Privacy and data retention

Last validated:

Aperture by Tailscale is currently in beta.

Use of Aperture is governed by the Aperture Beta Terms.

Aperture captures the full request and response body, headers, and tool use data for every LLM request. It also records usage metrics such as token counts, model names, cost, and status. This hub gathers the controls for where that data is stored, how long it persists, and where it leaves Aperture.

Aperture preserves usage metrics regardless of your capture retention settings, so reporting and analytics remain available after Aperture purges request bodies. Aperture stores full request and response bodies so you can review and trace LLM activity. Configure retention and export so that captured data meets your organization's data handling requirements.

Control retention

Configure how long Aperture keeps captured request and response bodies before it purges them, or set zero local retention so bodies are never written to disk. The retention policy fields are documented in the database configuration reference.

Complete reference for Aperture by Tailscale configuration fields, providers, grants, quotas, hooks, exporters, connectors, and database settings.

Export and archive usage data

Export captured usage data to S3-compatible storage for long-term retention and archiving. You can require export before Aperture purges local captures, so no records are lost when retention expires.

Configure Aperture to export LLM usage data to an Amazon S3 bucket for analysis, archiving, and long-term retention.

Access dashboards, review session logs, and export usage data from Aperture.

Control third-party data egress

Control where request content leaves Aperture. Guardrails inspect, modify, or block requests before they reach the provider. Connectors centralize authentication and proxy outbound calls to external MCP servers and HTTP APIs. Hooks forward request and usage data to external enforcement and observability tools.

Inspect, modify, or block LLM requests before they reach the provider.

Configure a pre-request hook to inspect, modify, or block LLM requests before they reach the provider.

Find documentation for Aperture connectors, including setup guides, conceptual explanations, and configuration reference.

Connect Aperture with authorization engines, log aggregators, and external services.