Skip to Content
Control & ConfigurationSecurity Classifications

Security Classifications

Security classifications let you label how sensitive the data in a conversation is. Steinkauz uses these labels to ensure that only providers you have approved for that sensitivity level can process the conversation. This reduces the risk of sending confidential data to a provider that should not see it.

Available classifications

Classifications typically include:

  • Public — Non-sensitive; can be processed by any configured provider.
  • Internal — Internal use; restrict to providers you trust for internal data.
  • Confidential — Confidential data; use only providers you have approved for this level.
  • Secret — Highest sensitivity; use only providers explicitly allowed for secret data.

The exact list may vary; check Settings → Providers (or the security classification area) for your account.

How it works

  1. You assign a security classification to each provider in Settings → Providers.
  2. When you send messages, the conversation uses the security classification of the provider you are using (the one you configured for that provider). You control which providers are used and at what classification level; the conversation’s classification is set from the provider in use.
  3. Steinkauz only sends the conversation to providers that are allowed for that classification. If your selected provider is not permitted for that classification level, the request may fail. Switch to a different provider or adjust that provider’s classification to resolve it.

This gives you conversation-level data leak prevention: high-sensitivity chats never go to providers that are only approved for lower sensitivity.

Where to set classifications

  • BYOK: In Settings → Providers, open a provider and set its security classification. You can also reset to “Public” if needed.
  • Gateway: In Settings → Providers, the Gateway appears alongside other providers. Assign it a security classification there (it defaults to “Public”). Routing to specific backend providers is configured separately via Gateway provider configuration.

Using classifications together with model metadata and provider configuration helps you keep control over where your data goes.

Last updated on
Provider ConfigurationZero Data Retention