Is it GDPR-compliant to use OpenAI, Anthropic, or Google models?
+
It can be, and what matters is where the data is processed, what the provider retains, and whether your DPA covers the flow. Opper gives you EU-hosted routes for major models, acts as your single sub-processor, and provides a standard DPA with SCCs, so you can use frontier models while keeping processing in the EU and your paperwork unchanged.
What is zero data retention (ZDR)?
+
Zero data retention means the model provider does not store your prompts or completions after the request is served. On Opper, ZDR availability is shown per model and provider in the directory, some routes offer ZDR on all traffic and others through an enterprise agreement.
Do I need a DPA with every model provider?
+
Not when you route through Opper. You sign one DPA with Opper, and Opper maintains the sub-processor relationships with the model providers, so adding a new model does not require amending your DPA, notifying your customers, or waiting out a 30-day objection window.
Where is my data processed?
+
The Opper platform runs in AWS Stockholm, Sweden, and inference requests are processed in the region of the route you select. EU routes keep data in the EU end to end, and data only leaves the EU if you explicitly choose a route hosted elsewhere.
Does Opper store my prompts?
+
Not by default. Opper stores metadata like model, token counts, latency, and cost for your analytics, while prompt and completion content is not retained. You can enable full tracing with the Control Plane, and Enterprise plans offer zero retention.
Does Opper train on my data?
+
No, Opper never trains on your data. Provider-side training posture is documented per provider in the sub-processor list, which records that no listed model provider uses customer requests or responses to train its models by default.
How does Opper support EU AI Act, DORA, or NIS2 reviews?
+
Every call is logged with model, cost, latency, and policy decisions, and the Control Plane adds session replay, retention controls, budget caps, and model allowlists. That gives compliance teams the audit trail and documentation these reviews ask for.
What security and compliance documents can I get from Opper?
+
The standard Data Processing Agreement, the sub-processor list, and the platform security overview are published on opper.ai, Standard Contractual Clauses are available on request, and Enterprise customers can request tailored terms including zero retention.