Guide

How gateway privacy modes work

Understand metadata-only capture, full audit capture, helper tokens, and the honest boundary of an inline SaaS gateway.

Gateway privacy modes let a customer choose what Tallin stores while keeping the operational ledger useful for spend, attribution, and policy evidence.

Metadata-only is the default privacy-friendly path

Metadata-only capture records the operational trail: user, workload, provider, model, token and cost estimate, route status, policy result, and timing. It does not store the prompt or response body.

Full audit capture is an explicit tradeoff

Full audit capture can support deeper prompt-level review, but it stores more sensitive material. Teams should turn it on only where they need that evidence and understand the governance value versus exposure tradeoff.

SaaS still sees traffic in memory

An inline gateway must receive plaintext in memory to forward the request. Metadata-only controls what is stored, not what transiently passes through the route. A self-hosted or VPC data plane is the stronger answer when a customer requires Tallin-hosted infrastructure to never see plaintext.

Key takeaways

  • Metadata-only stores who, what, when, how much, route, and policy outcome.
  • Full audit capture is useful for deeper review but stores more sensitive content.
  • Helper tokens preserve employee attribution for developer tools.
  • Only self-hosted or VPC deployment fully removes Tallin-hosted data-plane visibility.

Turn AI evidence into a ledger.

Start with a free AI Exposure Assessment, then replace estimates with observed and inferred signals from your own workspace.