Security & compliance

Trinito is an AI Firewall — built so your data never has to leave your office.

Factual posture for compliance officers and procurement. What is implemented, what is in progress, and what depends on your deployment tier.

Data residency

Data inspected for redaction stays on the appliance. Sanitised prompts go to your chosen LLM provider — local models on the box, Trinito Cloud, or public APIs under your own keys. Uploaded files are stored locally; only sanitised extracted text is sent to an LLM. Audit logs stay on the appliance and are exportable on demand.

Standards we align with

Trinito is engineered against the controls of recognised privacy, security and AI governance standards. We do not yet hold third-party certifications — that is on the roadmap once the product is in the hands of paying customers. We use "aligned" where controls are implemented but not yet independently certified, and "in progress" where external assessment is booked.

Legal & regulatory

UK GDPR: The appliance is a data processor implementing technical and organisational measures under Articles 5, 24, 25 and 32. We will sign a Data Processing Agreement on request.
Data Protection Act 2018: We treat the UK's domesticated GDPR as the authoritative framework for UK customers. The audit log on the appliance is sufficient to evidence lawful processing under Schedule 1.
GDPR Article 25 — data protection by design and by default: The architecture exists to satisfy this article. Redaction is on by default, sensitive fields cannot leave the appliance without an explicit user preview, and the appliance never enables a non-redacting pathway. GDPR 101 →
EU AI Act — minimal-risk classification: Trinito is a privacy-preserving filter, not a high-risk AI system. We classify it as minimal risk under Annex III. A categorisation memo is available on request. EU AI Act 101 →

Information security

ISO/IEC 27001:2022 — aligned: We follow the controls of Annex A in the 2022 revision (93 controls across four themes): access control, cryptography, operations security, communications security, supplier relationships and incident management. First certification audit targeted for Q3 2027. ISO 27001 101 →
Cyber Essentials Plus — in progress: Self-assessment complete; external test booked with an IASME-accredited certifying body. We will display the badge once granted.
OWASP ASVS Level 2 (v5.0) — aligned: Application Security Verification Standard, version 5.0 (May 2025). The basis on which we review web-tier code: authentication, session management, input handling, cryptographic storage, and error handling.

Privacy

ISO/IEC 27701:2025 — aligned: Privacy Information Management. The 2025 revision restructured ISO/IEC 27701 as a stand-alone privacy management standard, certifiable independently of ISO/IEC 27001. 27701 explained → Trinito automates the technical controls at runtime. Full control mapping →
ISO/IEC 27018:2025 — aligned: Protection of PII in public clouds (current edition aligned with ISO/IEC 27002:2022). Relevant when the appliance routes to managed cloud LLMs; the redaction layer ensures no identifying data leaves the customer's premises in unredacted form.

AI governance

NIST AI Risk Management Framework (AI RMF 1.0): The four functions of the AI RMF — Govern, Map, Measure, Manage — shape how we document the appliance's behaviour, its known limits, and its intended uses.
ICO AI Toolkit & UK ICO Code of Conduct for AI: We follow the UK Information Commissioner's guidance on lawful, fair and transparent AI use. The audit log gives data subjects a route to exercise their Article 15 right of access.
Microsoft Purview — sensitive information type alignment: Our built-in UK detector pack maps directly to Microsoft's published Sensitive Information Type entity definitions. Customers already using Purview will recognise our detector labels and the same proximity-based confidence model.

Procurement & due diligence

For procurement teams: we maintain a Statement of Applicability mapping each of the standards above to specific appliance controls and operating practices. Email security@trinito.com and we will return it within two working days, with certification status clearly marked.

Data path

Trinito's central infrastructure never sees customer prompts or responses. The appliance routes every prompt directly to the chosen LLM — local models on the box, Trinito Cloud, or your own provider keys — using credentials in its local encrypted secrets store.

Our licensing server receives a daily check-in with the appliance ID and returns signed config: active subscriptions, API keys for Trinito Cloud, monthly caps. No prompt content, no response content, and no audit log ever leave your office unless you export them.

Cryptography

All secrets on the appliance — provider API keys, session tokens, audit-log signing material — are encrypted at rest with libsodium secret-box, using a per-appliance master key. All inter-component traffic uses TLS 1.3. Signed config blobs from the licensing server are verified against a baked-in Trinito public key before any contained keys are accepted.

Per-appliance TLS

Every appliance ships with a unique public hostname under box.trinito.com and a publicly-trusted TLS certificate issued via ACME DNS-01. Browsers on your LAN see a real HTTPS certificate — no self-signed warning workflow and no manual trust configuration.

Certificates renew automatically through the licensing server every sixty days; private keys remain on the appliance.

Audit log

An append-only, hash-chained audit log records every prompt processed, every redaction decision, and every external send. The log stores cryptographic hashes of prompt and response content — not the content itself — so we can evidence what happened without retaining the underlying personal data.

Each entry includes a cryptographic link to the previous row; altering history breaks the chain and is detectable on export. The database enforces append-only behaviour via a row-level trigger, so even root cannot silently rewrite past entries without breaking the chain. Compliance teams can export from the appliance on demand.

Conversation history — which does retain prompt and response text for user reference — lives in a separate per-user store on the appliance, with per-conversation deletion controls and full erasure on user request.

Penetration testing

Our first independent penetration test is booked with a CREST-accredited firm; we will refresh annually thereafter. Once the first report is in hand, an executive summary will be available under NDA to enterprise prospects on request.

Vulnerability disclosure

Report security issues to security@trinito.com. We aim to acknowledge reports within one working day and will publish a full disclosure policy and PGP key here when ready.

Sub-processors

The list below is complete for Trinito-operated services. If you use bring-your-own keys, the appliance talks directly to your chosen provider under your contract — we are not in that data path.

Processor	Purpose	When it applies
Cloudflare (UK / global)	DNS for `box.trinito.com` per-appliance hostnames and ACME DNS-01 challenges for per-appliance TLS certificate issuance	Always (Trinito Compact and Trinito Standard tiers)
Trinito-owned bare-metal infrastructure	Trinito Licensing Server — daily signed configuration blobs, no prompt or response data	Always (Trinito Compact and Trinito Standard tiers)
Ollama Cloud	LLM inference for the Trinito Cloud model entry	When the customer chooses Trinito Cloud as their LLM provider
OpenAI	ChatGPT models	When the customer adds an OpenAI key under Bring-Your-Own; direct from appliance under their contract
Anthropic	Claude models	When the customer adds an Anthropic key under Bring-Your-Own; direct from appliance under their contract
Google	Gemini models	When the customer adds a Google key under Bring-Your-Own; direct from appliance under their contract

Customers using Bring-Your-Own provider keys: Trinito is not a sub-processor on that route. The appliance talks directly to your chosen provider under your contract with them.

Incident response

We maintain an incident response process for security and availability events affecting customer appliances or Trinito-operated infrastructure. Critical incidents (customer-visible degradation or suspected data exposure): acknowledgement within one hour during UK business hours, or within four hours outside them for Sovereign support customers. High severity (single appliance or service affected, no confirmed exposure): four-hour acknowledgement. Medium and low: next UK working day. We provide weekly written updates until resolution for confirmed security incidents.

For procurement teams: request a filled security questionnaire via contact (typically within three working days).

Send this page to your compliance officer.

We will answer your questionnaire with sourced, dated responses — or walk through the Sovereign air-gap deployment on a call.

Talk to us security@trinito.com