Zero Data Retention LLM API — Verifiable in Source
Zero data retention as a structural property of the open-source code, not just a contract clause. Multi-provider routing with the same posture.
Zero data retention as a verifiable property, not a contract clause.
"ZDR" usually means a clause in your enterprise agreement. The operator promises not to retain. You hope they comply.
TrustedRouter's prompt path never writes request or response bodies to persistent storage. The code that handles your prompts is open-source. The image hash is published. You can verify that retention is zero — without trusting us.
# Per-request record (token counts, timing, model id)
{
"request_id": "req_...",
"workspace_id": "...",
"model_id": "anthropic/claude-sonnet-4.6",
"input_tokens": 12,
"output_tokens": 84,
"cost_microdollars": 218,
"provider": "anthropic",
"region": "us-central1",
"created_at": "..."
}
# What's NOT in here:
# - prompt body
# - response body
# - user inputs of any kind
# Audit the schema:
# github.com/.../storage_models.pyZero, by construction.
The attested binary doesn't open a write handle to a prompt path. The retention isn't a policy choice; it's a structural property of the code.
Check it yourself.
Grep the source for any code that touches request bodies. There isn't any. The image hash you build is the hash the enclave reports.
Including upstream where possible.
For providers with their own ZDR posture (Anthropic, OpenAI Enterprise, Tinfoil, GCP Confidential), we route under their stronger guarantees and surface that on each model page.
What ZDR doesn't cover.
Upstream providers have their own retention behavior. We can route to providers that match your posture and we publish each one's known stance on the model pages.
Attestation proves the running binary is the published binary. It doesn't prove the binary is bug-free.
If you can't trust AWS or GCP's hardware root keys at all, the attestation chain doesn't save you. Cross-cloud helps — TR runs on both — but it doesn't eliminate the dependency.