Abacus
GDPR Compliance
Data Handling
Primary documentation states open-source models are hosted on secure US-based servers and RouteLLM documentation states open-weight LLMs are hosted on servers in the United States. A secure deployment options document says enterprise deployments can be hosted on AWS, GCP, or Azure of the customer's choice, including customer-owned storage/VPC options, but no primary source found guarantees EU-only inference for the public API.
Abacus states it does not use customer data, prompts, uploads, or API data to train models. It says third-party/foundation model exchanges are zero-retention and deleted immediately after processing, but account/profile content and user content may be retained for a commercially reasonable time after termination for backup, archival, and audit purposes.
Abacus says user data is used solely to execute user-initiated queries and tasks, and that it has enterprise agreements with providers such as OpenAI, Anthropic, and Google to prevent customer data from being used for training.
Certifications & EU AI Act
Verification
- https://abacus.ai/privacy ↗
- https://static.abacus.ai/security/Abacus_dpa.pdf ↗
- https://abacus.ai/security ↗
- https://static.abacus.ai/security/AbacusSecureDeploymentOptions.pdf ↗
- https://abacus.ai/help/chatllm-ai-super-assistant/faqs/data-security ↗
- https://abacus.ai/help/developer-platform/route-llm/api ↗
- https://abacus.ai/help/api/ref/llm_apps/getLLMAppResponse ↗
- https://abacus.ai/help/chatllm-ai-super-assistant/purchase-domains ↗
Abacus publishes a privacy policy and a public DPA that includes SCCs. Primary-source materials clearly say customer/API data is not used for training and that third-party model use is zero-retention, but public documentation does not provide a public sub-processor list or a guaranteed EU-only inference commitment for the general API; available public docs point mainly to US hosting.