Violet
Learn

What is a private AI companion?

Published 2026-07-04 · updated 2026-07-04

A private AI companion is a personal AI assistant designed so the provider cannot read what you tell it. Instead of relying on a privacy policy, it relies on architecture: your content is encrypted on your device with a key derived from your passphrase, and the server stores only ciphertext it cannot open. It differs from a chatbot in persistence and from a voice assistant in depth of memory.

Not a chatbot window

A chatbot is a place you go: you open a tab, ask a question, close the tab, and the relationship resets. A voice assistant is a command line you speak to: it sets the timer, answers the question, and forgets you. A companion is a presence that stays. It remembers your life over months, notices your calendar and your reminders, and carries the same context across your phone, your desktop, and the web. That persistence is the whole value, and it is also exactly why privacy matters more here than anywhere else in consumer software. A companion that works accumulates the most sensitive dataset you own: your schedule, your worries, your health notes, your money, your relationships.

What private means: architecture, not policy

Most products protect your data with policy: the provider can technically read everything, and promises not to. A private companion protects it with architecture: the content is encrypted before it leaves your device, using a key derived from a passphrase only you know, and that key never leaves your device. The server stores sealed envelopes of ciphertext. It can lose them or return them, but it cannot open them. The provider does not have to be trusted with your content, because the provider never has your content.

Who needs one, and who does not

The case for a private companion scales with how much of your real life you plan to hand it. If you only ever ask an AI throwaway questions, any chatbot is fine and the privacy architecture barely matters. The calculus changes when the assistant is meant to hold things that stay sensitive for years.

You probably do not need one if your use is stateless: one-off answers, code snippets, drafts you paste in and out. Privacy architecture protects stored life context; if you store none, a simpler tool serves you fine.

The three architectures

Every personal AI product sits somewhere on a triangle between three basic designs. Naming them precisely makes the marketing easier to see through.

ArchitectureWhere your content livesWho can read itThe tradeoff
Local-onlyYour device, and nowhere elseOnly youNo cross-device sync, and the model quality is limited to what your hardware runs
Plain cloudThe provider's servers, readableYou and the provider, bound by policyFull convenience and the strongest models, at the cost of trusting the policy
Hybrid end-to-endYour device in the clear; the cloud as sealed ciphertextOnly you; the server holds envelopes it cannot openSync and continuity without a readable copy, but you must keep your passphrase

Local-only is the local-first ideal and genuinely strong, but it gives up continuity between devices. Plain cloud is what most AI products ship, because it is the easiest to build. The hybrid design encrypts stored content on the device and syncs only ciphertext, so you keep continuity without giving the provider a readable copy of your life.

A decision framework

If this describes youLean towardBecause
One device, maximum control, technical comfortLocal-onlyNothing leaves the machine, and you accept the sync and model limits
Casual, stateless use with nothing sensitive storedPlain cloudThe convenience is real and the exposure is small when nothing accumulates
A durable personal record across phone and desktopHybrid end-to-endContinuity requires a server, and end-to-end encryption keeps that server blind
You cannot risk a provider policy change ever exposing historyLocal-only or hybrid end-to-endBoth remove the readable server copy that a policy change could newly exploit

How Violet applies this

Violet is a personal AI partner built on the hybrid end-to-end architecture, currently pre-launch. On your device, your passphrase is run through PBKDF2-SHA256 with 200,000 iterations to derive a 256-bit AES-GCM key that the browser marks non-extractable: the platform itself refuses to export it. Content is sealed under that key before sync, and the server stores only a nonce and ciphertext per record, plus the minimal metadata sync needs. Decryption is authenticated, so a tampered envelope fails closed instead of returning garbage. Inside the app, a Trust panel shows what is stored on the device and what the cloud can see, read from real state at the moment the panel opens, not from marketing copy. Voice input is push-to-talk only: the microphone is live only while the button is held, with no wake word and no always-listening mode.

Common misconceptions

Edge cases and honest limits

An honest description of this category includes what end-to-end encryption does not do. First, passphrase loss is real loss: if the key is derived from your passphrase and never leaves your devices, a provider that could recover your content would, by definition, hold a key, so a true implementation cannot rescue you. Second, metadata remains visible, as above. Third, there is an inference boundary: a model cannot reason over ciphertext, so whenever cloud reasoning is used, the prompt being answered is visible to the model at that moment. End-to-end encryption protects what is stored and synced; a candid product states that boundary plainly instead of implying the model reads nothing.

Where the category is going

Three pressures point the same direction. Assistants are becoming resident rather than visited, which makes the accumulated record larger and more intimate. Users have learned that policies and owners change. And the platform primitives for doing this properly, such as the Web Cryptography API with non-extractable keys, now exist in every mainstream browser. The likely end state is that "the provider cannot read it" becomes a standard question buyers ask of any personal AI, the way "is it encrypted in transit" became standard a decade ago. Products built on readable-server architectures will have to argue for trust; products built on sealed-envelope architectures can simply show their design.

Questions

Is a private AI companion the same as running a model locally?

No. Running a model locally is one way to keep content private, and it works with no cloud at all. A private AI companion can also use cloud sync and cloud inference while staying private about stored content, by encrypting that content on the device so the server holds only ciphertext. The two approaches solve different parts of the problem and can be combined.

Can a provider with end-to-end encryption still see anything?

Yes: metadata. Even with end-to-end encrypted content, a provider typically sees account identifiers, when devices sync, and how much data moves. It cannot see the content inside the envelopes. An honest product enumerates its metadata plainly instead of implying it sees nothing at all.

What happens if I lose my passphrase?

In a true end-to-end design, the content key is derived from your passphrase and exists only on your devices, so the provider cannot recover your encrypted content. That is not a flaw; it is the proof the architecture is real. A provider that can reset your passphrase and still show you your history necessarily holds a key.

Is Violet available today?

No. Violet is pre-launch: the apps are not in stores yet, and there is a waitlist on the home page. Joining stores your email address and nothing more, and you can ask to be removed at any time.

Related pages

Sources