SLA & Compliance

1) Service Levels (SLA)

1.1 Availability Targets (Gateway/API)

  • Monthly SLO

    • Standard: 99.9% / month

    • Enterprise (contracted): 99.95% / month

  • Computation: Minute-level (UTC), excluding announced maintenance windows and issues not attributable to Sight (e.g., user-side networking, upstream-enforced blocks).

  • Service credits (illustrative):

    • < 99.9% and ≥ 99.0% → 5% of that month’s fees

    • < 99.0% → 10% of that month’s fees

1.2 Performance & Success Rate (SLO)

  • TTFB (first byte): For “small requests” (prompt ≤ 2 KB, expected output ≤ 1K tokens), p95 ≤ 2s (excluding cross-region network effects and upstream queuing).

  • Request success rate: For standard routing, ≥ 99% with automatic fallback/retry included.

  • Measurement: Based on Sight’s edge/gateway distributed tracing and health probes; an aggregated monthly snapshot is provided.

1.3 Rate Limits & Fair Use

  • Default quotas and rate limits are shown in Console and can be raised on request. In cases of strategic bursts (e.g., abuse-like retry storms), we may throttle to protect overall stability and will notify you to adjust.

1.4 Incident Response & Support

  • P0 (global/core outage): acknowledge within 30 minutes, continuous updates

  • P1 (regional/single-model severe impact): acknowledge within 2 hours

  • P2 (functional issues/perf degradation): respond within 1 business day

  • P3 (general inquiries/feature requests): reply within 2–3 business days

2) Privacy & Data Processing (Compliance)

2.1 Data Classes & Defaults

  • Business data: prompts/outputs, function-call params, file metadata, etc.

  • Technical metadata: timestamps, durations, usage, routes, error codes, etc.

  • Not used for training: Sight does not use your API traffic to train models. Upstream model retention/training follows each provider’s policy (see §2.4).

  • Zero-Data Retention (ZDR) option: You may restrict routing to ZDR upstreams (providers that commit to no request-body storage), consistent with OpenRouter’s ZDR concept.

  • Minimal logs: Gateway stores only usage and error summaries needed for billing/audit. With ZDR-only routing, we do not persist content bodies in the forwarding plane.

  • Optional extended retention: For audit/reconciliation, configure longer retention in Console (necessary fields only). You may shorten or purge at any time.

  • Prompt/response plaintext: Not persisted by default. If you enable “debug collection” or “evaluation pipelines,” we label it clearly and offer one-click purge.

2.3 Transport & Storage Security

  • In transit: TLS end-to-end; mutual TLS available for Enterprise.

  • At rest: Billing/audit data is encrypted; BYOK / Share-Your-Key uses client-side encryption + short-lived decryption at the executor with no disk writes (see Provider guide).

  • Secrets: Upstream keys are never exposed in plaintext to the platform; executors decrypt in a trusted environment (e.g., TEE, where applicable) and then zeroize.

2.4 Upstream Provider Policy Mapping (summary)

  • OpenAI API: By default, API data is not used for training; short-term retention typically for abuse/fraud controls (per provider docs).

  • Anthropic (consumer products): Opt-in sharing can enable training with retention up to multiple years; if not opted in, defaults to short-term retention. Enterprise/API channels via Bedrock/Vertex may have different terms.

  • Your Sight routing can avoid channels that don’t meet your compliance bar.

2.5 Data Residency & Cross-Border

  • Region-aware routing on a best-effort basis. When using regional upstreams (e.g., Azure OpenAI), we follow the upstream’s residency guarantees.

2.6 Rights & Agreements

  • DPA/SCC: Available for Enterprise.

  • Data subject rights: Access/export/delete of your account data and audit records (within legal constraints).

  • Subprocessor transparency: We maintain a list of upstreams and critical infra subprocessors and notify upon material changes.

3) Audit & Verifiable Settlement

  • Periodic snapshots: Weekly/monthly packages include the price table + detailed records + Merkle Root + signatures. Any party can recompute and verify offline (see the Settlement & Audit page).

  • Reconciliation deltas: Negative adjustments appear in the current/next snapshot with reasons.

  • This verifiable audit mechanism goes beyond simple invoice export common to many forwarding platforms.

4) Acceptable Use (AUP) & Content Restrictions

  • You must comply with the terms and policies of each upstream model/platform (e.g., OpenAI usage policies). Requests violating upstream policies may be blocked or removed from routing.

5) Security & Disclosure

  • Vulnerability disclosure: We welcome responsible disclosure via our security contact (see Console). We aim to provide a remediation plan or explanation within 90 days.

  • Penetration testing: Annual penetration testing and remediation validation can be appended to Enterprise contracts.

  • Key rotation: Periodic rotation and TTL supported; anomaly detection can automatically disable suspicious channels.

6) Changes & Notifications

  • This page may evolve with regulations, upstream policy changes, and platform capabilities. Material changes are announced via Console and email.

  • You can toggle ZDR-only, regional constraints, and upstream allow/deny lists in routing settings at any time to align with current compliance requirements.

PreviousGateway Strategy & Fallback (Gateway ↔ Executor)NextDecentralized Compute Node (Coming Soon)

Last updated