Chat privacy and data protection

Edit online

When you use the chat features in watsonx Orchestrate, your conversations are stored so you can pick up where you left off, maintain continuity, and access your chat history whenever you need it. This page explains how your chat data is stored, protected, and isolated to ensure your privacy and security.

How chat conversations are stored

watsonx Orchestrate stores chat conversations to enable the following capabilities:

  • Chat history retrieval: Access previous conversations within a chat thread, with context maintained based on the LLM's context window.
  • Agent memory: Maintain context across multiple messages within chat threads and sessions.
  • Thread management: View and manage your list of chat threads.
  • Continuity: Resume conversations from where you left off.

Chat data is stored by using the same secure infrastructure and encryption standards that are described in Security, privacy, and data protection overview.

For more information about how agent memory is stored, retained, and deleted, see Agent memory retention policy.

How your chat data is isolated

Each chat conversation is isolated by user ID. One user's chat history is never accessible to another user, ensuring users can only view and access their own chat threads and conversations.

Chat data is segregated at the tenant level, following the same isolation principles described in Security, privacy, and data protection overview and Data isolation.

Conversations within observability dashboards

Users with Administrator or Builder roles can view chat conversations within their tenant through observability dashboards. This access is designed to support service management, troubleshooting, and monitoring while maintaining tenant-level isolation.

For more information, see Monitoring agents.

How your chat content is used in relation to LLM training

watsonx Orchestrate never uses your chat content for training or improving language models:

  • Your data is not sent back to base models for training
  • Your conversations remain private and are stored only to support chat features
  • Your chat content stays private and remains within the service boundaries

Model provider terms and conditions

While watsonx Orchestrate does not use your chat data for training, the underlying language models are provided by third-party vendors. Each model provider has its own security policies and terms of service:

  • Review the security documentation and terms of service for your chosen language model
  • Understand how the model provider handles data during inference
  • Ensure that your use complies with the model provider's acceptable use policies

For information about available models and their providers, see Available AI models.

Uploaded files in chat

When you upload files directly to a chat conversation, watsonx Orchestrate applies the same security and isolation principles to protect your files.

Files isolation

Uploaded files are accessible only within the chat conversation where they were added:

  • Files remain isolated to the current chat thread.
  • Other chat threads cannot view or access these files.
  • The agent does not reference uploaded files outside the active conversation.
  • Documents are never shared across conversations or used for training.

Secure access control

Access to uploaded files is provided through time-limited, signed URLs:

  • Signed URLs expire after a defined period.
  • Files cannot be opened or reused after the URL expires.
  • Files are securely stored by using the same encryption standards as chat data.

File retention

  • Uploaded files persist in backend storage during your service subscription.
  • Files cannot be accessed through the UI or API after their signed URL expires.
  • Chat history retention settings (configurable from 30 to 365 days based on tenant settings) apply to the conversation context.
  • Currently, no automatic deletion mechanism is available for uploaded files beyond standard retention policies.

For information about uploading files directly to a chat conversation, see Uploading documents in a conversation.

Data retention

watsonx Orchestrate implements configurable data retention policies to balance service functionality with privacy and compliance requirements.

Retention configuration

Administrators can configure how long the chat history is retained:

  • Configurable range: Set retention from a minimum of 30 days to a maximum of 365 days.
  • Default setting: 30 days if not explicitly configured.
  • Automatic deletion: Messages older than the specified retention period are automatically deleted and become permanently inaccessible.
  • Tenant-level control: Retention settings apply at the tenant level and affect all users within the tenant.

To configure data retention settings, see Managing data retention.

What happens to your data

Chat history remains accessible during the configured retention period. Messages are automatically deleted after the retention period expires, however you can delete individual chat threads or conversations at any time before the retention period expires.

If your access to watsonx Orchestrate is removed from the tenant, all chat history that is associated with your account is deleted permanently.