- Portkey: multi-provider routing and reliability — excellent for uptime, not designed for data protection
- Helicone (now Mintlify): observability and cost analytics — HIPAA tier at $799/mo stores encrypted prompts
- Privedge: PII never reaches the LLM provider — architectural prevention, not contractual restriction
- Best stack: Privedge → Portkey → LLM — anonymized data flows safely through the observability layer
AI gateway tooling has matured rapidly. If you’re evaluating options for your production AI infrastructure in 2026, you’ve likely come across Portkey, Helicone, and Privedge — three tools that all describe themselves as sitting between your application and your LLM provider.
The comparison that most blog posts miss: these tools were built for fundamentally different problems. Portkey was built for reliability. Helicone was built for observability. Privedge was built for privacy. Understanding the distinction prevents you from picking a tool that solves the wrong problem.
This is an honest comparison — including Privedge’s limitations — so you can make the right choice.
What each tool is actually for
Portkey is a production AI gateway focused on reliability, routing, and multi-provider management. It excels at automatic fallbacks (if OpenAI times out, route to Anthropic), load balancing across API keys, caching to reduce costs, and running prompt experiments. Portkey is the tool you reach for when your AI infrastructure needs to be robust and observable.
Helicone was the leading AI observability platform until its acquisition by Mintlify in March 2026. Post-acquisition, it continues to operate as a standalone product with a renewed focus on enterprise compliance. Its core value is logging every LLM interaction with full context — costs, latencies, prompt versions, user attribution — making it indispensable for teams that need to understand what their AI is doing in production. The HIPAA-capable tier was introduced at $799/month in late 2025.
Privedge is a privacy proxy, not a gateway in the traditional sense. It was built for a different problem: ensuring that personal data, protected health information, and confidential business content never reach LLM providers in the first place. It runs on Cloudflare Workers at European and American edge nodes, intercepts every prompt in under a millisecond, and replaces PII with reversible tokens before forwarding to any LLM provider.
Portkey: multi-provider routing and reliability
Portkey’s architecture centers on a virtual key system that proxies your AI provider keys. Configure Portkey once, point your application at Portkey’s endpoint, and get:
- Automatic fallbacks: define ordered provider lists; Portkey retries on errors or timeouts
- Load balancing: distribute traffic across multiple API keys or provider accounts
- Semantic caching: cache responses based on prompt similarity, not just exact matches
- Guardrails: configurable input/output filters that can block certain content or inject system prompts
- Analytics: cost tracking, latency histograms, request volumes by model and user
Where Portkey is less strong: data privacy. Portkey logs requests for observability purposes. The logged data includes your prompts and completions. For applications handling PII or PHI, this means Portkey becomes another system that holds sensitive data — one more place you need a DPA, security review, and trust relationship with.
Portkey does offer a GDPR-compliant processing addendum and can be configured to minimize logging. But it was not designed as a privacy-first tool, and its security model reflects that.
Best for: Engineering teams that need reliability, multi-model experiments, and production observability. Not suited as a primary data protection control.
Helicone: observability, now part of Mintlify
Helicone’s acquisition by Mintlify brought more enterprise investment into the product’s compliance story. The current offering includes:
- Full request/response logging with search and filtering
- Cost tracking down to individual users and sessions
- Prompt management — versioning, A/B testing, performance tracking
- HIPAA-capable tier ($799/month, includes BAA, encrypted storage, audit logs)
- Integrations with LangChain, LlamaIndex, and most major AI frameworks
The HIPAA tier is worth discussing honestly. Helicone stores encrypted copies of your prompts and responses. The BAA makes them your business associate. The encryption protects against external breaches. What it doesn’t do is prevent the PHI from being stored. For organizations with strict data residency requirements or regulatory mandates against storing PHI with third parties, “encrypted storage” is still “third-party storage.”
The $799/month price point also reflects what this tier actually is: an enterprise compliance product with meaningful operational overhead, not a drop-in compliance solution.
Best for: Teams that need deep observability and are willing to invest in compliance overhead. Excellent for debugging AI applications in production. The HIPAA tier is legitimate if your threat model allows third-party storage with strong contractual protections.
Privedge: PII interception at the edge
Privedge approaches the problem from the opposite direction: instead of securing the data after it’s been transmitted, prevent the sensitive data from being transmitted at all.
Architecture: Privedge runs as a Cloudflare Worker deployed at edge nodes close to your users. Every prompt passes through the worker, which runs a pipeline of entity recognition and pattern matching to identify PII. Detected entities are replaced with reversible tokens ([PERSON_1], [EMAIL_1], [MRN_1], etc.) using a session-specific key that stays in your infrastructure. The anonymized prompt is forwarded to your configured LLM provider. The response, which contains only tokens, is returned to Privedge, rehydrated with the original values, and forwarded to your application.
Key properties:
- Data never reaches the LLM provider — the provider processes tokens, not personal data
- Architecturally impossible to leak — there’s nothing to leak; the data was never transmitted
- Drop-in compatible — change your
baseURLfromapi.openai.comtoapi.privedge.io; your SDK calls don’t change - Works with any provider — OpenAI, Anthropic, Mistral, Azure OpenAI, self-hosted models
- EU/US edge deployment — data processed at the nearest edge node, in-region for GDPR purposes
Where Privedge has tradeoffs: it doesn’t provide the observability depth that Portkey or Helicone does. If you need per-user cost attribution, prompt version management, or latency analytics, Privedge’s audit logs are compliance-focused (what was masked, when, which policy applied) rather than operations-focused (cost per user, latency percentiles). The right answer for many teams is Privedge + a downstream gateway with logging of already-anonymized data.
Best for: Applications where regulatory compliance is a hard requirement — healthcare (HIPAA), EU applications (GDPR), legal tech (attorney-client privilege), financial services (PCI-DSS, GLBA). Also appropriate as a precautionary measure for any application handling personal data.
Feature comparison table
| Feature | Portkey | Helicone | Privedge |
|---|---|---|---|
| Multi-provider routing | ✅ | ✅ (limited) | ✅ (pass-through) |
| Automatic failover | ✅ | ❌ | ✅ (via routing config) |
| Request/response logging | ✅ | ✅ | ✅ (anonymized only) |
| Cost analytics | ✅ | ✅ | ✅ (basic) |
| PII detection | ❌ | ❌ | ✅ |
| PII never reaches LLM | ❌ | ❌ | ✅ |
| HIPAA BAA | ❌ (add-on) | ✅ ($799/mo) | ✅ |
| GDPR adequacy (Art. 46) | ⚠️ (SCC only) | ⚠️ (SCC + encryption) | ✅ (pseudonymization) |
| Edge-native | ❌ | ❌ | ✅ (Cloudflare Workers) |
| Open-source SDK | ✅ | ❌ | ✅ |
| Drop-in OpenAI replacement | ✅ | ✅ | ✅ |
| Self-hostable | ✅ (partial) | ❌ | ✅ |
When to use which
Choose Portkey when your primary concern is uptime and multi-model routing. If you’re running a high-traffic application and need automatic failover between providers, or you want to experiment with multiple models without changing application code, Portkey is the right tool.
Choose Helicone when you need deep production observability. If your team needs to understand costs by user, debug model behavior, manage prompt versions, and you’re comfortable with logged data under a contractual protection framework, Helicone (now under Mintlify) provides excellent tooling.
Choose Privedge when regulatory compliance is a hard constraint. If you’re in healthcare, legal, finance, or building in the EU for users with GDPR rights, and you need to demonstrate that personal data is technically prevented from reaching LLM providers — not just contractually restricted — Privedge provides the architectural guarantee that contracts cannot.
Can you use Portkey + Privedge together?
Yes, and this is a strong production architecture for compliance-sensitive teams:
Application → Privedge (PII stripped) → Portkey (routing + observability) → LLM provider
What Portkey logs is already pseudonymized. What the LLM receives is already pseudonymized. You get Portkey’s full observability stack — costs, latencies, model comparisons — without any of the privacy risk, because the privacy problem was solved before the request reached Portkey.
This layered approach is what serious enterprise deployments use: privacy first, then operations.
Conclusion
The “AI gateway” category is broad enough that tools with very different purposes all claim membership. Portkey and Helicone are excellent at what they do — but neither was designed to prevent personal data from reaching LLM providers. That’s not a criticism; it’s a scope definition.
If your compliance posture requires more than a BAA and a contractual commitment, if you need technical evidence that PHI or PII was never transmitted, Privedge fills that gap. Explore the architecture at privedge.io.
Protect your AI prompts with Privedge
Intercept personal data before it reaches OpenAI or any other provider. One-line change. No refactoring.
Get started free