Every AI privacy vendor has a policy page claiming "we don't train on your data." Very few have one that says "we don't keep your data." The gap between those two statements is where regulatory liability lives.
The hidden assumption in most AI proxies
Commercial AI gateways retain logs by default, usually for "debugging, abuse prevention, and support." Retention windows range from seven days to ninety. During that window, your data sits in a system you don't control, subject to subpoena, breach, or insider access.
Even with the best intentions on the vendor's side, a log is a liability. If it exists, it can be compelled. If it can be compelled, it's not really private.
What Article 9 actually says
Article 9 of the GDPR prohibits the processing of "special categories" of data — health, biometrics, political opinions, religious beliefs, sexual orientation, and more — except under tightly defined lawful bases. In practice, most enterprise AI use cases cannot clear the Article 9 bar.
Crucially, "processing" includes storage. The moment that data hits a log file on a proxy server, it has been processed. If the proxy is in a third country, or the proxy's sub-processors are, you have a cross-border transfer problem stacked on top of the Article 9 problem.
A log you can produce is a log you can be forced to produce.
Why zero-log must be architectural, not a policy
"We'll delete after 7 days" is a promise. "We don't have a disk" is a fact. Only the second survives contact with a motivated adversary — or a regulator.
Genuine zero-log means:
- No persistent writes of prompt or response content to any medium.
- Anonymization performed before data leaves the endpoint, so the proxy never sees the cleartext it would otherwise log.
- Ephemeral, in-memory processing with hard limits on retention of even the sanitized traffic.
- Open-source implementation so the above is verifiable rather than declarative.
How SOWA Privacy proves it
SOWA Privacy runs as a local-first anonymization layer. Protected entities are identified and replaced with placeholders on the user's device. What leaves the endpoint is already sanitized. The proxy never receives raw personal data because there is none to receive.
Because the pipeline is open source, auditors don't have to take our word for it — they can read the code that processes the request and confirm for themselves that nothing writes to disk. For regulated industries, that shift from promise to proof is the entire point.
Every architectural choice in a privacy product is either a liability or a defense. Logs are always a liability. The only question is whether you've designed them out of the system, or just hoped they won't bite.