Security model
Privacy promises must be inspectable.
LocalPrivate Tools is designed around strict local mode. User files, parsed text, PII previews, SQL results, RAG chunks, embeddings, and Q&A context are not sent to content-processing servers.
Allowed network requests
Static assets, WASM, model weights, license checks, payment flows, and optional security metadata reports.
Blocked by design
User files, parsed text, embeddings, SQL outputs, redaction previews, and document Q&A context.
Local persistence
License, preferences, app resources, model weights, and user-approved non-sensitive templates may persist locally. Sensitive session content should disappear when cleared or closed.
Commercial boundary
Payment and license services receive order metadata and SKU entitlements only. They are not a content-processing backend.
Analytics boundary
The main site may use Cloudflare Web Analytics for aggregate page and performance metrics. The App workspace does not load analytics beacons or send product behavior, file names, queries, findings, document excerpts, or reports.
Error reports
App errors are shown locally by default. Remote reports, if added later, must be user-reviewed and limited to non-content metadata.
Network panel verification
- Open browser DevTools and clear the Network log.
- Drag a representative private file into the App.
- Run scan, SQL, or document review workflows.
- Confirm requests are limited to static resources, model assets, payment, or license metadata, not user content.