***

title: Policies & Rules
description: Enforce governance, security, and smart routing policies
---------------------

For clean Markdown of any page, append .md to the page URL. For a complete documentation index, see https://api.alephant.io/docs/overview/security-compliance/llms.txt. For full documentation content, see https://api.alephant.io/docs/overview/security-compliance/llms-full.txt.

Alephant includes up to 18 configurable policies across 4 architectural tiers. Policies govern how requests are handled at the gateway layer.

## Policy Hierarchy

1. **System Policies (Always-On)**
   * Hard limits to prevent catastrophic billing errors, such as a Daily Hard Stop and Basic Rate Caps.
2. **Pro Policies**
   * Configurable limits like Token constraints, specific Model Restrictions, Retry Logic, and Basic Semantic Caching.
3. **Team Policies**
   * Member attribution enforcement, Team Rate Limiting, and collaborative guardrails.
4. **Enterprise Policies**
   * Advanced compliance features including PII (Personally Identifiable Information) detection, Data Residency requirements, IP Allowlisting, and SSO enforcement.

## Department Overrides

On the Enterprise plan, Workspace-level policies can be overridden on a per-department basis. Override types include:

* Custom Rate Limits
* Model Whitelists (e.g., restrict to specific models)
* Custom Budget Alert thresholds
* Time Window restrictions (e.g., only allow requests during business hours)
* Max Tokens per request
* Concurrency limits