Vercel added Zero Data Retention to protect data from AI model training
Vercel simplified data protection from AI providers. Teams can now enable Zero Data Retention through the dashboard, and all requests will be routed only to mod
Developers working with multiple AI models simultaneously face a new problem: fragmented data policies. OpenAI trains on your information by default. Anthropic doesn't. Google has its own terms. Instead of writing code, you're forced to read service terminals and hope your team members properly configure opt-outs for each request. Vercel simplified this pain through an expansion of AI Gateway.
How It Usually Breaks
Each AI provider has its own approach to data, creating operational chaos. Some train on requests by default, requiring explicit opt-out. Others offer opt-out only at the API level. Still others require a contract to guarantee Zero Data Retention. Managing this manually is impossible. The only solution is to read each provider's documentation, compare your company's security requirements, and hope developers remember how to properly configure each request. One missed opt-out could cost you confidentiality.
How Vercel Solves the Problem
Vercel AI Gateway changes the paradigm. Instead of configuring each request separately, you set a policy once in the dashboard. The Gateway automatically routes all requests only through providers that match your requirements. No code changes needed. This works because Vercel has already negotiated Zero Data Retention agreements with most major providers. OpenAI, Anthropic, Google, and others have ZDR-version models. The Gateway simply selects the right one.
Three Ways to Control
Vercel offers a flexible approach with three levels of protection:
- Team-wide ZDR — enable it in the dashboard, and all your team's requests will be routed only to ZDR models. No one can accidentally bypass this policy
- Per-request ZDR — for individual sensitive requests, when only some data requires protection. Configured in code through provider options
- Disallow Prompt Training — blocks providers from using your prompts to improve models if you're sending proprietary code or internal strategies
Team-wide ZDR is ideal for teams where security is a priority: configure once in the dashboard and forget about it. Per-request is suitable for mixed scenarios, when some requests contain sensitive information and others don't.
Full Visibility: Audit in Every Response
Automation is good, but transparency is needed. Vercel includes complete routing metadata in every response: which providers were considered, which filtered out by ZDR criteria, which was ultimately selected. This isn't just logging — it's an audit trail for compliance. The example from the Gateway documentation shows the system tries multiple providers but selects only those matching ZDR criteria.
What This Means
Previously, compliance was an application problem. Developers had to remember data protection in every request. Now it's an infrastructure solution. Your team can focus entirely on the product, while Gateway automatically ensures data doesn't leak into training for other models.