Get API Key
Melious
Concepts

Privacy and data residency

Where your data goes, what we log, and what we don't — the EU-only posture explained in one place

Your prompts and responses stay in the EU, we don't train on them, and we don't log their content. This page is the whole picture in one place — the data-handling rules that the rest of the docs reference in passing.

EU-only, by construction

Every inference request runs on a provider inside the EU. Your request body and the response never leave it. We don't mirror traffic to a non-EU region, and we don't keep a US or APAC fallback for when European capacity is tight — there's no fallback that would move your data out of the bloc. That's a constraint we designed around, not a setting you toggle.

If you need a guarantee narrower than "EU" — say, "only providers in Germany" — the router can enforce it internally, but there's no public request field for it yet. Tell us if you need it.

No training, no prompt logging

Two commitments worth stating plainly:

  • No provider on our network trains on your traffic. It's a condition of being on the list. If a provider changes that policy, they come off the list.
  • Melious doesn't log the content of your prompts or responses. We record operational metadata — a request_id, token counts, which model and provider served the request, the energy and cost figures — because billing and debugging need them. The text of your messages isn't in there.

A provider may keep short-lived operational logs of its own for stability monitoring. None of them retain your content to train on, and none of it leaves the EU.

URLs are re-encoded server-side

When you send an image by URL — in Vision or the Messages API — Melious fetches it and converts it to base64 before handing it to the provider. The provider sees the bytes, never your URL.

This isn't cosmetic. Some CDNs track request origin, and some clients ship user-identifying tokens inside image URLs. Re-encoding breaks both, so a third party can't profile your traffic from the URLs you pass.

Generated images aren't stored

Image generation returns base64 only — we don't host CDN-style URLs for the images you create. A hosted URL would mean we'd be storing your generation somewhere we could serve it from, and we'd rather not hold it at all. You get the bytes back and store them wherever you want.

Stored content is encrypted

Most of the API is stateless — a request comes in, a response goes out, nothing of yours is kept. Where Melious does store your content — uploaded files, and the coming vector stores — it's encrypted at rest. Vector stores in particular are vault-encrypted, so even indexed knowledge-base content stays encrypted on our side.

Your keys

API keys are shown once and never recoverable — rotate rather than retrieve. Keep them server-side; a key in a browser is a key in the wild. The full key-handling guidance is in Authentication.

What this isn't

Honest scope: this page describes how the inference API handles your data. It isn't a Data Processing Agreement or a full compliance statement — for GDPR data-subject requests, retention specifics, and the legal text, see the policies at melious.ai. If you need a DPA in place before you can ship, email us.

Providers for who runs your inference and where • Authentication for key handling • Vision and Images for the per-endpoint privacy details.

Providers

The European providers Melious routes across, and what that means for your data

Environmental impact

What the environment_impact block on every response actually means

On this page

EU-only, by constructionNo training, no prompt loggingURLs are re-encoded server-sideGenerated images aren't storedStored content is encryptedYour keysWhat this isn'tRelated