Docs · LLMs and developers
Reviewed2026-05-24Version3.9.0Data privacy
Architectural commitments to data ownership — tenant isolation, no training on customer data, configurable retention.
Your data stays in your organization's tenant, is never used for shared model training, and is subject to your retention policies.
Tenant isolation
Every organization gets a dedicated Weaviate tenant: a logical boundary with its own vector collections, embeddings, and search indexes. Nothing cross-tenant is shared at the database level. Dedicated infrastructure is plan- and contract-scoped; see Security & compliance for the isolation details.
No training on your data
Your conversations, documents, and memory are never used to train shared models. Fine-tuning via LoRA produces organization-scoped adapters stored in your tenant only. Foundation models are open-weight and frozen — we do not train them on customer data.
Grounded retrieval
Chiro grounds responses in your tenant's own knowledge via RAG. The store holds website intelligence (crawled from your domain), uploaded documents chunked and embedded, summarized conversation memory, extracted decision logs, and learned user preferences. When Chiro answers, it retrieves from your tenant, not a shared pool.
Right to be forgotten
POST /api/compliance/erase/user|self|organization removes messages from MongoDB, anonymizes the user record, deletes user-scoped data from every Weaviate collection, and records an auditable trail of what was erased and when. A background job processes requests every 30 minutes against the GDPR 24-hour deadline.
Data portability
POST /api/compliance/export returns a ZIP with human-readable JSON of your conversations, documents, preferences, and decisions. An optional technical export includes raw vector embeddings for direct re-import into a compatible system. Exports have a 7-day TTL.
Memory access audit
Every RAG retrieval logs the organization, user, assistant, query text, collections searched, and result count. Two-year TTL in MongoDB. Available to organization admins; Grow tier and above can stream to Splunk, Datadog, or any Syslog endpoint.
Configurable retention
Set per-collection retention via PUT /api/compliance/retention. Retention enforcement runs automatically — no manual cleanup.
Who this matters for
Teams handling sensitive customer data in healthcare, finance, or legal. Regulated industries that need audit trails. Organizations that want AI to learn their business without sharing that knowledge with anyone else. For tier-by-tier unlocks see pricing.