prxy.monster / data retention
Data retention
This is the canonical data-retention matrix for prxy.monster. Every public-surface security and privacy claim agrees with this table. hash_only is the default for payload capture. encrypted_at_rest is opt-in under a customer X25519 public key. none disables capture beyond receipt hashes. Outcome notes are sha-256 hashed server-side at write time. Bare anonymous-sandbox tokens never persist.
| Artifact | Cloud default | Local default | Can disable? | Retention | Visible publicly? | Used by | Notes |
|---|---|---|---|---|---|---|---|
| Prompt / request body | sha-256 hash only | In-memory only; never written | Yes (payload_capture: none) |
Hash retained with the receipt; raw body never stored | No | Receipt provenance + cache key | Plaintext requires opt-in via encrypted_at_rest. |
| Completion / response body | sha-256 hash only | In-memory only; never written | Yes (payload_capture: none) |
Hash retained with the receipt; raw body never stored | No | Receipt provenance + cache lookup | Encrypted-at-rest mode bypasses cache. |
| Canonical hashes (4 per call) | Stored on the receipt | Stored on the receipt | No — required for proof | Lifetime of the receipt | On public receipts only | Signature verification, replay detection | client_request_hash, provider_request_hash, provider_response_hash, client_response_hash. |
| Receipt metadata | Stored on the receipt | Stored on the receipt | Visibility flag controls public surface | Retained | When visibility != private |
Cost attribution, audit, lair dashboards | tenant / project / agent / IAM principal hidden on public_demo. |
| Outcomes | Stored anchored on receipt_id | Stored anchored on receipt_id | Yes — outcomes are opt-in per call | Retained | No | Memory-candidates queue, reviewer UI | Append-only. CHECK enums on outcome (11 values) and source (5 values). |
| Outcome notes | sha-256 hash only | sha-256 hash only | Yes — omit notes from the request |
Hash retained with the outcome | No | Reviewer context only — never displayed in raw form | Notes are hashed server-side at write time. Raw text never persists. |
| Memory candidates | Stored | Stored | n/a — derived from positive outcomes | Until promoted or rejected | No | Lair reviewer UI | No auto-promotion. A human always promotes. |
| Patterns | Stored after reviewer promotion | Stored after reviewer promotion | Reviewer can reject; promoted patterns are deletable | Retained | No | patterns module — injection into future requests |
Promoted patterns are tenant-scoped. |
| Cache entries (exact + semantic) | Per-user scoped | Per-machine scoped | Yes — encrypted_at_rest and none bypass cache |
TTL per cache type | No | Cache modules | Semantic cache scoped per-user since migration 020. |
| Encrypted payload blobs | Stored only when payload_capture: encrypted_at_rest |
Same — opt-in only | Default off | Retained while opt-in is active | No | Customer-side decrypt with X25519 private key | Algorithm x25519-xchacha20-poly1305-v1. Per-call ephemeral keys. prxy never holds the customer private key. |
| Provider keys (BYOK) | Encrypted at rest | Local file or env var | Yes — delete the BYOK row | Until the customer revokes | No | Provider client at request time | Stored as ciphertext in user_provider_keys. |
| Anonymous sandbox session | anon_key_hash + ip_hash + counters; bare token never persists |
n/a — sandbox is cloud-only | n/a — anon by design | Until expires_at; converted_user_id linkage on claim |
Receipts emitted as public_demo |
Receipts persist with user_id=null + api_key_id=null |
Bare anon token never persists at rest. Hashes only. |
public_demo receipts (sandbox) |
Stored + linkable from receipts.prxy.monster/r/<id> |
n/a — sandbox is cloud-only | Sandbox usage implies public_demo |
Retained | Yes, redacted to the public_demo field set | Public verifier flow | Tenant / project / agent / IP / trace ids hidden on the public surface; signature still verifiable. |
What we do not
No foundation-model training on customer requests, completions, or outcome notes.
No selling of customer data to third parties.
No hosted-side telemetry from
prxy-monster-local. Local is local.No silent retention of plaintext request or response bodies.
hash_only is the default.No retention of bare anonymous-sandbox tokens — only hashes and counters.
How to opt out further
- Set
payload_capture: noneon your api_key to disable capture beyond receipt hashes. Cache is bypassed. - Omit the
POST /v1/outcomescalls. No outcomes, no memory candidates. - Run
prxy-monster-local(MIT). Same module pipeline; nothing leaves your infrastructure.
For hosted deletion requests, contact [email protected]. Last updated: 2026-05-07.