Security at Every Layer
Zero data retention. EU hosting. Enterprise-grade security by default. Your data never leaves your control.
Or email us at sales@requesty.ai
Zero Data Retention
Your prompts and completions are never stored. Data is proxied in real-time and immediately discarded after delivery.
EU Data Residency
All data processed through our EU infrastructure. Full GDPR compliance with data never leaving European borders.
End-to-End Encryption
TLS 1.3 encryption for all data in transit. AES-256 for any data at rest. Zero plaintext exposure.
Threat detection, in real time
Every request is inspected before it leaves the gateway. Shadow AI, non-EU egress, prompt injection, leaked secrets — caught and logged as they happen.
Threat pulse
Events per minute · last 60 min
Top blocked categories
Built-in Guardrails
Enterprise-grade security controls that work out of the box
PII Detection & Scrubbing
Automatically detect and mask personally identifiable information before it reaches the model
Prompt Injection Protection
Real-time detection and blocking of prompt injection attempts
Content Filtering
Configurable content policies to prevent harmful outputs
Rate Limiting
Per-key, per-team, and per-model rate limits to prevent abuse
Spending Controls
Set budgets per team, per user, or per API key with automatic cutoffs
Audit Logging
Complete audit trail of every request with timestamps, users, and models used
Compliance & Certifications
Meeting the highest standards for security and privacy
GDPR Compliant
Full compliance with EU data protection regulations
SOC 2 Type II
In progress - expected Q2 2026
Data processed in EU
All infrastructure hosted in Frankfurt, Germany
No third-party data sharing
Your data is never shared with third parties
Regular security audits
Quarterly penetration testing and security reviews
Responsible disclosure program
We reward security researchers for responsible disclosure
Secure Architecture
Your data flows through our secure gateway, never stored
Your App
Your application
Requesty Gateway
Frankfurt, EU
Model Providers
OpenAI, Anthropic, etc.
End-to-end encrypted
TLS 1.3 everywhere
Zero retention
No data stored
Full audit trail
Every request logged
Security FAQ
Common security and compliance questions from teams evaluating Requesty.
Yes. All traffic is encrypted in transit with TLS 1.2 or higher, and all data at rest is encrypted with AES-256. Credentials and API keys are stored encrypted and never logged.
Requesty runs prompts through a proprietary PII detection model before they reach the model provider. Detected PII can be automatically scrubbed, flagged, or blocked based on your policy. The detector covers names, emails, phone numbers, SSNs, credit card numbers, and custom regex patterns.
Yes. Admins can restrict access to an approved list of models and providers. Users calling a blocked model get a clear error, and every attempt is logged for audit.
By default we do not retain request bodies. Audit logs record metadata (timestamp, user, model, token counts, cost) so you can trace activity without exposing prompt content.
Yes. Requesty is SOC 2 Type II compliant and GDPR compliant. We provide a DPA on request and support EU data residency in Frankfurt.
API keys are hashed at rest and shown in full only once at creation. Admins can rotate, revoke, or set spend limits per key. Service accounts let you issue scoped keys for CI/CD without exposing user credentials.
Security shouldn't be an afterthought
Start building with enterprise-grade security from day one.