LocalKeep

Guide · 5-minute read

AI and privacy: what happens to your texts when you use cloud AI

Every time you paste an email, meeting minutes, or a contract into a chatbot, that text takes a journey you never see. This guide explains where it goes, the questions worth asking, and the alternative that exists.

Updated

№ 01

Your text's invisible journey

Most AI assistants work the same way: your text leaves your device, crosses the internet, and lands in a data center where a model processes it and sends back the answer. That design is reasonable for many things — large models don't fit in a phone — but it has a consequence almost no one stops to think about: your text is no longer only in your hands.

Along the way, that text may be recorded in the provider's logs, retained for a while for "safety and service improvement", reviewed by humans in moderation cases, or used to train future models if the plan or settings allow it. Every provider is different, and terms change — which is exactly the point: to know what happens to your text, you have to read (and re-read) each service's policy.

№ 02

The five questions worth asking

Before pasting anything sensitive into any AI, it pays to answer these:

Where is it processed?On your device or on third-party servers? In which country, under which jurisdiction?
Is it stored?How long are your conversations retained, and for what purpose?
Is it used for training?Could your texts end up inside the next model? Is it opt-in or opt-out?
Who can see it?Is there human review? Employees, contractors, third-party tools?
Can you verify it?Is the privacy promise technically verifiable, or merely contractual?

The last question is the uncomfortable one: in the cloud, the honest answer is almost always "you can't verify it — only trust it".

№ 03

When the text is work: emails, minutes, contracts

For personal use, sending a cooking recipe to the cloud won't keep anyone up at night. Things change when what you process daily is work material: client emails, minutes containing other people's data, contract drafts, medical or financial information. Now you're dealing with the confidentiality you promised your clients, the GDPR when third parties' personal data is involved, and your company's trade secrets.

Many European organizations already restrict what can be pasted into cloud AI assistants — not out of technophobia, but because the question "where does this go?" doesn't have an answer a compliance officer can sign off on comfortably.

№ 04

The alternative: text that doesn't travel

There is a second possible architecture: running the model inside the device. Recent Apple chips include a language model that runs on the Neural Engine, with no connection. With that design, the five questions above have short answers: it's processed on your chip, stored nowhere else, trains nothing, seen by no one — and you can verify it with a network monitor.

It's not magic or marketing: it's a property of the architecture. If the software has nowhere to send your text, privacy doesn't depend on any promise. We explain how it works in the on-device AI guide, and how to verify it in "See for yourself".