Our data protection practices reflect our commitment to safeguarding customer information through clear communication, robust security controls, and well-defined contractual and operational safeguards. We ensure transparency around how information is collected, used, and protected so you can make informed decisions, retain control of your data, and confidently engage with our products.
Data Ownership
Customers retain full ownership and control of their data at all times.
Data Minimization and Purpose Limitation
We collect only the data necessary to fulfill business and legal requirements—minimizing exposure and supporting privacy compliance.
Role-Based Access Control
Data access is limited by role, logged, and actively monitored.
Data Encryption
All data in transit is encrypted using secure industry standards.
Data Retention and Deletion Policies
We define clear retention periods and apply secure deletion methods by product.
Audits and Oversight
Regular audits verify compliance with our retention policies and standards, assess storage and access controls, and ensure responsible data classification.
Rapid Incident Response
We respond promptly to issues that could impact safety, privacy, and/or security. Our incident response process ensures timely action, clear communication, and continuous improvement so you stay informed and protected.
No Use of Customer Models for Training
We never use customer models to train or tune our detection capabilities.
Automatic Model Deletion
Uploaded models are deleted immediately upon scan completion. This ensures the integrity of your intellectual property (IP) and prevents unintended retention or reuse of your data.
Data Erasure on Request
You can request data deletion at any time. We honor data erasure requests in alignment with applicable regulations and contractual obligations, providing customers with control over their data lifecycle and supporting their internal governance and compliance requirements.
Consistent Security Across Deployments
Whether deployed as a SaaS solution or on-premises, Model Scanner performs scans using the same secure, parallel scanning architecture. This ensures consistent functionality, performance, and protection regardless of where the product is hosted.
Privacy by Design
Model Scanner applies data minimization, secure handling, and limited retention at every stage of its workflow. Each processing step is purpose-built to capture only the information needed, reduce unnecessary data exposure, and enforce secure deletion, ensuring your data is protected from intake to output.
Our data protection practices reflect our commitment to safeguarding customer information through clear communication, robust security controls, and well-defined contractual and operational safeguards. We ensure transparency around how information is collected, used, and protected so you can make informed decisions, retain control of your data, and confidently engage with our products.
Data Ownership
Customers retain full ownership and control of their data at all times.
Data Minimization and Purpose Limitation
We collect only the data necessary to fulfill business and legal requirements—minimizing exposure and supporting privacy compliance.
Role-Based Access Control
Data access is limited by role, logged, and actively monitored.
Data Encryption
All data in transit is encrypted using secure industry standards.
Data Retention and Deletion Policies
We define clear retention periods and apply secure deletion methods by product.
Audits and Oversight
Regular audits verify compliance with our retention policies and standards, assess storage and access controls, and ensure responsible data classification.
Rapid Incident Response
We respond promptly to issues that could impact safety, privacy, and/or security. Our incident response process ensures timely action, clear communication, and continuous improvement so you stay informed and protected.
AIDR enforces end-to-end encryption, role-restricted access, and clear retention controls, supporting your security and compliance objectives across deployment types.
Connection Types
- Disabled: No data shared
- Hybrid: Selective data sharing (controlled by settings)
Enterprise Self-Hosted
No customer data is transmitted outside your network. You maintain full control over data storage and infrastructure.
Enterprise Hybrid
Detection data is securely stored to enable visibility within the HiddenLayer console. Prompt and response data can be kept locally, if console visibility is not required. All data at rest is encrypted using AES-128 or stronger.
Enterprise SaaS
Detection data, including prompts and responses, is securely sent through the API for detection and visibility within the HiddenLayer console. All data at rest is encrypted using AES-128 or stronger.
Core Event Metadata
Always Sent:
- event_id (UUID): Unique event identifier
- tenant_id (UUID): Customer tenant identifier
- correlation_id (UUID): Request correlation tracking
- requester_id (string): Request originator identifier
- event_time (timestamp): When the event occurred
LLM Interaction Data (Conditional)
Controlled by HL_LLM_PROXY_MLDR_COLLECT_PROMPT in local configuration. The following data is only collected if HL_LLM_PROXY_MLDR_COLLECT_PROMPT=true:
- input_prompt (string): User's input prompt
- response (string): LLM's response
Detection Results & Analysis
Prompt Injection Results:
- prompt_injection_classifier_v{version}_verdict (boolean)
- prompt_injection_classifier_v{version}_elapsed_ms (float)
PII Detection Results:
- Entity types detected (e.g., EMAIL_ADDRESS, PHONE_NUMBER)
- Location offsets: {"start": number, "end": number}
Guardrail Results: Detection verdicts and metadata
Policy Enforcement Results: Block/allow decisions
Technical Metadata
- Provider Information: OpenAI, Azure, Anthropic, etc.
- Model Information: Model name/version used
- Performance Metrics: Processing time, latency, tokens
- Framework Mappings: MITRE ATT&CK, OWASP classifications
Configuration & Headers
- Custom Headers: X-LLM-* headers for policy configuration
- Authentication Tokens: For HiddenLayer service access
- Tenant Configuration: Ruleset and policy settings
Never Transmitted:
- Full Conversation History: Only current exchange (if enabled)
- API Keys/Secrets: Authentication handled separately
- Internal Network Details: Only application-level data
- File System Data: No local file access
Privacy Protection:
- PII Redaction: Content redacted before analysis when configured
- Selective Collection: HL_LLM_PROXY_MLDR_COLLECT_PROMPT=true prevents sensitive content sharing
- Local Processing: Most detection happens locally first
- Tenant Isolation: Data segregated by tenant_id
Hybrid & SaaS Deployments
Detection data and AI traffic are retained for the duration of your contract, and are securely deleted within 60 days of termination.
All Deployment Types
No data is shared or used for training models unless there is a written agreement explicitly outlining which data is being provided and for what purpose.