Read Trust boundary first. The gateway is attested and does not
retain request bodies, but plaintext is visible to the attested gateway after TLS or E2EE decryption.
Compliance posture depends on which model you use: confidential or routed.
Technical controls relevant to compliance
| Control | How the platform provides it |
|---|---|
| Data isolation | Inference runs in a TEE (Intel TDX). The gateway is attested with a hardware quote. |
| No body retention | The gateway stores hashes in receipts, not request or response bodies. |
| Verifiable processing | A signed receipt binds each request and response to the attested workload. |
| Confidential upstreams | For a confidential response, the upstream enclave is verified and the channel bound before forwarding, confirmed by the receipt’s upstream.verified event. |
| Encryption in transit | TLS for all connections, with optional E2EE field-level encryption. |
Regulatory requirements
| Requirement | How the platform helps |
|---|---|
| Data minimization (GDPR) | No request or response body retention by default. |
| Confidential processing | TEE isolation with attestation and per-response receipts. |
| Auditability | Verifiable attestation and signed receipts you can check independently. |
Choosing a model for regulated data
- Use a confidential model when the upstream that runs the model must be attested and the prompt must not reach a non-attested third party.
- A routed model sends your prompt to a third-party provider that is not attested. Confirm that provider’s terms meet your requirements before using it for regulated data.