ZenLLM

Security guidance for implementers and technical evaluators

This page is the short implementation-facing version of the broader trust center. Use it when an engineer needs to understand how auth, API keys, telemetry, and data handling work before they integrate.

Implementation-facing controls

Browser users authenticate with Firebase bearer tokens. SDK and ingest clients authenticate with X-API-Key. ZenLLM API keys are shown once, stored hashed, and should be handled like production secrets.

Website on Firebase Hosting, API on Google Cloud Run over HTTPS.

Telemetry model focuses on usage and cost metadata, not raw prompt text by default.

Use the public trust center and PDF for broader procurement or vendor assessment needs.