Built so the company can't read your data, by design.
01 Mission
Most consumer AI products treat your conversations as training data, ad signal, or both. We're building one that can't. The pieces are open: your phone wraps your data before it leaves, the AI runs in a sealed space your phone can verify, your record of what happened is yours, and the export is offline-readable.
02 How we keep ourselves honest
Every design choice is written down and public. Every privacy claim on this site has to trace to a design record that supports it — an automated check refuses to ship copy that drifts from what the system actually does. We also publish what we explicitly don't claim to defend against.
03 What we believe
- Trust should be verifiable, not promised. "We don't read your data" is a policy claim. "Our infrastructure can't read your data" is an architecture claim. We build the second kind.
- Privacy isn't a tier. The privacy guarantees that matter are on every plan we'll ever sell.
- Open beats closed for the hard parts. The AI is open-weight. The clients are open-source. The export format is offline-readable. Anyone can inspect what we're actually doing.
04 The team
Coming soon. For now we'd rather let the work speak.
05 See how it works
For the under-the-hood details — how the encryption works, how the AI integrity check works, how the audit log works, what we promise and what we don't — read the technical details.