Privacy-first AI gateway

Private, reliable LLM routing
for production AI apps.

Route the open-weight leaders — Qwen, GLM, DeepSeek, Gemma, Kimi, MiniMax — plus every frontier model, through one OpenAI-compatible API. TrustedRouter keeps prompt traffic on an attested gateway, avoids prompt/output logs, and gives teams a verifiable trust path instead of another black-box router.

🛡 Verify trust

Migrate from OpenRouter OpenAI-compatible API Latency benchmarks

✓ OpenAI-compatible API ✓ No prompt/output logs ✓ Attested gateway ✓ Provider failover ✓ EU regional routing ✓ BYOK + prepaid credits ✓ Open source

7 region footprint 3 live regions, edge capacity warming, one OpenAI-compatible router.

Control plane (metadata only)

◈ User app / AI product

Making inference calls

ATTESTED GATEWAY

🛡 TrustedRouter

🔒 No prompt logs
▤ Metadata-only control plane
◈ Failover logic

Qwen

GLM

DeepSeek

Gemma

Kimi

DeepInfra

Production AI now needs an inference control layer.

Most AI products start by calling one model provider directly. That works until you need fallback, model choice, cost control, regional routing, privacy controls, provider-specific policies, customer trust, or proof that sensitive prompts are not being logged by another intermediary.

Providers fail or rate-limit

Model quality changes

Costs move by workload

Sensitive prompts create trust risk

Closed routers create another vendor to trust

Customers increasingly ask where their data goes

TrustedRouter gives you one API, multiple providers, private routing, and a trust record your customers can inspect.

One gateway. Three jobs.

🔎

Route

Send requests to many models through one OpenAI-compatible API. Use explicit models or trustedrouter/auto for provider fallback.

🛡

Protect

Keep prompt traffic on an attested gateway. The control plane stores metadata for billing and operations, not prompt or output bodies.

📄

Prove

Publish the source commit, image reference, image digest, and attestation path so technical customers can verify what is running.

Move over with one base_url change.

✓ Use trustedrouter/auto for fallback
✓ Use trustedrouter/eu with the EU regional API for Europe-focused routing
✓ Use provider.data_collection = "deny" for zero-retention provider preference
✓ Use BYOK where needed
✓ Keep existing OpenAI-shaped calls working

View migration guide →

Drop-in, OpenAI-compatibleTypeScript

const client = new OpenAI({
  apiKey: process.env.TRUSTEDROUTER_API_KEY,
  baseURL: "https://api.trustedrouter.com/v1"
})

const response = await client.chat.completions.create({
  model: "trustedrouter/auto",
  messages: [{ role: "user", content: "Hello" }],
  provider: { data_collection: "deny" }
})

Your prompt path should be inspectable.

TrustedRouter separates production inference from the normal dashboard/control-plane surface. Prompt and output bodies should not pass through the control plane. Metadata is used for billing, routing, latency, status, and cost tracking.

Architecture

Production prompt path

App → Attested Gateway → Provider

Control plane path

Dashboard → Metadata / Billing / API Keys

🛡 No prompt/output logs

🛡 Metadata-only billing records

🛡 Attested gateway

🛡 Fail-closed if attestation fails

🛡 Open-source backend & config

🛡 Public trust page with commit & digest

Open trust page

Fallback when providers fail.

Production AI should not break because one provider returns 429s, 5xx errors, degraded latency, or temporary capacity issues. TrustedRouter routes across healthy providers and exposes route health so teams can build more resilient AI products.

View status

Router availability99.99%

Live regions3

Provider health Healthy

Median routing overhead8ms

Privacy is not a setting buried in a dashboard.

For sensitive AI products, the question is not only which model you use. It is who can see the prompts, what gets logged, which providers retain data, and whether the router itself can be inspected.

FeatureDirect Provider APIClosed RouterTrustedRouter

One API across providersNoYesYes

Provider fallbackNoYesYes

BYOK supportSometimesSometimesYes

Zero-retention preferenceVariesUnknownYes

Prompt/output logsYes (API dependent)Yes (usually)Never

Open-source routerN/ANoYes

Public attestationN/ANoYes

Customer-facing trust recordN/ANoYes

Compare with OpenRouter

Built for teams where prompts matter.

Legal AI

Pain: Cannot risk exposing client privilege to intermediaries.

Solution: Route sensitive client work with a verifiable prompt path to zero-retention providers.

Read security details →

Finance & PE

Pain: Evaluating private data with models creates non-disclosure risks.

Solution: Evaluate companies, documents, and private data without another opaque intermediary.

Read security details →

Production AI apps

Pain: Provider downtime breaks core product reliability.

Solution: Keep production inference reliable across providers using fallback routing.

Read security details →

AI agencies

Pain: Need an easy API, but clients demand data privacy.

Solution: Route customer workloads with clearer trust boundaries and verifiable answers.

Read security details →

Crypto & Web3

Pain: SaaS centralization is antithetical to the builder ethos.

Solution: Use an open-source, inspectable router with wallet-friendly Web3 sign-in.

Read security details →

Dev tools

Pain: Supporting every new API integration is a distraction.

Solution: Support many models explicitly without maintaining every provider SDK.

Read security details →

Open-weight leaders, at a fraction of frontier cost.

Qwen, GLM, DeepSeek, Gemma, Kimi and MiniMax — the models most teams actually run — each routed across multiple hosts for price and availability. Frontier models too.

Model	Maker	Context	Prompt price	Class
qwen/qwen3-235b-a22b-2507	Alibaba	262k	$0.11 / 1M	Open weights
z-ai/glm-5	Zhipu AI	205k	$0.66 / 1M	Open weights
deepseek/deepseek-v4-flash	DeepSeek	1M	$0.14 / 1M	Open weights
google/gemma-4-31b-it	Google	262k	$0.14 / 1M	Open weights
moonshotai/kimi-k2-thinking	Moonshot	262k	$0.66 / 1M	Open weights
trustedrouter/eu	EU-focused	Varies	Varies	Regional
trustedrouter/auto	Multiple (failover)	Varies	Varies	Attested + ZDR
anthropic/claude-sonnet-4.5	Anthropic	200k	$3.00 / 1M	Frontier

View all models

A router you can inspect, fork, or run yourself.

For sensitive infrastructure, "trust us" is not enough. TrustedRouter makes its routing layer inspectable, giving technical teams a path to self-host or verify the hosted workload.

quill-routerSource code repository trusted-router-pySource code repository trusted-router-jsSource code repository trusted-router-swiftSource code repository

Usage-based routing. No subscription required.

Start with prepaid credits, BYOK, or usage-based billing. Teams already spending on LLMs can request migration credits.

⚡ Pay as you go

Wallet accounts can start at $0 credits. Add a card for prepaid credits.

🔑 Bring your own key

BYOK supported for providers where you already have volume discounts.

→ Migration credits

Migration credits by approval for teams spending more than $100/month on LLMs.

See pricing

Frequently asked questions

What is TrustedRouter?

A privacy-first AI gateway that routes LLM requests across multiple providers (OpenAI, Anthropic, Google, and more) through a single OpenAI-compatible API, without logging prompts or outputs.

Is this an OpenRouter alternative?

Yes, but with different design constraints. We prioritize production infrastructure, privacy, and verifiable trust. See our OpenRouter comparison for details.

Do you log prompts or outputs?

No. Never. The prompt payload passes through an attested gateway and is intentionally excluded from our control plane and metadata systems.

What does "attested gateway" mean?

Our routing layer runs inside a Trusted Execution Environment. We publish cryptographic attestations that the running code exactly matches the open-source repository — so even our own engineers cannot read your requests.

What metadata do you store?

Only what billing and routing need: request timestamp, routing duration, target model, HTTP status, API key reference, and token counts. No prompt text or message arrays are evaluated by the control plane.

Can I bring my own provider keys (BYOK)?

Yes. BYOK lets you use existing committed spend or enterprise rate limits while gaining the latency and privacy benefits of the TrustedRouter architecture.

What happens if attestation fails?

The gateway fails closed. It refuses to serve traffic rather than fall back to an unverified routing state.

How do I migrate from OpenRouter?

It is a one-line change. Swap your base_url and keep your API calls the same. See the migration guide.

Give your AI product a verifiable prompt path.

🛡 Verify trust Migrate

Private, reliable LLM routing for production AI apps.

Production AI now needs an inference control layer.

One gateway. Three jobs.

Route

Protect

Prove

Move over with one base_url change.

Your prompt path should be inspectable.

Fallback when providers fail.

Privacy is not a setting buried in a dashboard.

Built for teams where prompts matter.

Legal AI

Finance & PE

Production AI apps

AI agencies

Crypto & Web3

Dev tools

Open-weight leaders, at a fraction of frontier cost.

A router you can inspect, fork, or run yourself.

Usage-based routing. No subscription required.

⚡ Pay as you go

🔑 Bring your own key

→ Migration credits

Frequently asked questions

Give your AI product a verifiable prompt path.

Private, reliable LLM routing
for production AI apps.