Private LLM API — Verifiable, Attested, Open Source
A private LLM API where privacy is cryptographically verifiable. Route to Claude, GPT, Gemini, DeepSeek through an attested gateway.
A private LLM API where "private" means cryptographically verified.
Every hosted LLM provider claims privacy. Almost none of them give you a way to verify it.
TrustedRouter routes to every major model — Claude, GPT, Gemini, DeepSeek, Kimi, Llama, Mistral — through a hardware-attested gateway. The code is open source. The image is hashed. You can check what runs.
client = OpenAI(
base_url="https://api.trustedrouter.com/v1",
api_key="sk-tr-v1-..."
)
resp = client.chat.completions.create(
model="anthropic/claude-sonnet-4.6",
messages=[
{"role": "user", "content": "your prompt"}
],
)
# No logs. Source verified. Attestation on demand.Read the source.
Every line that handles your prompt is on GitHub. Search it. Audit it. Run it locally if you want.
Hardware-rooted trust.
The gateway runs inside AWS Nitro Enclaves and GCP Confidential VMs. The CPU signs the running image. You verify the signature.
No request without attestation.
If the gateway can't prove its own integrity, traffic stops. The synthetic monitor probes this every minute and pages on the first miss.
Things that are zero, with proof.
Prompt body. Never written to disk. Never shipped to a logging service. The binary doesn't open a write handle to a prompt path. You can grep for this.
Output body. Same. The streamed response goes from upstream provider straight back to you. TR sees it in transit; it never persists.
Per-request audit trail. What TR does log: token counts, timestamps, model id, region, billing. No content. The schema is in the open-source code.
Upstream provider behavior. Out of TR's control. We publish each provider's known retention and ZDR posture on every model page so you can route deliberately.