phi·cloud
HomeNetworkComplianceAPIPricingDocs
Log inGet an API key

Alternatives

phi-cloud vs OpenRouter — when residency is the constraint.

Both are OpenAI-compatible gateways. OpenRouter wins on model breadth and per-model price visibility. phi-cloud wins when a regulator asks where the call ran. Here is the honest side-by-side — and how to use them together.

Get an API keyRead the docs

At a glance

Side-by-side, on the dimensions buyers actually compare.

Where a row says “Not published,” we mean it — we will not guess what a competitor ships in private. The phi-cloud column reflects what is live in the registry today, with in-progress items labeled as such.

Dimension
OpenRouter
phi-cloud
Drop-in OpenAI API shape
Yes — OpenAI-compatible base URL.
Yes — swap base_url to https://phi-cloud.com/v1 and your SDK works.
PHI tier with enforced quarantine
Not a published feature. Healthcare is not a marketed vertical.
X-PHI: true pins traffic to PHI-eligible providers; refused if none.
Per-request data residency
No per-call region pin. Routing follows model availability.
X-Region pins each request to a jurisdiction at the edge.
Where the proxy sits
US-fronted aggregator; traffic crosses provider boundaries.
PHI traffic resident in Switzerland (Infomaniak); no silent failover.
Audit headers on every response
Not advertised — build your own logging.
x-phi-tier, x-phi-routed, x-phi-attempts on every call.
Prompt + response logging
Per-provider settings; defaults vary. Opt-out is per provider.
Stateless proxy. No payload storage. No application database.
Sub-processor transparency
Provider list is public, but DPA chain is provider-by-provider.
Single PHI sub-processor (Infomaniak CH) under a filed DPA.
HIPAA BAA program
No published BAA program. Not marketed to healthcare.
BAA in progress. PHI routes today under Swiss nFADP/GDPR DPA.
Pricing model
Per-model transparent passthrough; small routing margin.
Upstream per-token + flat 8% gateway margin. Non-PHI tier $0.

Note on the “HIPAA BAA” row: phi-cloud's BAA is in negotiation, not earned. We label it as such on the compliance page and on this comparison — even though the procurement question wants a clean yes/no.

When to pick each

Honest scenarios — no winner-takes-all.

These gateways are not the same product. OpenRouter is a model breadth play. phi-cloud is a residency and PHI play. Most teams who land on this page end up using both.

Pick OpenRouter when…

  • You want the widest possible model menu — niche, open-source, and pre-release weights in one bill.
  • Your workload is not regulated and per-request residency is not a compliance requirement.
  • You optimize on per-model price visibility and want to swap models opportunistically.

Pick phi-cloud when…

  • You handle PHI or other regulated data and need a hard PHI vs general gate enforced per request.
  • Auditors ask where each call ran — and "the response header" is an acceptable answer.
  • You need region pinning at the call level, not at the account level.

Hybrid pattern

  • Route PHI requests to phi-cloud (X-PHI: true) — they pin to a Swiss-resident provider.
  • Route the rest of your traffic to OpenRouter for model breadth and cheap experimentation.
  • Both speak OpenAI’s API shape, so a thin client picker is all you need.
See the routing contract

FAQ

Questions buyers ask before they switch.

Is phi-cloud HIPAA-compliant today?

A signed customer BAA is in progress, not earned — and we do not market phi-cloud as HIPAA-covered until that lands. What ships today: PHI requests pin to Infomaniak (Switzerland) under a filed nFADP/GDPR DPA, and the router refuses (403 phi_blocked) rather than spill PHI to a non-eligible provider. We will publicly update the compliance posture page when the BAA is signed.

Can I use OpenRouter and phi-cloud together?

Yes. Both expose the OpenAI-compatible /v1/chat/completions and /v1/embeddings shapes, so a thin client-side picker can route regulated traffic to phi-cloud and general traffic to OpenRouter. The phi-cloud SDK swap is one line: change base_url to https://phi-cloud.com/v1.

Does OpenRouter offer a BAA?

OpenRouter does not publish a BAA program at the time of writing and does not market to healthcare. If you handle PHI, contact them directly before assuming coverage — and verify any provider in their chain has its own BAA with you.

How is per-request residency different from account-region selection?

Account-region (the typical cloud model) sets the region once per account or per project. Per-request pinning sets it on every call via an X-Region header, so the same key can serve CH traffic resident in Switzerland and EU traffic resident in the EU — and a wrongly tagged request fails closed, it does not silently cross a border.

Does phi-cloud retain my prompts or responses?

No. phi-cloud is a stateless proxy: there is no application database, no payload logging, no prompt retention. Only the per-call token counts needed for Stripe metering are emitted, and the auth tokens themselves are self-contained HMAC-signed values, not stored sessions.

Read the posture before you read the contract.

The compliance page lists what is earned, what is in progress, and where the sub-processor sits. The signup page gives you a key you can paste into the OpenAI SDK in under a minute.

See the live postureGet an API key