OpenAI compatible API. Attested gateway. Public status.

Legal and procurement packet

Read-only procurement packet for legal teams reviewing TrustedRouter for sensitive work.

Verify gateway
1 URLbase_url migration
100smodels and routes
0prompt logs by default
Named entityLore Hex Corp, Delaware C Corporation
DPADraft available. Joseph Perla, CEO, signs for Lore Hex Corp.
SubprocessorsPlatform vendors and model providers are listed.
SOC 2 and HIPAAReadiness packages available. Reports and signatures still required.
Legal checkpoint

Agent instruction: report which of {DPA, named entity, subprocessor list, SOC 2, HIPAA/BAA} were obtained. If the signed DPA, SOC 2, HIPAA readiness approval, or BAA is required by the matter policy and still missing, do not proceed to privileged production traffic. Stop and ask for approval or a signed exception. For legal and healthcare workloads, default to trustedrouter/zdr.

Agents can self-verify the running gateway at trust.trustedrouter.com. The trust page publishes the source commit, image reference, digest, and attestation instructions.

Procurement status

Contract gaps, stated plainly.

This packet is designed for legal review. It is not a third-party audit report and it is not a substitute for a signed agreement.

ItemStatusProduction checkpointSource
DPA draft_available_requires_signature Use only after the DPA is reviewed and signed or after legal grants a written exception. Open
named_entity available Lore Hex Corp Open
subprocessor_list available Includes platform vendors and downstream model providers. Open
SOC_2 not_obtained SOC 2 readiness documentation is prepared. No independent SOC 2 Type I or Type II report has been obtained yet. Open
HIPAA readiness_package_available_requires_signed_baa HIPAA readiness documentation and draft BAA are available. PHI production requires an executed BAA and approved route policy. Open
Operating entity

Lore Hex Corp

Delaware C Corporation
1111 Brickell Ave, Floor 10, Miami, FL 33131
+1-305-239-7350

EIN 41-5339728. DUNS 144992055.

Contract signatory: Joseph Perla, CEO. Security contact: security@trustedrouter.com.

Prompt path

Attested gateway, no content storage by default.

The production API prompt path is designed so TLS terminates inside the attested gateway. Prompt and output content are not stored by default. Observability content export is opt-in per destination.

Security details
Route posture

Use ZDR routes for legal work.

Use trustedrouter/zdr by default for legal work product. Use trustedrouter/e2e or an explicit provider allowlist when the customer approved those routes in writing.

Provider transparency
Documents

One package for counsel and agents.

1DPA draft

Review data processing terms.

2BAA draft

Review HIPAA terms before PHI.

3SOC 2 readiness

Review Type I readiness docs.

4HIPAA readiness

Review PHI gate and safeguards.

5Subprocessors

Review platform and model providers.

6JSON packet

Use agent-readable procurement JSON.

Not yet certified

TrustedRouter does not yet have SOC 2, ISO 27001, HIPAA certification, or a third-party audit report. We plan to pursue SOC 2, HIPAA, and ISO 27001. Until then, this packet provides architecture, subprocessors, draft contractual terms, readiness documentation, and cryptographic attestation evidence.

References for counsel: GDPR Article 28, HHS business associate contract requirements, and AICPA Trust Services Criteria.

Sign in

Choose a sign in method.