Twenty-two questions, grouped.

A small fanless appliance on your office network that sits between your team and the public LLMs they already use. Every prompt is inspected before it leaves the building: names, addresses, UK identifiers, account numbers, and your own client list are replaced with placeholders. The model still gets a useful prompt; your confidential fragments do not cross the wire in cleartext. On the way back, placeholders are restored so the answer reads naturally.

Staff can use a browser extension or a local chat UI — same models, governed path. You get an audit trail on hardware you own. It is an AI firewall, not a replacement for ChatGPT. See what the Gateway does and how the pipeline works.

In practice, no — not in the way that makes people bypass it. Redaction and approval add under 300ms on a typical Standard deployment; most of the wait is still the LLM you would have called anyway. Responses stream as they arrive in both the extension and the chat UI.

What slows teams down is a separate "compliance portal" they refuse to open. We optimised for the path they already use. After the first week, most users stop noticing the extra step — unless the system catches something they would have regretted sending. If latency matters for a specific site, we benchmark on your network during the demo.

Out of the box: ChatGPT (OpenAI), Claude (Anthropic), and Gemini (Google), via your keys or our managed allowance. On the same appliance you can run local models — Qwen 2.5, Llama 3, Mistral — for work that must not leave the LAN at all.

Admins add models from a curated catalogue or bring their own API keys. Group-based rules control who may use which model. You are not locked into a reseller markup on tokens unless you choose our bundled allowance. Full list and routing behaviour are on the AI Gateway page.

The appliance keeps working. Local models run locally. Your own OpenAI or Anthropic keys continue through the same redaction pipeline. The audit database is on your box — exportable as signed CSV whenever you want.

We maintain a source-available fallback build for active customers if we ever wind down: binaries and build scripts are escrowed. We are a small UK company; we do not ask you to bet the firm on our balance sheet. We ask you to bet on hardware you own and logs you control. More detail in our security overview.

Yes — encouraged, for many firms. Drop your key in the admin UI, assign it to users or groups, and point them at the models you already pay for. We are not in the billing path: you see usage on your OpenAI invoice as today.

Redaction still runs on the appliance before egress. You can mix BYO keys with our monthly token allowance on Compact and Standard, or run local-only on Sovereign if you air-gap. Cancel our monthly fee and keep using your keys with no change to the hardware. See pricing for allowance and overage rates.

Layered — by design, not one magic model. A regex pass catches UK-specific patterns: postcodes, National Insurance numbers, VAT numbers, IBANs, Luhn-validated payment cards, emails. A local NER model catches person names, organisations, places, and money references. Your custom rule pack catches what only you know: client lists, matter codenames, project names from last quarter's CRM export.

Findings merge into a single review screen. The user approves the sanitised prompt before anything leaves. Optionally, a small local model takes a second pass on ambiguous spans. We explain the pipeline openly on How it works — because "trust us, it's AI" is not a control.

More than the alternative — which is trusting every employee to remember the policy at 6pm on a Friday. We are honest about false negatives: no classifier is perfect. The safety net is user review before send, plus custom rules you add the first time something slips through.

What you can trust is the process: every session logged, redaction decisions visible, export for your auditor. Compare that to shadow ChatGPT on a personal phone where you have zero telemetry. Our security page and printable procurement PDF spell out architecture without marketing adjectives.

The user sees the sanitised prompt before it sends. If they spot a miss — a client name the NER did not know, a codename from a new deal — they edit in place or add a one-click rule. That rule is live immediately for the same pattern next time.

You run a short retrospective with us after go-live: review the first week's log, tune the client list, tighten regex where your sector demands it. A miss is a process improvement, not a silent breach — unless someone deliberately bypasses the Gateway entirely, which is why network placement matters. Read what UK firms actually paste into ChatGPT.

On the appliance — append-only, hash-chained SQLite, encrypted at rest. They do not sync to our cloud by default. Export on demand as a signed CSV for regulators, insurers, or your own SIEM.

That custody model is deliberate: when the ICO or your professional body asks who sent what to which model, you hand them your export — not a ticket to a US vendor's retention policy. Air-gapped Sovereign deployments keep the same store; updates arrive by USB, not tunnel. Technical detail on the audit log section.

We built Sovereign for regulated professional firms — FCA-supervised advisers, SRA-regulated practices, healthcare admin working to DSPT — who need air-gap options and an assurance pack an auditor can follow. We do not sell "compliance in a box"; we sell inspection, logging, and UK support when your reviewer has questions.

Whether it satisfies your specific obligation still depends on your DPIA and client contracts. We will walk your compliance lead through the first review at no extra cost on Sovereign. Start with the security overview and talk to us if your regulator's name is in the subject line.

Rack or shelf the appliance, connect power and Ethernet, reach the local web UI from a management workstation. Sign in with Entra ID or AD. Pick default models, import your first client list, roll out the browser extension via your usual policy tool.

We run a 60-minute onboarding with your IT team: SSO, first custom rules, and a test prompt that looks like your sector. Most firms are live the same day. No cloud tenant to provision on our side. Step-by-step context on How it works and deployment notes on the Gateway page.

No redesign. The appliance makes outbound HTTPS to the LLM providers you allow — same as a desktop today, but via inspection. Inbound, it serves the local chat UI on the LAN. No inbound port forwards, no public IP, no hairpin through a US proxy you do not control.

Remote management uses a signed WireGuard tunnel — opt-in, off by default on sensitive sites. If you segment VLANs, we document which paths need to reach the box; most SMBs run it on the office LAN staff already use for work.

Yes. SAML, OIDC, or LDAP — whichever matches how you already sign people into internal tools. Group-based RBAC decides who can use which models and who sees admin functions. MFA flows through your existing IdP; we do not operate a parallel username database you have to babysit.

MSP tip: map "All Staff" to Standard models and "Partners" to BYO keys if billing differs by role. Entra conditional access policies you run today still apply to the machines hitting the Gateway.

Yes — on Sovereign. Local models ship on the appliance; signed updates apply by USB; the remote-management tunnel stays disabled. Staff still get capable AI for drafts and summaries; nothing leaves the building unless you explicitly allow a redacted egress path later.

Air-gap is not free convenience: you trade frontier-model flexibility for custody. Many firms run hybrid — local for privileged work, redacted public models for the rest — on Standard with a stricter rule pack. We will tell you honestly if air-gap is overkill for your size.

Default: signed updates through an optional WireGuard tunnel you control the window for — evenings or weekends, your timezone. Security patches ship as they are ready; model catalogue updates follow the same channel.

Air-gapped sites receive quarterly USB bundles plus out-of-band security fixes when needed. Firmware, redaction engine, and extension are versioned together so you are not chasing three vendors. Policy details in the security pack.

Three tiers, ex VAT: Trinito Compact from £1,199 hardware plus £39/month (5M tokens included). Standard from £1,499 plus £79/month (15M tokens). Sovereign from £2,499 hardware with custom monthly for air-gapped and regulated deployments.

Hardware is a one-time purchase you own. Monthly covers allowance, updates, and UK support — or bring your own API keys and treat the fee as software/support only. Toggle inc VAT on the pricing page; charity and education discounts available on request.

Not a self-serve "sign up and ship" trial — the appliance is configured for your network, not a shared sandbox. We run a 20-minute live demo with redaction on prompts that look like your sector. For larger or regulated opportunities we arrange a two-week pilot on your LAN with your rules.

That is deliberate: a generic trial box does not answer "will it catch our client names." The demo does. Book a demo — we respond within one working day, often the same hour.

Yes — 24- or 36-month leases through UK finance partners on Standard and Sovereign. Monthly lease figures appear on your quote alongside the ex-VAT purchase price so finance can compare both.

Compact is purchase-only today because of ticket size. At end of lease you return, renew, or buy out per the lessor's terms — the software licence and your audit data stay yours regardless. Ask on the quote form if you need a pro forma for the board.

Three years on hardware — next-business-day replacement in the UK. If a fanless unit fails, we ship a replacement; you return the faulty unit in the prepaid packaging.

After year three, extend warranty annually or run to end-of-life — security and software updates continue either way because they are tied to the appliance, not to a support subscription that expires silently. Full terms on your order confirmation; ask if you need insurer-friendly wording.

On Compact and Standard: LLM token allowance (5M or 15M per month), security and model updates, UK email and phone support, and access to the managed catalogue. Overages bill at the rates on the pricing page — or switch to BYO keys and stop paying us for tokens.

Not included: your own OpenAI/Anthropic invoices when you BYO, on-site cabling, or unlimited professional services. Cancel monthly on 30 days' notice; the box keeps working on your keys or local models. Sovereign monthly is POA and includes air-gap packaging and assurance support — quoted per deployment.

Purview's AI and third-party LLM features sit inside Microsoft 365 E5, or as a paid add-on on E3 and Business Premium. Most UK SMBs on Business Standard or below do not have it without a substantial per-user uplift.

Even when licensed, Purview's protection for third-party LLMs typically requires Edge for Business with Entra sign-in. Chrome without the extension, Safari, phones, iPads, and personal devices on your Wi‑Fi are outside that path. Trinito enforces at the network gateway — every device on the office LAN, without per-endpoint agents. Audit logs stay on your appliance, not Microsoft's cloud. On headline maths, we are roughly one tenth the per-user cost of an E5 uplift for comparable AI egress control at fifty seats.

Purview wins if you are all-in on Microsoft already. Trinito wins on mixed browsers, BYOD, and logs you export yourself. Full table: Trinito vs Microsoft Purview.

Trinito is office-suite agnostic. We sit at the network layer whether you run Microsoft 365, Google Workspace, or neither. Identity still comes from Entra, Google Workspace, or LDAP — we do not care which logo is on your mail.

Google's Workspace DLP helps with classified content inside Google apps. It is not a prompt firewall: it does not inspect what someone pastes into chat.openai.com or the Claude app on their phone. Trinito does — before the prompt leaves your building. Many Workspace-native firms pair Google for productivity and Trinito for AI egress. See our buyer's guide to AI firewall vs SaaS DLP vs local models for the wider picture.