Draft an offer letter for Sarah Patel for the 3-bed flat at 14 Cromwell Road, SW7 4XL. Her solicitor is at Henderson & Co.
On-premise by design
Your colleague just uploaded a contract to ChatGPT to summarise.
Your colleague just uploaded a contract to ChatGPT to summarise.
They broke UK GDPR.
Every prompt your team sends to a public LLM is a potential UK GDPR breach — names, addresses, NI numbers, client references, financial figures, all out of your control the moment they leave your office.
Trinito is an on-premise AI gateway that strips identifying information from your prompts before they leave your office. Your team gets the answers they need. Your data stays where it belongs.
Trinito Gateway
Draft an offer letter for [PERSON_1] for the 3-bed flat at [ADDRESS_1], [POSTCODE_1]. Her solicitor is at [ORG_1].
Flagged entity
Placeholder token
Trinito implements the technical controls of ISO/IEC 27701:2025 — automated PII minimisation, de-identification, audit trail, transmission controls. The privacy controls your auditor wants, running from minute one. How →
Why the AI Gateway matters
- 73%
- of UK office workers have pasted work data into a public AI tool.
- 0
- prompts leave your office unredacted.
- 0
- prompts ever touch Trinito's servers — sanitised or otherwise.
Problem
Every UK business has the same conversation in 2026. Staff are using ChatGPT and Claude because they make the work faster. The board wants a policy. Compliance wants an audit trail. IT wants something that does not require rewriting a year of working habits.
Blocking the public AI tools does not work — staff use their phones. SaaS-based DLP forwards your data through a third party. Running everything on local-only models means giving up the AI your team actually wants to use. The Trinito AI Gateway is the third option: a small appliance that sits in your office, watches what goes out, and removes what should not leave.
How it works
Three stages. One appliance.
-
Prompt
A staff member types in the Trinito chat window — browser extension for ChatGPT and Claude coming in Phase 2.
-
Sanitise
The Gateway scans the prompt, finds confidential information, replaces it with placeholders, and shows the result for one-click approval.
-
Send and rehydrate
The sanitised prompt is sent to the chosen LLM. The response comes back, placeholders are restored, the user sees the original context.
What it protects
Concrete patterns. Named entities. Your own rule pack.
UK postcodes
National Insurance numbers
VAT numbers
IBANs and sort codes
Credit cards (Luhn-validated)
Email addresses
Phone numbers
Person names (NER)
Organisation names (NER)
Place names (NER)
Money amounts in context
API keys and secrets
Custom rules per organisation — add your client list, project codenames, or product codes in five minutes.
Attachments
Documents stay on the appliance. Only sanitised text leaves.
Drag a PDF, Word doc, spreadsheet, or scanned image onto the chat. Trinito extracts the text on-device, sanitises it, and sends only the sanitised version to the LLM. The original file never leaves your appliance.
PDF
DOCX
XLSX
CSV
PNG / JPG (OCR)
TXT
Who it is for
Built for the businesses pasting client data into ChatGPT today.
Estate agents
Redact client names, addresses and offer values from every prompt — draft particulars and offer letters safely.
Recruitment
Sanitise candidate names, salaries and CVs before they reach the LLM — rewrite specs and screen CVs with confidence.
Financial advisers
Keep portfolios, sort codes and IBANs in your office — suitable for FCA-supervised firms on the Sovereign tier.
Accountants
Protect client names, VAT numbers and figures on-premise — draft narratives, queries and tax notes without leakage.
Comparison
Four options, one that actually works.
| Do nothing | Block AI tools | SaaS DLP | Trinito AI Gateway | |
|---|---|---|---|---|
| Staff use AI | Yes | Only on phones | Yes | Yes |
| Data stays in your office | No | Yes | No — via vendor | Yes |
| Vendor never sees your prompts | No | N/A | Cleartext in vendor cloud | Yes — redaction on your LAN |
| Audit trail on your own hardware | None | Partial | Vendor-hosted | Hash-chained on appliance |
| Works with ChatGPT / Claude / Gemini | Yes | No | Some | All three, plus more |
| Capex, not per-seat | — | — | Per-seat | One box, monthly LLM |
| UK-built | — | — | Mostly US | Yes |
Pricing
Buy once. Subscribe lightly. Own the box.
Same sanitiser on every tier — only the LLM hosting changes.
From
£1,199ex VAT
- Cloud-first · small teams
- 5M tokens included on Trinito Cloud
From
£1,499ex VAT
- Hybrid · mid-size offices
- 15M tokens included on Trinito Cloud
From
£2,499ex VAT
- Regulated industries · air-gap available
- custom · air-gapped deployment
Frequently asked
The five questions every IT buyer asks first.
Will it slow my team down?
No. The Gateway adds under 300 milliseconds per prompt on the default plan — most of which is the LLM you would have called anyway. Sanitisation runs on the appliance and is built to be invisible. The browser extension and chat UI both stream tokens as they arrive.
Can the redaction be trusted?
It is layered. UK-specific regex (postcodes, NI numbers, IBANs, Luhn-checked cards) catches the things you can write down. A local NER model catches names, organisations and places. A custom rule pack covers your specific client list. Every finding is logged. Every prompt can be reviewed before sending — by default on regulated tiers.
Which LLMs does it work with?
ChatGPT (OpenAI), Claude (Anthropic) and Gemini (Google) out of the box. Local models running on the appliance — Qwen, Llama, Mistral. New models added by the admin from a curated catalogue, or by bringing your own keys.
What happens if you go out of business?
The appliance keeps working. Local models run locally; your own OpenAI or Anthropic keys keep routing through the same redaction pipeline. The audit log is yours. We commit to a source-available fallback build for active customers if we ever close.
Is this for regulated industries?
The Sovereign tier ships with an air-gapped deployment option, suitable for FCA-supervised advisers, SRA-regulated firms, and healthcare admin. Audit logs are hash-chained on the appliance. Compliance can export the last 90 days as a signed CSV.