TresorAPI Docs
Workspace Docs

Zero-Access Architecture

How Tresor protects your data so that nobody — not even us — can read it.

The problem

Traditional AI APIs require you to trust the provider with your data. Your prompts and completions pass through the provider's infrastructure in plaintext — logged, cached, and accessible to operators.

How it works

Tresor uses Confidential Computing to ensure that your data is processed inside hardware-isolated enclaves. The key insight: the code runs in a secure enclave where even the server operator cannot access the memory or data being processed.

1. You send a request

Your API call hits the Tresor router, which authenticates your API key and selects the optimal provider.

2. Processing in a confidential enclave

Your request is forwarded to a Trusted Execution Environment (TEE) — a hardware-isolated enclave running on AMD SEV-SNP or Intel TDX. The enclave's memory is encrypted by the CPU. No one — not the cloud provider, not Tresor, not anyone with physical server access — can read or tamper with the data while it's being processed.

3. Cryptographic attestation

Before processing your request, the enclave produces a cryptographic attestation report — a hardware-signed proof that the exact expected code is running in a genuine TEE. This is verified automatically. You can also request a receipt for independent verification.

4. Response streamed back

The completion is streamed back to you over TLS. At no point does your data exist in plaintext outside the enclave boundary.

What this means for you

  • No data access: Neither Tresor nor the cloud provider can read your prompts or completions.
  • No logging: Your conversations are never stored, logged, or used for training.
  • Verifiable: Hardware attestation and signed receipts let you independently prove that your data was processed securely.
  • Compliance-ready: Meets requirements for GDPR, SOC 2, and industry-specific regulations where data confidentiality is mandatory.

Confidential Computing providers

Tresor routes inference through verified confidential computing providers:

  • Tinfoil — Runs models inside AMD SEV-SNP enclaves with full memory encryption and attestation. EU and US regions available.
  • RedPill (Phala Network) — Decentralized TEE-based inference with on-chain attestation verification via Phala Network.

Error Codes

Receipt Verification