Iteration Layer treats workflow content differently from account, billing, usage, and operational metadata.
What Data Do API Requests Send
API requests send the files, URLs, and parameters needed to run the operation you choose.
| Data Type | Examples | Why It Is Used |
|---|---|---|
| Submitted files | PDFs, images, Office documents, spreadsheets, audio files when supported by the API | Input content for extraction, conversion, transformation, generation, or transcription |
| URL inputs | Public document URLs, public image URLs, public website URLs | Fetch input content when the request uses URL-based inputs |
| Request parameters | Schemas, operations, output formats, dimensions, webhook URLs | Configure how the API should process the input |
| Authentication metadata | API key identity, organization, project scope | Authorize the request and attribute usage |
| Usage metadata | API name, credit usage, status, timestamps | Meter credits, show usage, support billing, and operate the service |
How Is Customer Content Processed
Customer content is processed for the requested operation and is not kept as retained customer content after processing.
The API receives the input, processes it, and returns the result synchronously or delivers it to your webhook when async mode is used.
What Is Retained After Processing
Iteration Layer keeps the records needed to operate your account and bill usage, not a stored copy of submitted workflow content.
| Record Type | Examples | Purpose |
|---|---|---|
| Account records | User email, organization membership, authentication records | Login, access control, and organization management |
| API key records | API key hash, key name, project scope, timestamps | Authentication and key management |
| Billing records | Subscription identifiers, credit grants, invoice metadata, charge identifiers, dispute status | Credit balances, invoices, payment operations, and payment dispute management |
| Usage records | API name, credit amount, organization, project, timestamps | Metering, invoices, and usage reporting |
| Operational logs | Request and system metadata | Reliability, security monitoring, and debugging |
Usage records are deleted after the configured retention window. Submitted files and processing outputs are not kept as retained customer content after the request completes.
How Are Webhook Payloads Handled
Webhook payloads are delivered to the HTTPS endpoint you provide.
When a request uses webhook_url, Iteration Layer returns an immediate accepted response, processes the request in the background, and sends the result or error payload to your HTTPS webhook endpoint. Delivery retries only retry the HTTP delivery; they do not rerun the processing step. See Webhooks for retry and refund behavior.
What Should Customers Avoid Sending
Send only the content required for the workflow and avoid unnecessary personal data in filenames, schemas, prompts, and webhook URLs.
Good data-minimization practice still applies even when processing is transient. Avoid embedding secrets in URLs, avoid exposing long-lived signed URLs longer than needed, and keep webhook endpoints under your own retention and access controls.
How Does Deletion Relate To Legal Rights
Account and personal-data deletion requests are handled through the process described in Privacy Policy.
For formal data-subject rights, deletion requests, and legal-basis details, use the public Privacy Policy and Data Processing Agreement as the controlling documents.