Privacy & Security Questions, Answered

It’s literal: the model and data sit on a server in your building, with no vendor API required to run it. You can verify it by pulling the network cable and watching it still work.

Local AI is yours, in your building. A “private cloud” vendor still owns the hardware your data sits on. Only one of those keeps your data off someone else’s estate.

Yes. Once the models are trained, threat-detection inference runs on your LAN and can be fully air-gapped.

No. Local models answer without internet round-trips or rate limits, so for many tasks it’s faster than the metered cloud.

It supports those workflows with on-prem data, access control, and audit logs. We configure the controls; your auditor handles certification — we never claim to certify you.

Give them a sanctioned in-house assistant that’s faster and unmetered, then policy-block the public tools. Remove the reason, not just the access.

Signed updates applied on your schedule via controlled media transfer — never an automatic phone-home.

Nothing leaves. The hardware, the model, and the data are yours; you own them outright from day one.

Not always. Smaller builds fit in an office closet; we size and place it during the on-site assessment.

Prompt injection is when crafted input gets the model to follow hidden instructions instead of yours (OWASP LLM01). Honest answer: no, running the model on your own server does not stop it — it’s a design-level issue, not a hosting one. What local does is keep the data and the blast radius in the building, and we narrow it further with strict output handling, least agency, and human review. See our prompt injection guide for the full picture.

No — it supports those programs, it doesn’t certify you. A private build provides the technical controls (on-prem data, encryption, access control, audit logs) that your compliance effort leans on, but certification and legal sign-off stay with your QSA, CPA, C3PAO, or counsel. Our AI compliance for Texas businesses guide maps each control to each framework.

We plan for failure up front: hardware redundancy (redundant power supplies, RAID/NVMe, ECC memory) so one component dying doesn’t take you down, plus encrypted backups kept local or offsite-but-still-yours and a recovery plan with tested restores. Owning the box means you own continuity — so we build the plan in. Our backup and disaster recovery guide walks through it.

Air-gapped means the server has no physical or network path to the public internet at all; updates only arrive on controlled media you carry in. LAN-only allows access from devices on your network but blocks outbound calls. Most businesses are well served by LAN-only with strong access control; air-gap is for the highest-sensitivity cases. Our air-gapped AI server guide covers the trade-offs.

Only the roles you grant. We use role-based access control with single sign-on and multi-factor authentication on the inference endpoint, so people get exactly the permissions their job needs — and every access is recorded in logs that live on hardware you own. Our access control guide details the four core roles.

Book a risk assessment. We look at where your AI data goes today and scope a private build to close the gaps.