Data retention
This is the canonical data-retention matrix for prxy.monster. Every public-surface security and privacy claim should agree with this table.
hash_only is the default for payload capture. encrypted_at_rest is opt-in under a customer-held X25519 public key. none disables capture beyond receipt hashes. Outcome notes are sha-256 hashed server-side at write time. Bare anonymous-sandbox tokens never persist.
Matrix
| Artifact | Cloud default | Local default | Can disable? | Retention | Visible publicly? | Used by | Notes |
|---|---|---|---|---|---|---|---|
| Prompt / request body | sha-256 hash only | In-memory only; never written | Yes (payload_capture: none) | Hash retained with the receipt; raw body never stored | No | Receipt provenance + cache key | Plaintext requires opt-in via encrypted_at_rest. |
| Completion / response body | sha-256 hash only | In-memory only; never written | Yes (payload_capture: none) | Hash retained with the receipt; raw body never stored | No | Receipt provenance + cache lookup | Encrypted-at-rest mode bypasses cache. |
| Canonical hashes (4 per call) | Stored on the receipt | Stored on the receipt | No — required for proof | Lifetime of the receipt | On public receipts only | Signature verification, replay detection | client_request_hash, provider_request_hash, provider_response_hash, client_response_hash. |
| Receipt metadata | Stored on the receipt | Stored on the receipt | Visibility flag controls public surface | Retained | When visibility != private | Cost attribution, audit, lair dashboards | tenant / project / agent / IAM principal hidden on public_demo. |
| Outcomes | Stored anchored on receipt_id | Stored anchored on receipt_id | Yes — outcomes are opt-in per call | Retained | No | Memory-candidates queue, reviewer UI | Append-only. CHECK enums on outcome (11 values) and source (5 values). |
| Outcome notes | sha-256 hash only | sha-256 hash only | Yes — omit notes from the request | Hash retained with the outcome | No | Reviewer context only — never displayed in raw form | Notes are hashed server-side at write time. Raw text never persists. |
| Memory candidates | Stored | Stored | n/a — derived from positive outcomes | Until promoted or rejected | No | Lair reviewer UI | No auto-promotion. A human always promotes. |
| Patterns | Stored after reviewer promotion | Stored after reviewer promotion | Reviewer can reject; promoted patterns are deletable | Retained | No | patterns module — injection into future requests | Promoted patterns are tenant-scoped. |
| Cache entries (exact + semantic) | Per-user scoped | Per-machine scoped | Yes — encrypted_at_rest and none modes bypass cache | TTL per cache type | No | Cache modules | Semantic cache scoped per-user since migration 020. |
| Encrypted payload blobs | Stored only when payload_capture: encrypted_at_rest | Same — opt-in only | Default off | Retained while opt-in is active | No | Customer-side decrypt with their X25519 private key | Algorithm x25519-xchacha20-poly1305-v1. Per-call ephemeral keys. prxy never holds the customer private key. |
| Provider keys (BYOK) | Encrypted at rest | Local file or env var | Yes — delete the BYOK row | Until the customer revokes | No | Provider client at request time | Stored as ciphertext in user_provider_keys. |
| Anonymous sandbox session | anon_key_hash + ip_hash + counters; bare token never persists | n/a — sandbox is cloud-only | n/a — anon by design | Until expires_at; converted_user_id linkage on claim | Receipts emitted as public_demo | Receipts persist with user_id=null + api_key_id=null | Bare anon token never persists at rest. Hashes only. |
public_demo receipts | Stored + linkable from receipts.prxy.monster/r/<id> | n/a — sandbox is cloud-only | Sandbox usage implies public_demo | Retained | Yes, redacted to the public_demo field set | Public verifier flow | Tenant / project / agent / IP / trace ids hidden on the public surface; signature still verifiable. |
We do not
- Train foundation models on customer requests, completions, or outcome notes.
- Sell customer data to third parties.
- Send hosted-side telemetry from
prxy-monster-local. Local is local. - Silently retain plaintext request or response bodies.
hash_onlyis the default. - Retain bare anonymous sandbox tokens — only hashes and counters.
How to opt out further
payload_capture: none— disables capture beyond receipt hashes. Cache is bypassed for that key. Configure in lair/dashboard/admin/api-keys.- No outcomes — omit the
POST /v1/outcomescalls. No outcomes, no memory candidates. - Local mode — run
prxy-monster-local(MIT). Same module pipeline; nothing leaves your infrastructure.