Our Threat Model for Local-First AI

Every privacy product has a list of who it tries to protect you from. Most companies hide that list. Here is ours, in plain English.

What we try to keep you safe from

The AI company keeping a copy. When you talk to the assistant, your message goes to whichever AI you picked (Claude, ChatGPT, Gemini, Grok, DeepSeek). After that, we do not store the conversation in our own database. The chat lives in your own browser. A future desktop version will run the AI on your own machine so even the message stays with you.

The assistant doing things on its own. Every send-an-email or book-a-meeting waits for your tap. Even if the AI gets confused or tricked, it cannot act without you saying yes.

Someone quietly changing the record. Every action you approve gets a fingerprint that lands on a public chain plus a public backup. If we ever tried to edit history later, the public copy and the chain would no longer line up. The lie would show.

Your saved data leaking off your machine. The settings page has an option to lock your local data with a passphrase. The locking part is built; we are still wiring it into every place data is saved. We tell you that on the settings page, in the same words, so you know what is locked and what is not yet.

What we do NOT protect you from yet

The AI company itself being broken into. If Anthropic or OpenAI gets breached and they decide to log conversations, we cannot stop that. The desktop version that runs the AI on your own machine is the answer here.

A bad browser extension. Any extension with permission to read pages can read what you see, including the approval popup. This is a problem the browser, not us, has to solve.

Pressing yes without reading. If you tap Allow on every prompt out of habit, we cannot save you. The pause is a chance to think, not a force field.

A government or intelligence agency that really wants in. We are not Signal. If you need that level of protection, do not rely on us alone.

The point of writing this down is not to claim we are perfect. It is to give you the information you need to decide whether what we built matches what you actually worry about.