Core Concepts
The Veil, Confidential execution
Every job runs in a sealed enclave. The operator supplies compute but never sees your prompt, working data, or output, enforced by hardware, not policy.
How it works
Each job is dispatched into a confidential environment on the chosen node. Techniques in scope span the confidential-computing spectrum:
- TEE, trusted execution environments (e.g. SGX-class) seal execution so even the host cannot read the workload.
- FHE, fully homomorphic encryption for select workloads that compute directly on ciphertext.
- MPC, secure multi-party computation splits trust across parties.
What's sealed
Inside the Veil, the node operator cannot observe:
- Your prompt and system instructions
- Working data, documents, embeddings, retrieved context
- The model's output
- Agent memory, tools, and API keys, for sealed agent runs
Privacy attestation
On completion the enclave emits a signed privacy attestation, rooted in hardware attestation, proving the workload ran in an approved confidential environment. This attestation is bound into the job's Green Compute Certificate, so privacy is a receipt you can audit, not a promise on a landing page.
Use cases
- Regulated data, health, legal, finance, that can't leave your control in the clear.
- Confidential fine-tuning and private RAG over your own documents.
- Bring-Your-Own-Model hosting where weights are never exposed to operators.
"Send it to someone else's GPU" is a non-starter for proprietary data, unless it comes back with a verifiable receipt. The Veil is that receipt.