OLLM provides access to two types of model execution environments, Trusted Execution Environments (TEE) for cryptographically verifiable private inference, and Zero Data Retention (ZDR) via Vercel for policy-based privacy with a broader model catalog.
OLLM exposes models through two distinct execution environments, each with different privacy guarantees: Trusted Execution Environments (TEE) and Zero Data Retention (ZDR). Both ensure your inference data is not stored or logged, but they differ significantly in how that guarantee is enforced and what evidence you receive.
TEE models run inside hardware-isolated secure enclaves. The CPU and GPU execute inference in an environment that is encrypted and isolated from the host operating system, the hypervisor, and any infrastructure personnel, including OLLM and the model provider.
Every inference request processed inside a TEE produces a cryptographic attestation receipt: hardware-signed evidence that proves which model ran, inside which verified environment, and that the execution was not tampered with. This is hardware-enforced privacy, not a contractual assurance, but a mathematical one you can independently verify.
TEE models on OLLM run on infrastructure provided by NEAR and Phala Network, both of which operate Intel TDX–based confidential virtual machines with NVIDIA H100 GPU attestation.
What TEE guarantees:
Prompts and responses are encrypted in memory during execution, invisible to the host OS, hypervisor, cloud provider, and OLLM
Hardware-signed attestation receipt per request, independently verifiable against Intel and NVIDIA public infrastructure
Cryptographic proof that the exact model you requested ran inside a genuine, unmodified TEE
Zero data retention: no prompts or outputs stored or logged
ZDR models run on Vercel's AI infrastructure and are governed by a contractual zero data retention commitment from the underlying model providers. Vercel's AI gateway enforces that inference providers do not store, log, or use your prompts and responses for any purpose, including model training.
ZDR does not use hardware-isolated execution environments. There is no attestation receipt and no cryptographic proof of execution. The privacy guarantee is enforced through provider agreements and Vercel's data handling policies, not through hardware isolation.
ZDR opens up a dramatically larger catalog: nearly every major frontier model from Anthropic, OpenAI, Google, Meta, Mistral, and dozens more, as well as image generation, video generation, and embedding models that are not available in TEE environments.
What ZDR guarantees:
Inference providers do not store or log your prompts or outputs
No training on your data
Policy-enforced zero retention by Vercel and the underlying model providers
Access to the broadest frontier model catalog
ZDR infrastructure provider on OLLM:
Provider
Technology
Vercel (vercel)
AI gateway with zero data retention provider agreements
You operate in a regulated industry (healthcare, finance, legal) and need hardware-level data isolation
You need cryptographic proof of execution for audit or compliance purposes
Your threat model includes infrastructure-level compromise or insider risk at the provider
You require independently verifiable privacy guarantees per request
Choose ZDR when:
You need access to frontier closed-weight models (Claude, GPT-5, Gemini) not yet available in TEE environments
Your use case requires image generation, video generation, or advanced embedding and reranking models
Policy-enforced zero retention satisfies your compliance requirements
You want the broadest possible model catalog under a single API key
Both model types operate through the same OpenAI-compatible API and the same OLLM endpoint. The model ID you select determines which execution environment is used.
TEE models run on NEAR and Phala infrastructure with Intel TDX + NVIDIA H100 confidential compute. Every request produces a cryptographic attestation receipt.