What is the difference between privacy as a feature and privacy as an architecture?

Privacy as a feature means controls layered on top of a system that already collects your data - deletion tools, opt-outs, consent banners. Privacy as an architecture means the system was never designed to collect your data in the first place. On-device AI is an example of the latter - there is nothing to delete because nothing was ever sent.

Why aren't privacy policies sufficient?

A privacy policy is a legal document that describes what a company promises to do with your data. It doesn't change what's technically possible once the data is on their servers. Architecture determines what is possible. Policy determines what is promised. Only one of those is enforceable by design.

Privacy Is Not a Feature. It’s an Architecture Decision.

“We take your privacy seriously.”

That sentence appears in the privacy policy of nearly every AI product in existence. It is also, in the strictest technical sense, irrelevant.

What privacy as a feature looks like

Privacy features are controls layered on top of a system that was designed to collect your data first.

They include: toggles that let you opt out of training. Data deletion requests that remove your history from a database. Consent banners that ask you to accept terms before using a product. Download-your-data buttons that let you see what was stored.

These are not meaningless. They give users some agency. But they share a common assumption: your data was already on a server before any of these controls applied.

The privacy feature model treats collection as the default and user control as the exception. The data moves first. The permissions come second.

What privacy as architecture looks like

A different model starts with a different assumption: the data should never leave the device.

The model runs in your phone’s memory. Your query never becomes a network request. Your calendar and messages are never transmitted. Inference runs on your hardware, on your device - nothing reaches an external server.

There is nothing to delete. There is no policy to violate. There is no breach to notify you about.

This is not a stronger version of the privacy feature model. It is a fundamentally different architecture where the privacy guarantee is a structural property, not a promise.

Why policy is not architecture

A privacy policy is a legal document. It describes what a company promises to do with your data. It does not change what is technically possible once your data is on their servers.

Architecture determines what is possible. Policy determines what is promised. A company can change its policy - by updating a terms of service, by being acquired, by responding to a government request. An architecture that never collected the data in the first place cannot be changed after the fact.

This distinction matters more as the data becomes more sensitive. General search queries carry limited risk. Persistent personal context - your messages, health data, financial patterns, relationship history - carries significant risk. The architecture question is not abstract when the data at stake is that personal.

Personal AI is uniquely difficult to make private by policy, because the value proposition requires access to your most sensitive data.

An AI that can help you needs to know your calendar, your messages, your work patterns, your health. That’s what makes it useful. The more context it has, the better it works.

A cloud AI asks you to hand over that context in exchange for its capabilities. The implicit contract is: give us your data, we’ll give you a useful assistant, and we promise to be responsible with it.

An on-device AI inverts that contract. The context lives on your hardware. The model runs locally. The capabilities are the same - or better, because the model has more context than any cloud service would retain. But you never handed anything over.

Consent only matters when there’s something to consent to. On-device AI removes the question.

What this means for how AI should be built

If privacy is an architecture decision, it has to be made at the beginning - in the choice of where inference runs, where context is stored, and what leaves the device.

A product that runs inference in the cloud and adds privacy controls on top is a cloud AI with privacy features.

A product that runs inference on-device, stores context locally, and sends nothing to external servers is a private AI by architecture. There is no feature to ship, no toggle to add, no policy to write. The privacy guarantee is in the design.

This is the only version of personal AI that deserves access to your full context. Not because the company behind it is more trustworthy. But because the architecture makes trust irrelevant - the data never left your device.

Off Grid runs every model locally. No data leaves your device. Download for iPhone or Android.

Privacy Is Not a Feature. It’s an Architecture Decision.

What privacy as a feature looks like

What privacy as architecture looks like

Why policy is not architecture

The consent problem

What this means for how AI should be built