OpenAI compatible API. Attested gateway. Public status.

HIPAA-Compatible LLM Routing — TrustedRouter

An auditable LLM API for HIPAA covered entities. Attested gateway, open-source routing code, no prompt logs by construction.

Verify gateway
1 URLbase_url migration
100smodels and routes
0prompt logs by default
HIPAA-compatible LLM routing

The LLM API whose privacy posture is verifiable, not just contractual.

HIPAA covered entities and their business associates can't legally route PHI through a service whose data-handling claims they can't audit.

TrustedRouter's prompt path runs inside a hardware-attested gateway. The source is open. The image hash is published. Privacy isn't promised — it's checkable.

Security architecture Try in playground

Verify the gatewaycurl
# Live attestation, bound to a nonce
NONCE=$(openssl rand -hex 16)
curl -s "https://api.trustedrouter.com/attestation?nonce=$NONCE"

# Returns a JWT signed by the CPU's root key.
# image_digest matches the artifact published at
# trustedrouter.com/security — verifiable end to end.
No retention

Prompts and outputs aren't stored.

The attested binary never writes request or response bodies. Token counts and metadata only. The schema is in source.

Verifiable

Read the code that handles PHI.

Every byte that touches a prompt body flows through open-source code you can audit. Your security team doesn't have to take our word.

Multi-provider

Route to providers with strong posture.

Anthropic Claude, GPT-5, Gemini, Llama via Tinfoil, GLM, DeepSeek — pick by published per-provider retention and ZDR status.

What HIPAA buyers actually need

Verifiability beats audit theater.

An auditable prompt path. Open source lets your security team trace exactly what happens to PHI from request entry to provider hand-off. No reverse engineering.

Provider transparency. Each model page publishes the upstream provider's posture — zero-retention contracts, confidential compute, end-to-end encryption claims — with links to source. You route deliberately.

BAA where it matters. Direct BAAs with TR + the upstream provider you select. The attestation gives you what BAAs can't: cryptographic proof of which code processed a specific request.

Fail-closed gateway. If attestation can't verify, the gateway stops accepting requests. There is no degraded mode that processes PHI without proof.

Self-host option. Run the same open-source gateway inside your own VPC. Same image hash, same attestation chain, same verifiability.

Honest scope

What attestation doesn't cover.

Attestation proves the running binary is the published binary. It doesn't prove the binary is bug-free — open-source code can have flaws and we welcome reports.

It doesn't bypass nation-state actors with physical access to the cloud provider. The threat model is "operator can't see PHI" + "code is what was published," not "absolute secrecy from all adversaries."

Upstream providers handle prompts according to their own policies. We publish each one's posture on the model pages so you can route accordingly.

Sign in

Choose a sign in method.