Security & trust
Detailed documentation on our security posture, regulatory frameworks, and transparency guarantees. We provide the cryptographic receipts, so you don't have to ask twice.
Trust
Wired into the router, not the marketing page. Each guarantee is verifiable from the response of every call.
Every upstream vendor we route to has signed a zero-training data processing addendum. No telemetry, no fine-tuning, no analytics on payloads.
PHI calls resolve only to providers physically inside the caller’s jurisdiction. The router refuses to fall back across borders, even under load.
Every response carries the resolved provider, region, model, and cost. We log the same row with a request ID so any audit ask reconciles on first try.
Compliance
Live at the router. Paperwork in flight. Gated on contracts. We don't claim a certification we haven't shipped — what's dated below is real.
Architectural posture, not a promise. The registry routes the way the copy says, and the proxy holds no payloads or application data.
CH-resident inference for PHI via Infomaniak; processor agreement under nFADP.
EU-domiciled processors for EU residents; DPA available on request.
Adequacy decision with the EU honored; processing pinned to EU endpoints.
PHI vs general enforced per request; no payload logging, no application database.
Frameworks we are pursuing actively. We will not claim "compliant" until the audit report or signed agreement is in hand; what is dated below is real.
BAAs with Anthropic and OpenAI under negotiation; covered-entity BAA template drafting.
Auditor engaged; observation window begins Q3. Type II to follow.
Privacy policy and DPO appointment in progress; US endpoints under SCCs in the interim.
Jurisdictions where compliance requires more than routing — a local entity, regulator approval, or a signed agreement with a regional provider. Talk to us if your deployment depends on one of these.
PRC-domiciled routing requires a local entity and contracts with Alibaba/Baidu/Zhipu — on the roadmap.
Partnership with G42 Inception for UAE-resident PHI inference under discussion.
Domestic provider routing and cross-border consent flow on the roadmap.
Regional endpoints pending vendor availability in Tokyo, Seoul, and Singapore.
Transparency
No vendor portal, no support ticket. The contract surface is the response itself.
GET /v1/models returns the live catalog visible to your account — every model, region, PHI flag, prompt + completion micro-USD.
Every 2xx response carries X-Resolved-Region, X-Resolved-Provider, X-Resolved-Model, X-Cost-Micro, X-Request-Id headers.
The price you see on /v1/models is the price the debit RPC uses. We never round up, never bundle, never tier-discount silently.
Make any call. Inspect the response headers. The resolved (provider, region, model) is right there — no log dive, no support ticket.
curl -i https://api.phi-cloud.com/v1/chat/completions \
-H "Authorization: Bearer phi_live_…" \
-H "X-PHI: true" \
-H "X-Region: CH" \
-d '{"model":"auto","messages":[{"role":"user","content":"hi"}]}'HTTP/2 200 x-resolved-region: CH x-resolved-provider: infomaniak x-resolved-model: infomaniak-mixtral x-cost-micro: 247 x-request-id: 9c2b…
Spin up an API key in minutes; the routing posture above arrives unchanged.