OpenAI compatible API. Attested gateway. Public status.
Business Associate Agreement draft
Draft BAA terms for HIPAA review. PHI workloads require a signed BAA and route restrictions.
1 URLbase_url migration
100smodels and routes
0prompt logs by default
StatusDraft for review. Not an executed BAA.
EntityLore Hex Corp
SignerJoseph Perla, CEO
PHIRequires signed BAA before production use.
TrustedRouter does not yet have HIPAA certification or a signed BAA by default. PHI workloads require an executed BAA, approved subprocessors, route restrictions, and customer counsel approval.
Draft BAA
Business Associate Agreement terms to review.
Modeled around HHS business associate contract expectations. Final terms must be signed before PHI production traffic.
| Business associate | Lore Hex Corp, Delaware C Corporation, 1111 Brickell Ave, Floor 10, Miami, FL 33131. |
|---|---|
| Authorized signatory | Joseph Perla, CEO, signing as officer of Lore Hex Corp. |
| Security contact | security@trustedrouter.com. |
| Permitted uses | Provide hosted AI routing, authentication, billing, provider routing, security monitoring, support, and customer-configured observability for the covered service. Content export for PHI requires written approval before activation. |
| Prohibited uses | No use or disclosure of PHI except as permitted by the signed BAA, required by law, or instructed by customer. No prompt/output persistence by TrustedRouter by default. |
| Safeguards | Administrative, physical, and technical safeguards appropriate to the service, including attested gateway isolation, encrypted transport, access controls, key hashing, BYOK encryption, and prompt-content logging prohibitions. |
| Subcontractors | Subcontractors that may access PHI must be approved for PHI workloads in the signed BAA or route policy and bound to equivalent restrictions. Default PHI routing starts with trustedrouter/zdr, not broad automatic fallback. |
| Reporting | TrustedRouter will report confirmed unauthorized use or disclosure of PHI and security incidents as required by the signed BAA. |
| Access and amendment | TrustedRouter will assist with access, amendment, accounting, and restriction requests to the extent the service holds relevant metadata. |
| HHS access | TrustedRouter will make internal practices, books, and records relating to PHI handling available to HHS as required by HIPAA and the signed BAA. |
| Termination | On termination, TrustedRouter will return or destroy PHI where feasible and retain only information required by law, billing, security, or dispute preservation. |
Before PHI traffic: execute BAA signed by Joseph Perla, CEO, approve subprocessors, restrict routing to approved ZDR or confidential providers, disable content export unless separately approved in writing, and verify the gateway at trust.trustedrouter.com.