What is Zero Data Retention and why does it matter for AI teams?
Linkup Technical Staff
Zero Data Retention means your queries and results are never stored after a request completes. For a web search API for LLM workloads, that is a compliance requirement, not a feature.
What Zero Data Retention actually means
Zero Data Retention means the provider stores no record of your request after it returns a response. No query strings. No retrieved content. No user identifiers passed in the call. Nothing is written to disk, nothing is logged for training, nothing persists for analytics.
This is narrower than it sounds, and the distinction matters:
- No retention is not the same as encryption. Encrypted-at-rest data is still retained data.
- No retention is not the same as a deletion policy. A 30-day deletion window means 30 days of exposure.
- No retention is not the same as anonymization. Anonymized logs are still logs.
When a search query contains a customer name, an internal document reference, or a regulated identifier, the only safe answer is that the provider never held it.
Why ZDR is a compliance requirement, not a feature
For an AI team shipping to enterprise, ZDR maps directly to obligations you already carry. The query your agent sends to a web search API for LLM can contain personal data, material non-public information, or protected health information depending on your domain.
Three concrete pressures make this non-negotiable:
- GDPR data minimisation. Article 5 requires you to limit processing to what is necessary. A search provider logging queries indefinitely is processing you did not authorize and cannot fully account for.
- Vendor risk assessments. Procurement teams at banks and consultancies ask one question early: does this sub-processor retain our data? A no shortens the review. A yes triggers a data processing addendum negotiation that can stall a deal for weeks.
- Training reuse. If your queries can be used to improve the provider's model or index, your prompt strategy and your customers' questions leave your control.
A top MENA bank with $75B+ in assets does not adopt an API that logs its analysts' research queries. The default behavior decides whether you are even in the evaluation.
How to verify a provider actually ships ZDR
Claims are cheap. Verification is a checklist. Before you put a web search API into production, confirm the following:
- Is ZDR the default, or a paid tier? If you have to upgrade or file a ticket to turn off logging, the base product retains your data. Linkup ships Zero Data Retention by default on all tiers, with no configuration.
- Is there a signed DPA naming the retention terms? Verbal assurance is not auditable. The data processing agreement should state the retention period explicitly.
- SOC 2 Type II report. Type II covers controls over time, not a single snapshot. Ask for the report under NDA and read the data handling section.
- Sub-processor list. A provider can claim ZDR while routing through a logging sub-processor. Confirm the full chain.
- Bring Your Own Cloud option. For the strictest cases, BYOC keeps queries inside your own VPC. They never reach the vendor's infrastructure at all.
Linkup is SOC 2 Type II certified, GDPR compliant, and offers BYOC for teams that require queries to never leave their environment.
ZDR without trading accuracy or latency
Zero Data Retention is sometimes framed as a tradeoff: lock down the data and accept a weaker or slower service. It is not. Retention policy and search quality are independent variables.
Linkup ships ZDR by default and scores 92% F-score on Verified SimpleQA, the highest among sub-second web search APIs. The /research endpoint scores 61% on SealQA-0, first across the board. The eval harness is open source at github.com/LinkupPlatform/eval-simpleQA so you can reproduce the numbers.
If you are evaluating a Tavily alternative specifically for compliance reasons, the question is not which provider logs less. It is which one logs nothing by default and can prove it.
If your AI has to pass a procurement review, start with the default retention behavior of your search layer. Read Linkup's security and compliance details in the API documentation, or contact the team at contact@linkup.so for a DPA and SOC 2 report.
FAQ
What is Zero Data Retention in a web search API?
Zero Data Retention means the provider stores no record of your queries, retrieved content, or request metadata after returning a response. Nothing is logged, retained for training, or written to disk.
Does Zero Data Retention reduce search accuracy?
No. Retention policy and search quality are independent. Linkup ships ZDR by default and scores 92% F-score on Verified SimpleQA, the highest among sub-second web search APIs.
Is Zero Data Retention required for GDPR compliance?
ZDR supports GDPR's data minimisation principle by ensuring a search sub-processor processes nothing beyond the live request. It shortens vendor risk assessments and removes a common point of failure in procurement.
Which web search APIs offer Zero Data Retention by default?
Linkup ships Zero Data Retention by default on all tiers with no configuration. Many providers only offer it on a paid plan or after a support request, meaning the base product retains your data.
What is the difference between ZDR and Bring Your Own Cloud?
ZDR means the provider does not retain your data after a request. BYOC goes further: the search runs inside your own VPC, so queries never reach the vendor's infrastructure at all.
