Opper is built for teams that need real compliance. Security covers both planes. The AI Gateway decides where calls can go at request time, and the platform is how everything underneath is hosted and protected. This page covers both.Documentation Index
Fetch the complete documentation index at: https://docs.opper.ai/llms.txt
Use this file to discover all available pages before exploring further.
EU-hosted by default
The platform runs only in AWS Stockholm. Traces, routing tables, scoring history, and metadata stay in the EU. The one thing that leaves Opper’s footprint is the model call itself, and you can constrain even that at the gateway. Use Comply rules to:- Restrict calls to EU-only providers (Mistral, Azure EU, and others)
- Pin specific regions or countries that calls can route to
- Enforce Zero Data Retention by limiting calls to ZDR-eligible providers
We don’t train on your data
Opper never uses customer data to train models, and never shares it with providers for training.Your prompts and responses aren’t stored by default
By default, Opper records only metadata for each call: the model, token counts, cost, and latency. Your prompts and responses are never written to disk. That’s how every project starts, with no configuration. To keep full traces (the request, the response, and every step) for debugging and scoring, add a Comply retention rule. Content is then kept for the window you choose, up to 30 days, and deleted automatically after. For the strictest workloads, a Zero Data Retention rule also restricts calls to providers that don’t retain your data, so nothing persists with the model provider either.One sub-processor for every model
Most AI vendors require a separate DPA amendment for every model provider you turn on. Opper doesn’t. Opper is your one AI sub-processor, so you can add or remove models without rewriting contracts.Platform sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services | Platform data, indexes, traces, generations | Sweden |
| Auth0 | Authentication | Germany, Ireland |
| Datadog | Error logging | Germany |
| Sentry | Error logging | Germany |
| Google Workspace | Support correspondence | Europe |
| Modal / Docling | Document parsing | Europe |
| Stripe | Payment processing | United States |
Model providers (you pick which to enable)
| Provider | Location |
|---|---|
| Mistral | France 🇪🇺 |
| Microsoft Azure | EU 🇪🇺 |
| Google Vertex (EU) | Netherlands 🇪🇺 |
| Anthropic, OpenAI, Google Gemini, xAI | United States |
| Groq, Cerebras, Fireworks | United States |
Encryption
- At rest: AWS RDS with KMS-managed keys. Uploaded files use S3 SSE-S3.
- In transit: TLS on every public endpoint.
- Backups: encrypted in AWS Backup. Daily snapshots kept 5 weeks, weekly snapshots 14 months. Only Opper engineers can restore.
Data isolation
Each organization’s data is isolated at the application layer. Uploaded files live in a private S3 bucket with objects segregated per organization. Service-to-service traffic is restricted to a private AWS VPC.Deletion
- Delete a project → all associated traces and events are removed.
- Set retention to 0 via Comply → traces are deleted as they complete.
DPA and contact
Standard DPA and Standard Contractual Clauses are available on request. Contact hello@opper.ai.- Full DPA: opper.ai/data-processing-agreement
- Sub-processors list: opper.ai/sub-processors
Controls that put this in your code
Comply
Restrict providers, regions, retention, and budget at the gateway.
Guard
Block or redact sensitive content before the model sees it.
Models
See which models you can reach, and which ones are EU-hosted.Models
The full catalog, with EU-hosted models marked.
Integrations
Use Opper as the provider for your editor, agent, or CLI.