Models
PrivateClaw routes inference through a TEE-protected pipeline: your CVM (SEV-SNP) talks TLS to our gateway (also SEV-SNP), which talks TLS to an inference cluster running in a TEE. The Azure host cannot read any of those memories, and network attackers can't read any of the hops. Learn how Trusted Execution Environments protect inference: confidential.ai/docs.
Current Model
Qwen 3.5
Active
| Context window | 32,768 tokens |
| Attestation | Verified. Every response includes an attestation report |
| Token pricing | $0.25 / 1M input tokens · $2.00 / 1M output tokens |
Privacy Guarantees
- Runs in a Trusted Execution Environment. The inference cluster operates inside a TEE with hardware-level isolation.
- Attestation on every inference response. The inference provider's tee-proxy attaches a cryptographic attestation report to every API response, proving the model ran inside a TEE.
- Our gateway is itself in a TEE. The proxy that sits between your CVM and the inference cluster runs in its own SEV-SNP Confidential VM. It terminates TLS, meters tokens for billing, and routes to the upstream backend — the Azure host cannot read its memory either.
- No data stored. Prompts and completions are not persisted by PrivateClaw; plaintext exists only in TEE memory during processing.
- Verifiable by you. Run
privateclaw verifyon your CVM to independently check SEV-SNP hardware and the inference provider's attestation. For background on how TEEs work, see confidential.ai/docs.