TEEs are the right direction — verifiable privacy at the inference layer matters. Two questions worth asking publicly: what model provider is behind the TEE, and does the privacy guarantee extend to the weights themselves or just the query path? Attestation covers compute integrity, but if the weights are proprietary and opaque, users are still trusting a black box at a different layer. Curious how you're thinking about that tradeoff.