Skip to main content

User-Controlled Model Integrations

Users integrate their own API keys and select the model providers they want to work with. As a result:
  • Orq.ai does not require Data Processing Agreements (DPAs) with model providers nor is Orq.ai a subprocessor for the model providers.
  • Whether a model trains on the data depends on settings configured on the provider’s side. Most providers allow training to be disabled—this must be configured directly in the provider’s platform by the user.

No Model Training on Platform Data

No data that flows through orq.ai is ever used to train or fine-tune any models by orq.ai. Input and output data are processed but not retained.

Privacy and Masking Controls

orq.ai includes features to help ensure data privacy and regulatory compliance:
  • PII Masking: Input variables can be flagged as Personally Identifiable Information (PII), which includes Personal Data. These are sent to the model but are not stored or shown in logs.
  • Response Masking: Entire model responses can be masked. While tokens are still exchanged with the model, the content is never stored or displayed within orq.ai.
These features allow models to function as intended while ensuring sensitive data remains confidential. Read more how to configure this in Orq here: Deployment Security and Privacy

Security and Compliance

  • Compliance is maintained through Vanta, supporting both SOC 2 and GDPR standards.
  • Security oversight is provided by an independent Chief Information Security Officer (CISO).
  • All data stored within the platform resides in data centers located in the European Union.

Data Retention

Data is retained only for the duration of the configured retention period. This allows users to review logs and traces for observability. After the retention period, data is automatically deleted.

Real-Time Trust Status

For up-to-date security and compliance information, visit the real-time trust report: trust.orq.ai