Architecture
Why an appliance, not SaaS or software-only
The on-premise architecture is the product. Move the sanitiser to the cloud and your data has to travel through that cloud to be redacted — the exact problem this product exists to solve. The appliance is what makes every other promise on this page literally true.
- 1. Prompts never leave unredacted Redaction runs in your building. SaaS prompt-firewalls handle raw content in transit to do their job. We do not — because the box is on your LAN.
- 2. The audit log is yours If Trinito vanishes, the log remains. A regulator gets a USB export from hardware you own — not a tenant in someone else's cloud.
- 3. One governed chat surface Staff use the Trinito chat on the LAN — the sanitiser, audit log, and model routing sit in one place. No per-endpoint agents to roll out or maintain.
- 4. Hardware acceleration included The integrated NPU runs sanitisation and local inference fast without bolting on extra kit.
- 5. One platform to support Tested updates on a known box — not "any Linux VM you happen to have."
Redaction pipeline
Three stages. Layered defence.
Trinito's redaction pipeline runs in three stages on the appliance — regex, named-entity recognition, then review before send.
-
01
Regex pass
UK personal identifiers — postcodes, NI and NHS numbers, VAT numbers, IBANs, sort codes, Luhn-validated cards, email, phone — plus contextual business references (claim numbers, case refs, NHS client IDs) where pattern packs apply. Fast and precise.
-
02
Named entity recognition
A local spaCy model finds person names, organisations, places, and money references that no regex can reliably catch.
-
03
Deduplication and Pre-Send Preview
Overlapping detections are merged. The user reviews the sanitised prompt and approves with one click before anything leaves the appliance.
Before
Draft an offer letter for Sarah Patel for the 3-bed flat at 14 Cromwell Road, SW7 4XL. Her solicitor is at Henderson & Co.
After
Draft an offer letter for [PERSON_1] for the 3-bed flat at [ADDRESS_1], [POSTCODE_1]. Her solicitor is at [ORG_1].
On the way back, placeholders are restored so the letter reads naturally.
Attachments
Files stay on the appliance. Only sanitised text is sent.
When someone drags a document onto the chat, the file is uploaded to the appliance and held locally. Apache Tika extracts text on the box — office documents and spreadsheets directly; images and scanned PDF pages via Tesseract through Tika. That text runs through the same three-stage sanitiser as a typed prompt.
What reaches the LLM is sanitised text embedded in the prompt. The original file is never sent to any provider's attachment API. This keeps the architecture provider-neutral and the data-residency claim absolute.
Shorter files can stay inline in the prompt for that conversation. Longer files can be indexed for retrieval so later turns pull only the relevant sections. Both modes are scoped to that one chat. For organisation-wide knowledge — handbooks, policies, case studies — see the document library below.
Supported at launch: PDF, DOCX, XLSX, CSV, PNG/JPG, and TXT. Spreadsheets are particularly useful — sensitive cells can be redacted while the model still analyses structure. Images or photos with no extractable text cannot be processed — the upload is marked extraction failed and can be retried or removed.
Document library
Your company knowledge, on the appliance
Upload your handbook, policies, case studies, and reference material. The chat retrieves from them as context — with the same privacy guarantees as every other prompt. Documents stay on the appliance; what leaves the box is sanitised, the same as user prompts.
Three tiers of visibility
- Org library
-
Visible to every user in the organisation. Brand guidelines, policies, the employee handbook, case studies. Admin-managed via the appliance admin pages.
- Personal library
-
Per-user case files, working notes, and personal templates — scoped so one user's library never leaks into another user's chat. The database enforces this at query time.
- Conversation attachments
-
Drag a file into a specific chat to discuss it. Default is inline mode — the appliance extracts and redacts the file, then includes it directly in the prompt body. For longer documents, an explicit Add to RAG for this conversation action chunks and indexes the document so later turns retrieve only the relevant sections. Both modes stay in that one conversation.
Scope is enforced at the database query level, not as a policy checkbox in application code. Even a privileged user cannot retrieve another user's personal library rows — the SQL query cannot return them. Uploads run through classification detection and chip review: you see every name and identifier the sanitiser found, and you can release intentional disclosures (a founder's name in a brand guide, a customer name in a case study). Each release is recorded in the audit log.
When a response used document context, the chat shows its sources — document title, content type, and sensitivity level — so the user knows where the answer came from. Every outbound send still passes through the sanitiser and Pre-Send Preview.
Document library workflow
LLM router
Use any model. Control who uses what.
The Gateway can route to:
-
Local models on the appliance
Qwen 2.5, Llama, and others — included with the appliance.
-
Trinito Cloud
Our managed subscription — monthly token allowance on Compact and Standard, customer-cancellable. Free starter allowance bundled so the box is useful from day one.
-
Your own keys
BYO OpenAI, Anthropic, and Google. Keys stored encrypted on the appliance (libsodium secret-box) and used directly from the box.
In every case, the appliance talks to the LLM provider directly. Trinito's servers are not in the prompt path — we never see the prompt, response, or your API key. Our licensing server only issues signed config (subscriptions, caps) on a daily check-in. The admin chooses per-model access, credentials, and catalogue additions.
Audit log
Every prompt processed. Every redaction. On the appliance.
An append-only, hash-chained audit log records every prompt processed, every redaction decision, and every external send. The log stores cryptographic hashes of prompt and response content — not the content itself — so we can evidence what happened without retaining the underlying personal data. Tampering with the chain is detectable on export; the database enforces append-only behaviour via a row-level trigger. Compliance can export from the appliance on demand.
Conversation history — which retains prompt and response text for user reference — lives in a separate per-user store on the appliance, encrypted at rest. Conversation-scoped attachments can be removed from chat.
Hardware specs
Three appliances. Capability scales with tier.
Specs-first overview. See pricing for list prices.
|
Trinito Compact |
Trinito Standard |
Trinito Sovereign |
| CPU / NPU |
8-core CPU with integrated 50 TOPS NPU |
8-core CPU with integrated 50 TOPS NPU |
12-core CPU with integrated 80 TOPS NPU |
| Unified memory |
32 GB |
64 GB |
96–128 GB |
| Storage |
1 TB NVMe |
3 TB NVMe |
4 TB NVMe |
| Inference throughput |
~8 tok/s on Qwen 2.5 7B |
~15 tok/s on Qwen 2.5 7B |
~80 tok/s on Qwen 2.5 7B |
| Noise level |
Near-silent (fanless) |
Near-silent (fanless) |
Near-silent |
| Power draw |
~28 W typical |
~32 W typical |
~90 W typical |
| Dimensions |
192 × 192 × 48 mm |
192 × 192 × 48 mm |
262 × 197 × 80 mm |
| Warranty |
3 years |
3 years + priority support |
3 years |
Deployment
What installation looks like.
- Plugs into your office network
- First-boot Automatically configured
- Browse. Login. Chat. Done.
Comparison
Four options, one that actually works.
The homepage table, expanded for buyers who need the detail.
|
Do nothing |
Block AI tools |
SaaS DLP |
Trinito AI Gateway |
| Staff use AI |
Yes |
Only on phones |
Yes |
Yes |
| Data stays in your office |
No |
Yes |
No — via vendor |
Yes |
| Audit trail |
None |
Partial |
Vendor-hosted |
On-appliance, hash-chained |
| Works with ChatGPT / Claude / Gemini |
Yes |
No |
Some |
All three, plus more |
| Capex, not per-seat |
— |
— |
Per-seat |
One box, monthly LLM |
| UK detector pack built in |
— |
— |
Vendor-configured |
builtin-uk-v1 out of the box |
| Air-gapped deployment |
— |
— |
No |
Sovereign tier |
| UK-built |
— |
— |
Mostly US |
Yes |