Draft an offer letter for Sarah Patel for the 3-bed flat at 14 Cromwell Road, SW7 4XL. Her solicitor is at Henderson & Co.
How it works
Three stages: type, sanitise, send.
Trinito Gateway
Draft an offer letter for [PERSON_1] for the 3-bed flat at [ADDRESS_1], [POSTCODE_1]. Her solicitor is at [ORG_1].
Flagged entity
Placeholder token
The three stages
Stage 01
Type
Someone on your team writes a prompt the way they always do — in the Trinito chat window, or on ChatGPT, Claude, or Gemini through the browser extension.
They do not learn a new tool. The Gateway sits in the path and only steps in when it needs to.
Stage 02
Sanitise
The Gateway reads the prompt on the appliance in your office. It finds names, addresses, account numbers, and anything in your custom rule pack — then swaps them for safe placeholders.
The person sees the cleaned version, can edit it, and approves with one click before anything leaves the building.
Stage 03
Send
Only the sanitised prompt goes to the LLM you chose — ChatGPT, Claude, Gemini, or a model running on the box.
The answer comes back through the Gateway. Placeholders are put back so the person reads normal text. The public AI never saw the real names or numbers.
Where the data goes
Sanitisation stays in your office. Only placeholders cross the border.
Original prompts and audit logs never leave the appliance. What crosses your firewall is sanitised text — and only when you approve it.
Your office
UK · your LAN
Trinito Gateway
UK · on-premise
Public LLM
EU or US · your choice
Stays hereOriginal prompt, findings, audit log — on the appliance.
Crosses outSanitised prompt only — tokens like [PERSON_1], not real PII.
ReturnsLLM response to the Gateway, rehydrated before the user sees it.
You chooseRoute to EU endpoints, US endpoints, or local models on the box.
UK → EU routing
OpenAI and Anthropic offer EU data residency on eligible plans. Sanitised prompts can stay in the EEA if your admin selects EU endpoints — useful for GDPR-focused buyers.
UK → US routing
Some models and tiers process in the United States. The Gateway still ensures confidential fields never leave your office in the clear — only placeholder text crosses the link.
What the user sees
Three surfaces. One workflow.
The extension on public AI sites, the in-office chat with sanitised preview, and the admin audit log — same approve-and-send model throughout.
Browser extension popover
Browser extensionPrompt Shield on chat.openai.com, claude.ai, or gemini.google.com — findings count and override before send.
Chat · sanitised preview
Trinito chatSanitised prompt with placeholder chips, original alongside, one click to approve and send.
Admin · audit log
Admin audit logHash-chained entries, filter by user, export signed CSV for compliance.
Send this page to whoever signs it off.
If the flow makes sense here, the live demo will too. Twenty minutes on your network.