Enterprise Security: Zero-Retention and Data Privacy
Enterprise customers require strict data privacy guarantees. TarqaAI implements zero-retention policies and compliance-first architecture.
Security Highlights
Zero Data Retention
By default, TarqaAI:
- Does not store request content
- Does not log response data
- Only tracks metadata for billing and analytics
- Purges all data after processing
End-to-End Encryption
All data is encrypted:
- TLS 1.3 for data in transit
- AES-256 for data at rest
- No plaintext storage at any point
- Encrypted backups and logs
Compliance Certifications
TarqaAI is certified for:
- SOC 2 Type II: Security, availability, and confidentiality
- GDPR: European data protection
- CCPA: California privacy rights
- HIPAA: Healthcare data (Enterprise plan)
Audit Logging
Track every API call:
- Who made the request
- When it was made
- Which model was used
- Response metadata
- No sensitive data logged
VPC and Self-Hosted Options
For maximum control:
- Deploy within your private cloud
- Keep data within your infrastructure
- Full compliance with data residency requirements
- Enterprise-grade security controls
Best Practices
1
Use environment-based API keys - Separate dev/prod access
2
Enable audit logging - Track all usage
3
Set IP whitelist - Restrict access to known networks
4
Rotate keys regularly - Automatic 90-day rotation
5
Monitor access patterns - Alert on unusual activity
Enterprise security isn't optional - it's built into TarqaAI from the ground up.