Research

Privacy Is Not a Feature

Every API call is a data transfer. Local inference isn't a privacy feature — it's the absence of a privacy risk.

May 12, 2025 · 4 min read

Cloud AI products have adopted a consistent framing for privacy: it is something you turn on. There is a 'privacy mode'. There is a 'no training' toggle. There is a promise that your data is anonymised, not retained beyond 30 days, not used to improve the model. These are marketing positions, not architectural guarantees.

When you send a message to a cloud AI API, you are making an HTTP request to a server you do not control. Your prompt travels over a network, lands in a data centre operated by a third party, is processed by software you cannot inspect, and may be logged, stored, and reviewed by humans under certain conditions defined in a terms of service that can change. The 'privacy mode' toggle changes what the company says it does with your data. It does not change the fact that your data arrives at their infrastructure.

This matters in professional contexts more than it is commonly acknowledged. Legal professionals who use cloud AI for drafting are transferring client privileged information to a third party. Clinicians who use it to summarise patient notes are sending protected health information to an external server. Financial analysts who use it to draft reports on non-public information are creating potential compliance exposure. In each case, the risk is not hypothetical — it is structural, and a privacy toggle does not resolve it.

Local inference eliminates the exposure at the source. If the model runs on your machine, the prompt never leaves your machine. There is no server log. There is no terms of service. There is no human review clause. The guarantee is not contractual — it is physical. The data did not move.

The counterargument is that most people do not handle genuinely sensitive information in their AI interactions, and for them the privacy argument is theoretical. This is probably true. But the habit of routing sensitive work through cloud infrastructure is being established now, while the privacy conversation is still abstract. The professional norms, the compliance frameworks, and the security postures are all being formed around the assumption that cloud AI is the default. That assumption will be harder to dislodge once it is embedded.

Privacy is not a feature you add to cloud AI. It is a property you get from local inference by default. The framing matters because it changes what you ask for: instead of looking for a cloud product with strong privacy commitments, you ask whether the task needs to leave your machine at all.