Data Policies

Data policies control which regions and inference providers are permitted to process data within a workspace. Use policies to enforce data residency requirements and restrict which LLM providers handle your data.

Current policy

Returns an empty object if no policy has been configured.

bash

# Get current data policy
curl http://localhost:3000/data-policies \
  -H "Authorization: Bearer ${JWT_TOKEN}"

# Response
{
  "workspaceId": "ws_abc123",
  "allowedRegions": ["us-east-1", "eu-west-1"],
  "allowedProviders": ["claude", "openai"],
  "updatedAt": "2026-03-07T12:00:00.000Z"
}

Setting a policy

The PUT endpoint upserts — it creates the policy if it doesn't exist, or updates it if it does.

bash

# Set data handling policy
curl -X PUT http://localhost:3000/data-policies \
  -H "Authorization: Bearer ${JWT_TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{
    "allowedRegions": ["eu-west-1", "eu-central-1"],
    "allowedProviders": ["claude", "ollama"]
  }'

Policy fields

Field	Type	Description
`allowedRegions`	string[]	Cloud regions where data may be processed (e.g., `us-east-1`, `eu-west-1`)
`allowedProviders`	string[]	Inference providers permitted to handle workspace data (e.g., `claude`, `openai`, `ollama`)

ℹData policies work alongside Model Restrictions which control which specific models agents can use. Policies govern data handling; restrictions govern model selection.