{ "model_provider_subprocessors": [ { "confidential_compute": true, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "tinfoil", "name": "Tinfoil", "policy": "Tracked as a confidential inference provider with attested provider compute and no prompt/output logging claims.", "policy_url": "https://tinfoil.sh/security-and-privacy-faq", "privacy_tier": 3, "provider_e2ee": true, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": true }, { "confidential_compute": true, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "venice", "name": "Venice", "policy": "Tracked as confidential \u2014 Venice documents no logging or storage of prompts/responses plus TEE-isolated, end-to-end-encrypted inference. (Caveat: requests Venice proxies to external frontier models inherit those providers' policies; TR routes Venice-native open models here.)", "policy_url": "https://docs.venice.ai/overview/privacy", "privacy_tier": 3, "provider_e2ee": true, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": true }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "anthropic", "name": "Anthropic", "policy": "Marked ZDR via TrustedRouter's arrangement \u2014 zero retention is NOT Anthropic's public default; it applies to contracted / approved API usage, which TrustedRouter's deployed account is configured for. Anthropic does not train on API content. (Flagged content may be retained longer for Usage-Policy enforcement; non-Messages features may differ.)", "policy_url": "https://platform.claude.com/docs/en/api/data-retention", "privacy_tier": 2, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": true }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "openai", "name": "OpenAI", "policy": "Marked ZDR for TrustedRouter's configured OpenAI / ChatGPT API account. This is not the public OpenAI API default for every account or endpoint; ZDR depends on eligible endpoint usage and account configuration.", "policy_url": "https://platform.openai.com/docs/models/default-usage-policies-by-endpoint", "privacy_tier": 2, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": true }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "gemini", "name": "Gemini", "policy": "Marked ZDR for TrustedRouter's Google Gemini / Vertex generative-AI routes under Google's data-governance commitments for customer prompts and outputs.", "policy_url": "https://docs.cloud.google.com/vertex-ai/generative-ai/docs/data-governance", "privacy_tier": 2, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": true }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "cerebras", "name": "Cerebras", "policy": "Tracked as provider-ZDR. Cerebras documents ZDR-compliant ephemeral prompt caching and no persisted prompt cache data.", "policy_url": "https://inference-docs.cerebras.ai/capabilities/prompt-caching", "privacy_tier": 2, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": true }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "deepseek", "name": "DeepSeek", "policy": "Not ZDR. DeepSeek's published privacy policy says prompts/inputs may be collected and personal data may be used to train or improve machine learning models and algorithms.", "policy_url": "https://cdn.deepseek.com/policies/en-US/deepseek-privacy-policy.html?locale=en_US", "privacy_tier": 0, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": false }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "mistral", "name": "Mistral", "policy": "No provider-ZDR claim is tracked here. This is separate from any no-training or enterprise retention commitments Mistral may offer.", "policy_url": "https://docs.mistral.ai/admin/security-access/privacy", "privacy_tier": 0, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": null }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "kimi", "name": "Kimi", "policy": "No provider-ZDR claim is tracked here. Kimi/Moonshot policy source is linked for users who need to review API retention and processing terms.", "policy_url": "https://platform.kimi.ai/docs/agreement/userprivacy", "privacy_tier": 0, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": null }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "zai", "name": "Z.AI", "policy": "No provider-ZDR claim is tracked here. Z.AI/BigModel policy source is linked for users who need to review API retention and processing terms.", "policy_url": "https://open.bigmodel.cn/usercenter/agreement/privacy", "privacy_tier": 0, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": null }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "together", "name": "Together", "policy": "Marked ZDR via TrustedRouter's arrangement \u2014 Together's ZDR is an opt-in account/privacy setting, NOT the public default, and the deployed Together account has it enabled. Together does not train on content without opt-in.", "policy_url": "https://docs.together.ai/docs/privacy-and-security", "privacy_tier": 2, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": true }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "grok", "name": "xAI Grok", "policy": "xAI documents no training on API requests and 30-day default audit retention, with ZDR as an enterprise feature.", "policy_url": "https://docs.x.ai/docs/resources/faq-api/security", "privacy_tier": 0, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": null }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "novita", "name": "Novita AI", "policy": "No provider-ZDR claim is tracked here. Novita's privacy policy says personal information is not used for model training; customer-content processing is governed by customer agreements.", "policy_url": "https://novita.ai/legal/privacy-policy", "privacy_tier": 0, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": null }, { "confidential_compute": true, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "phala", "name": "Phala", "policy": "Tracked as a confidential AI provider with provider-side attestation and encrypted prompt transport.", "policy_url": "https://docs.phala.com/confidential-ai-inference/host-llm-in-tee", "privacy_tier": 3, "provider_e2ee": true, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": true }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "siliconflow", "name": "SiliconFlow", "policy": "No provider-ZDR claim is tracked here. SiliconFlow's privacy policy source is linked for retention and interaction-data terms.", "policy_url": "https://docs.siliconflow.com/en/legals/privacy-policy", "privacy_tier": 0, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": null }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "parasail", "name": "Parasail", "policy": "Parasail documents no input logging/storage for serverless and dedicated service paths, with different handling for batch service.", "policy_url": "https://docs.parasail.io/parasail-docs/security-and-account-management/data-privacy-retention", "privacy_tier": 0, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": null }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "lightning", "name": "Lightning AI", "policy": "No provider-ZDR claim is tracked here. Lightning's general privacy and security documentation is linked for retention review.", "policy_url": "https://lightning.ai/legal/privacy", "privacy_tier": 0, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": null }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "gmi", "name": "GMI Cloud", "policy": "GMI runs isolated/VPC GPU inference, but that is network isolation, NOT an attested TEE \u2014 so no confidential-compute, zero-retention, or E2EE claim is marked. Retention/training terms are unverified (the published policy page is JavaScript-only and would not render).", "policy_url": "https://gmicloud.ai/legal/privacy", "privacy_tier": 0, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": null }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "deepinfra", "name": "DeepInfra", "policy": "Tracked as provider ZDR \u2014 DeepInfra documents memory-only handling with no storage of API content and no training on submitted API data. (Exception: requests to Google/Anthropic-backed models inherit those vendors' policies.)", "policy_url": "https://docs.deepinfra.com/account/data-privacy", "privacy_tier": 2, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": true }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "nebius", "name": "Nebius Token Factory", "policy": "Marked ZDR via TrustedRouter's arrangement \u2014 Nebius RETAINS inputs/outputs by default (for speculative decoding); zero retention is an opt-in control, which the deployed Nebius account has enabled. Nebius does not train on customer data.", "policy_url": "https://docs.studio.nebius.com/legal/legal-quick-guide", "privacy_tier": 2, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": true }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "minimax", "name": "MiniMax", "policy": "No provider-ZDR claim is tracked here. MiniMax's product privacy overview is linked for users who need to review API/open-platform terms.", "policy_url": "https://www.minimax.io/privacy-policy-v2.html", "privacy_tier": 0, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": null }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "xiaomi", "name": "Xiaomi MiMo", "policy": "No provider-ZDR claim is tracked here. Xiaomi MiMo's open-platform terms are linked for users who need to review API data handling.", "policy_url": "https://platform.xiaomimimo.com/", "privacy_tier": 0, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": null }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "cohere", "name": "Cohere", "policy": "Marked ZDR \u2014 Cohere does not retain prompt/response content for TrustedRouter's configured account and does not train on customer API data. (Not a confidential-compute/TEE provider.)", "policy_url": "https://cohere.com/security", "privacy_tier": 2, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": true }, { "confidential_compute": null, "data_access": "Prompt/output content in transit only for requests routed to this provider; request metadata needed for billing, routing, abuse controls, and support.", "id": "voyage", "name": "Voyage AI", "policy": "Marked ZDR \u2014 Voyage AI does not retain prompt content for TrustedRouter's configured account and does not train on customer API data. (Not a confidential-compute/TEE provider.)", "policy_url": "https://www.voyageai.com/privacy", "privacy_tier": 2, "provider_e2ee": null, "purpose": "Downstream model inference provider when a workspace selects this provider, this model, or an alias that routes to this provider.", "zdr": true } ], "routing_note": "Model providers are subprocessors only for traffic routed to them. Use trustedrouter/zdr, trustedrouter/e2e, or explicit provider allowlists for sensitive legal workloads.", "system_subprocessors": [ { "data_access": "Prompt traffic on the production API terminates inside the attested gateway. GCP services store metadata, billing records, secrets, and operational logs as configured; prompt/output content is not stored by default.", "name": "Google Cloud Platform", "policy_url": "https://cloud.google.com/security/compliance", "purpose": "Cloud hosting, Confidential Space, Cloud Run, Spanner, Bigtable, KMS, Secret Manager, and operational infrastructure." }, { "data_access": "Public website traffic and DNS metadata. Production prompt TLS is designed to terminate inside the attested gateway, not inside the control-plane site.", "name": "Cloudflare", "policy_url": "https://www.cloudflare.com/trust-hub/", "purpose": "DNS, public-site caching, status/trust hosting support, and edge protection for non-prompt surfaces." }, { "data_access": "Billing identity and payment metadata. No prompt/output content.", "name": "Stripe", "policy_url": "https://stripe.com/privacy", "purpose": "Card payments, stablecoin checkout, customer records, saved payment methods, invoices, and billing webhooks." }, { "data_access": "Billing identity and payment metadata. No prompt/output content.", "name": "PayPal", "policy_url": "https://www.paypal.com/us/legalhub/privacy-full", "purpose": "Optional PayPal payment processing for prepaid credits." }, { "data_access": "Email address and transactional email metadata. No prompt/output content.", "name": "Amazon Web Services SES/SNS", "policy_url": "https://aws.amazon.com/privacy/", "purpose": "Transactional email delivery, bounce handling, complaint handling, and email-domain verification." }, { "data_access": "Scrubbed control-plane errors and metadata. Sentry is not configured in the attested prompt gateway and must not receive prompts, outputs, API keys, or BYOK secrets.", "name": "Sentry", "policy_url": "https://sentry.io/privacy/", "purpose": "Control-plane exception monitoring." }, { "data_access": "Structured operational metadata. Prompt/output content must not be logged.", "name": "Axiom", "policy_url": "https://axiom.co/privacy", "purpose": "Operational log search and alerting." }, { "data_access": "Source code, CI metadata, and release artifacts. No production prompt/output content.", "name": "GitHub", "policy_url": "https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement", "purpose": "Source control, CI, release workflows, and public open-source repositories." } ] }