It doesn't need to be trust-based, and in fact shouldn't be trust-based, because even if I trust you, I also have to trust the people who could coerce or bypass you, or people who could maliciously access/modify your systems.

This is why end-to-end encryption is really the only way to make promises as a server about not reading / storing logs.