For Venice, privacy is foundational.

Your conversations are stored locally on your device, your prompts never persist on our servers, and when you use frontier models, Venice acts as a proxy so the provider never knows who you are.

Learn more about how Venice's privacy architecture works at venice.ai/privacy.

Today, we're making that privacy architecture even stronger and verifiable.

We're introducing verifiably encrypted AI inference, offering both Trusted Execution Environment (TEE) and End-to-End Encrypted (E2EE) models.

Why this matters

In practice, the privacy properties of any AI interaction depend on multiple layers: What happens on your device, what happens in transit, and what happens at the GPUs where inference runs.

Until now, Venice offered two kinds of privacy protection: anonymous access to the frontier closed-source models (where Venice masks your identity) and private inference based on zero-data-retention policies to access the leading open-source models.

Both are real, meaningful protections that millions of Venice users rely on.

As of today we go two steps further: with TEE and E2EE models now available on Venice, privacy can be verified through hardware attestation and cryptography. Any external party can validate the security in these modes. This means Venice now offers privacy where you don't need to trust Venice or its GPU providers. Security is enforced by hardware enclaves and verified through cryptographic attestation.

The four-mode framework makes these differences explicit so you can choose the right protection for each conversation.

The Four Privacy Modes on Venice

Every AI interaction on Venice passes through three layers: your device, Venice's proxy server, and the GPU where the AI computation happens. Each privacy mode protects these layers differently.

Anonymous

Introduced Fall 2025 to anonymize external models.

Here, Venice acts as a proxy between you and leading frontier model providers like OpenAI, Anthropic, Grok, and Google. Your identity is obscured from the provider, they don't receive your IP, account, or session data. Your prompts are transmitted over SSL and not stored by Venice, but the model provider processes them under their own policies and you should assume they store everything (because many of them do).

This is the mode you're using today whenever you chat with a frontier model on Venice like Claude Opus 4.6 or GPT Codex 5.4. Your identity stays obscured, so it is more private than using these providers directly, but the provider's infrastructure may save all content in your conversation.

Private

Venice's original mode.

Your prompts are processed on Venice-controlled GPUs or zero-data-retention partner infrastructure. Prompts are transmitted over SSL and not stored anywhere other than your local device. Privacy is enforced by contractual commitments from Venice and our partners.

This is the standard privacy model for open-source models on Venice. Your data is truly private because it's not retained, but you are trusting Venice and its partners to honor that commitment.

In Anonymous and Private modes, privacy is enforced by policy and contractual commitment (you are trusting Venice to do what we promise). In TEE and E2EE modes, privacy is enforced by hardware and cryptography. It's verifiable, not just promised.

TEE (Trusted Execution Environment)

New as of March 2026

This is where privacy moves from policy-based to provable. TEE models run inference inside a secure hardware enclave operated by external partners, currently NEAR AI Cloud and Phala Network. The enclave isolates the computation from the host operating system, hypervisor, and infrastructure operator. The software running on the CPU and GPU can be trusted not to have been tampered with at the system level, and neither the partner nor Venice can access your prompts during processing.

Remote attestation produces a cryptographic certificate tied to the hardware itself, proving the model is running inside a genuine enclave. You don't have to take anyone's word for it. The raw attestation evidence can be extracted and validated independently outside Venice.

With TEE, you no longer need to trust the owner or operator of the GPU, but you are still trusting Venice that the data in transit is not being retained (it's not). Because your data still passes through Venice's proxy, TEE models support all Venice features including web search, file uploads, memory, and auto-routing. This makes TEE the right choice when you want hardware-verified privacy without giving up functionality.

TEE is available on a growing number of models on Venice, operated by two external partners: NEAR AI Cloud and Phala Network.

E2EE (End-to-End Encryption)

New as of March 2026

E2EE is the strongest privacy mode Venice offers. Your prompt is encrypted on your device before it leaves, stays encrypted as it passes through Venice's proxy infrastructure, and is only decrypted inside a verified hardware enclave on the GPU. Neither Venice nor the GPU providers can see your data at any point during normal operation, even if they wanted to.

When you use an E2EE model, a new verification icon appears alongside each response. Click it to view the attestation report, which includes everything you need to independently verify that your prompt was encrypted end-to-end and processed inside a genuine TEE.

Because your prompt is encrypted end-to-end, E2EE models are limited to basic functionality, and similar to TEE, responses may be slower than in Private mode. Features like web search and memory are disabled in E2EE mode because they would require decrypting your prompt outside the secure enclave. Each response is cryptographically signed and verified before it reaches you.

E2EE is available across a growing number of models from two providers: NEAR AI Cloud and Phala Network.

For a detailed breakdown of each mode, including trade-offs and supported models, visit venice.ai/privacy.

Available models

All models below support both TEE and E2EE. You can toggle between the two modes in model settings.

Venice Uncensored 1.1
GLM 5
Qwen3.5 122B A10B
Gemma 3 27B
GLM 4.7
GLM 4.7 Flash
GPT OSS 20B
GPT OSS 120B
Qwen 2.5 7B
Qwen3 30B A3B
Qwen3 VL 30B A3B

What comes next

This is our new privacy foundation. Every model on Venice will show its privacy mode directly in the product so you always know what kind of protection you're choosing before you start a conversation.

We'll be expanding the number of models available in TEE and E2EE modes, working to bring more Venice features into E2EE compatibility, and publishing detailed technical documentation on the attestation verification process.

For the full technical details on each mode, including how attestation works, what we store and don't store, and links to provider documentation, visit venice.ai/privacy.