinitely for historical analysis. This data contains no individual event details.
Data Location
Standard Plans
All data is stored in the United States:
- Primary: AWS us-east-1 (N. Virginia)
- Backups: AWS us-west-2 (Oregon)
Enterprise Plans
Data residency options available:
- European Union (AWS eu-west-1)
- Custom regions on request
Data Export
You can export your data at any time:
Via Dashboard
- Go to Settings → Data Export
- Select date range and format (CSV or JSON)
- Download the export
Via API
curl -X POST https://api.infraprism.com/v1/exports \
-H "Authorization: Bearer ip-..." \
-H "Content-Type: application/json" \
-d '{
"start_date": "2025-01-01",
"end_date": "2025-01-31",
"format": "csv"
}'Data Deletion
Event Data
Request deletion via:
- Dashboard: Settings → Data Management → Delete Data
- Email: [email protected]
- API:
DELETE /v1/data
Deletion is processed within 30 days.
Account Deletion
To delete your account and all associated data:
- Go to Settings → Account
- Click Delete Account
- Confirm deletion
All data is permanently deleted within 30 days.
Third-Party Services
We use the following third-party services:
| Service | Purpose | Data Shared |
|---|---|---|
| AWS | Infrastructure | Event data (encrypted) |
| Stripe | Payment processing | Payment info only |
| SendGrid | Email delivery | Email address only |
| Cloudflare | CDN, DDoS protection | IP addresses |
No LLM content is ever shared with third parties.
Compliance Certifications
- SOC 2 Type II - Annual audit
- HIPAA - BAA available for Enterprise
- GDPR - EU compliant
Questions?
If you have questions about our data practices:
- Email: [email protected]
- Security: [email protected]
- Documentation: Privacy Architecture
Next Steps
- Privacy Architecture - How we protect your data
- Security - Security practices
- HIPAA Compliance - Healthcare compliance