End-to-End Encrypted AI gateway
Private, reliable LLM routing
for production AI apps.
Route the open-weight leaders — Qwen, GLM, DeepSeek, Gemma, Kimi, MiniMax — plus every frontier model, through one OpenAI-compatible API. TrustedRouter keeps prompt traffic on an attested gateway, avoids prompt/output logs, and gives teams a verifiable trust path instead of another black-box router.
✓ OpenAI-compatible API ✓ No prompt/output logs ✓ Attested gateway ✓ Provider failover ✓ EU regional routing ✓ BYOK + prepaid credits ✓ Open source
8 region footprint 3 live regions, edge capacity warming, one OpenAI-compatible router.
Control plane (metadata only)
◈ User app / AI product
Making inference calls
ATTESTED GATEWAY
🛡 TrustedRouter
- 🔒 No prompt logs
- ▤ Metadata-only control plane
- ◈ Failover logic
Qwen
GLM
DeepSeek
Gemma
Kimi
DeepInfra
Production AI now needs an inference control layer.
Most AI products start by calling one model provider directly. That works until you need fallback, model choice, cost control, regional routing, privacy controls, provider-specific policies, customer trust, or proof that sensitive prompts are not being logged by another intermediary.
Providers fail or rate-limit
Model quality changes
Costs move by workload
Sensitive prompts create trust risk
Closed routers create another vendor to trust
Customers increasingly ask where their data goes
TrustedRouter gives you one API, multiple providers, private routing, and a trust record your customers can inspect.
One gateway. Three jobs.
🔎
Route
Send requests to many models through one OpenAI-compatible API. Use explicit models or trustedrouter/auto for provider fallback.
🛡
Protect
Keep prompt traffic on an attested gateway. The control plane stores metadata for billing and operations, not prompt or output bodies.
📄
Prove
Publish the source commit, image reference, image digest, and attestation path so technical customers can verify what is running.
Move over with one base_url change.
- ✓ Use
trustedrouter/autofor fallback - ✓ Use
trustedrouter/euwith the EU regional API for Europe-focused routing - ✓ Use
provider.data_collection = "deny"for zero-retention provider preference - ✓ Use BYOK where needed
- ✓ Keep existing OpenAI-shaped calls working
Drop-in, OpenAI-compatibleTypeScript
const client = new OpenAI({
apiKey: process.env.TRUSTEDROUTER_API_KEY,
baseURL: "https://api.trustedrouter.com/v1"
})
const response = await client.chat.completions.create({
model: "trustedrouter/auto",
messages: [{ role: "user", content: "Hello" }],
provider: { data_collection: "deny" }
})Your prompt path should be inspectable.
TrustedRouter separates production inference from the normal dashboard/control-plane surface. Prompt and output bodies should not pass through the control plane. Metadata is used for billing, routing, latency, status, and cost tracking.
Architecture
Production prompt path
App → Attested Gateway → Provider
Control plane path
Dashboard → Metadata / Billing / API Keys
🛡 No prompt/output logs
🛡 Metadata-only billing records
🛡 Attested gateway
🛡 Fail-closed if attestation fails
🛡 Open-source backend & config
🛡 Public trust page with commit & digest
Fallback when providers fail.
Production AI should not break because one provider returns 429s, 5xx errors, degraded latency, or temporary capacity issues. TrustedRouter routes across healthy providers and exposes route health so teams can build more resilient AI products.
Router availability99.99%
Live regions3
Provider health Healthy
Median routing overhead8ms
Privacy is not a setting buried in a dashboard.
For sensitive AI products, the question is not only which model you use. It is who can see the prompts, what gets logged, which providers retain data, and whether the router itself can be inspected.
FeatureDirect Provider APIClosed RouterTrustedRouter
One API across providersNoYesYes
Provider fallbackNoYesYes
BYOK supportSometimesSometimesYes
Zero-retention preferenceVariesUnknownYes
Prompt/output logsYes (API dependent)Yes (usually)Never
Open-source routerN/ANoYes
Public attestationN/ANoYes
Customer-facing trust recordN/ANoYes
Built for teams where prompts matter.
Legal AI
Pain: Cannot risk exposing client privilege to intermediaries.
Solution: Route sensitive client work with a verifiable prompt path to zero-retention providers.
Finance & PE
Pain: Evaluating private data with models creates non-disclosure risks.
Solution: Evaluate companies, documents, and private data without another opaque intermediary.
Production AI apps
Pain: Provider downtime breaks core product reliability.
Solution: Keep production inference reliable across providers using fallback routing.
AI agencies
Pain: Need an easy API, but clients demand data privacy.
Solution: Route customer workloads with clearer trust boundaries and verifiable answers.
Crypto & Web3
Pain: SaaS centralization is antithetical to the builder ethos.
Solution: Use an open-source, inspectable router with wallet-friendly Web3 sign-in.
Dev tools
Pain: Supporting every new API integration is a distraction.
Solution: Support many models explicitly without maintaining every provider SDK.
Open-weight leaders, at a fraction of frontier cost.
Qwen, GLM, DeepSeek, Gemma, Kimi and MiniMax — the models most teams actually run — each routed across multiple hosts for price and availability. Frontier models too.
| Model | Maker | Context | Prompt price | Class |
|---|---|---|---|---|
| qwen/qwen3-235b-a22b-2507 | Alibaba | 262k | $0.11 / 1M | Open weights |
| z-ai/glm-5 | Zhipu AI | 205k | $0.66 / 1M | Open weights |
| deepseek/deepseek-v4-flash | DeepSeek | 1M | $0.14 / 1M | Open weights |
| google/gemma-4-31b-it | 262k | $0.14 / 1M | Open weights | |
| moonshotai/kimi-k2-thinking | Moonshot | 262k | $0.66 / 1M | Open weights |
| trustedrouter/eu | EU-focused | Varies | Varies | Regional |
| trustedrouter/auto | Multiple (failover) | Varies | Varies | Attested + ZDR |
| anthropic/claude-sonnet-4.5 | Anthropic | 200k | $3.00 / 1M | Frontier |
A router you can inspect, fork, or run yourself.
For sensitive infrastructure, "trust us" is not enough. TrustedRouter makes its routing layer inspectable, giving technical teams a path to self-host or verify the hosted workload.
Usage-based routing. No subscription required.
Start with prepaid credits, BYOK, or usage-based billing. Teams already spending on LLMs can request migration credits.
⚡ Pay as you go
Wallet accounts can start at $0 credits. Add a card for prepaid credits.
🔑 Bring your own key
BYOK supported for providers where you already have volume discounts.
→ Migration credits
Migration credits by approval for teams spending more than $100/month on LLMs.
Frequently asked questions
What is TrustedRouter?
A privacy-first AI gateway that routes LLM requests across multiple providers (OpenAI, Anthropic, Google, and more) through a single OpenAI-compatible API, without logging prompts or outputs.
Is this an OpenRouter alternative?
Yes, but with different design constraints. We prioritize production infrastructure, privacy, and verifiable trust. See our OpenRouter comparison for details.
Do you log prompts or outputs?
No. Never. The prompt payload passes through an attested gateway and is intentionally excluded from our control plane and metadata systems.
What does "attested gateway" mean?
Our routing layer runs inside a Trusted Execution Environment. We publish cryptographic attestations that the running code exactly matches the open-source repository — so even our own engineers cannot read your requests.
What metadata do you store?
Only what billing and routing need: request timestamp, routing duration, target model, HTTP status, API key reference, and token counts. No prompt text or message arrays are evaluated by the control plane.
Can I bring my own provider keys (BYOK)?
Yes. BYOK lets you use existing committed spend or enterprise rate limits while gaining the latency and privacy benefits of the TrustedRouter architecture.
What happens if attestation fails?
The gateway fails closed. It refuses to serve traffic rather than fall back to an unverified routing state.
How do I migrate from OpenRouter?
It is a one-line change. Swap your base_url and keep your API calls the same. See the migration guide.