ZenLLM

Security guidance for implementers and technical evaluators

Implementation-facing security guidance for teams reviewing auth, API keys, telemetry, and data handling before they integrate.

Implementation-facing controls

Browser users authenticate with Firebase bearer tokens. SDK and ingest clients authenticate with X-API-Key. ZenLLM API keys are shown once, stored hashed, and should be handled like production secrets.

Website on Firebase Hosting, API on Google Cloud Run over HTTPS.

Telemetry model focuses on usage and cost metadata, not raw prompt text by default.

Use the public trust center and PDF for broader procurement or vendor assessment needs.