Skip to Content
SupportPlatform
SecurityData Handling

Security

Data Handling

What we collect, how we store it, and what control you have.

What We Collect

Introspection receives the telemetry your SDK sends — traces, events, and feedback. This typically includes:

  • Span names, attributes, and timing (from OpenTelemetry)
  • Gen AI semantic convention attributes (model name, token counts, input/output messages)
  • User identity and conversation context (set via SDK)
  • Feedback signals (thumbs up/down, comments)
  • Product analytics events (set via track())

We do not instrument or collect anything beyond what your SDK explicitly sends.

What We Do Not Do

  • We do not train AI models on customer data. Introspection’s internal models are trained on separate data. Customer data is used only to operate the service.
  • We do not sell or share personal data with third parties for advertising.
  • We do not use advertising or tracking cookies. Only essential session cookies are used.

Data Residency

On managed plans, data is processed and stored in the United States.

Enterprise customers can deploy the data plane in their preferred cloud region (AWS, GCP, or Azure). In hybrid deployments, customer data stays entirely within the customer’s cloud account.

Data Retention

Retention periods are governed by your subscription plan. Contact support@introspection.dev for details on your plan’s retention policy.

Customer-Managed Encryption Keys

Enterprise customers can bring their own encryption keys:

  • AWS: AWS KMS
  • GCP: Cloud KMS
  • Azure: Azure Key Vault

CMEK covers all storage: databases, caches, object storage, and Kubernetes secrets.

Sensitive Data

Avoid sending sensitive PII (social security numbers, financial account numbers, health records) through the SDK unless you have an enterprise agreement in place. The SDK is designed for AI observability data — model inputs/outputs, tool calls, and user feedback.

If your application processes sensitive data and you need to redact it before it reaches Introspection, contact us about PII handling options.

Subprocessors

Introspection uses the following categories of subprocessors:

CategoryExamples
Cloud hostingAWS, GCP, Azure
DatabasesPostgreSQL, ClickHouse, Redis
Model providersAnthropic, OpenAI, Google Gemini
AuthenticationZitadel (self-hosted)
PaymentStripe

For a complete list, contact support@introspection.dev.

Last updated on
InfrastructurePrivacy Policy