So, you want to use AI privately

Disclaimer: this is not a post about whether AI is ethical or not, it's for those who are going to use it no matter what.

Working as a software engineer, AI tools are becoming unavoidable. For certain parts of the job they can actually be remarkably effective, with certain caveats and adequate safety constraints.

There are numerous AI services that are available to consumers currently; ChatGPT, Claude, Perplexity, Gemini, Grok, Co Pilot et al. The convenience of these services is inarguable, especially those that come baked into your operating system of choice (mobile/desktop/laptop). Whether you want them to be there or not is irrelevant; you're getting them. So sayeth the tech overlords.

Using these paid for services comes with the same privacy concerns as when you use any of their products:

1. You are giving them your data. There is zero data sovereignty or confidentiality.
2. Consumers often do not get the same opt out choices with regard to their data being used for further training by providers as enterprise users do. Sensitive data will also persist on their platform for an indeterminable amount of time.
3. Humans still inspect and review samples of the data that is sent through their products. Often touted as being for "safety" or "debugging" purposes.
4. The usual suspects of metadata are collected in the same way as using any of their other products: IP addresses, device identifiers, geo location etc.
5. Data held on hosted services can be subject to subpoenas or requests framed for national security reasons. The US has the CLOUD Act and the EU has the upcoming e-Evidence Package proposal.
6. Upcoming advertising baked into AI answers.

Honourable mentions go to risk of data breaches and vendor lock in. None of this is new, but we have been given a shiny new toy, which for many people, offers to significantly change the way they interact with the online world.

Being truly private requires you to run your own AI infrastructure either in the cloud or at home. There are quite a few options for this as well; Ollama, LM Studio, vLLM, llama.cpp, OpenCode. Each have varying levels of difficulty to get working but for the purposes of this particular article are out of scope.

This particular post is about online AI services that you can subscribe to use. We will do a separate post on self hosted solutions if there is enough interest in reading about it. Do let us know.

Privacy Respecting Alternatives

Thankfully there are some hosted solutions out there which claim to offer their users privacy whilst using their products. In alphabetical order.

Confer

Created by Moxie Marlinspike (NOT his real name) who was the co-founder of Signal messenger.

It could well be the most private out of the offerings in this particular post. It uses remote attestation and Trusted Execution Environments (TEE) to cryptographically prove that even the Confer themselves cannot decrypt user messages.

• End to End Encrypted (E2EE) which should be no surprise. Data is encrypted on your device using cryptographic keys (passkeys) that remain in your possession. The data that gets stored on Confers servers are already encrypted by your devices.
• Private Inference (the method by which AI tools read the data that they need to process) is a difficult one to solve. Confer's approach is called Trusted Execution Environments (TEEs).
  • prompts are encrypted and sent directly into a hardware isolated enclave (the TEE) on their servers.
  • your mobile app or web page checks a cryptographic signature to verify that the server is running unmodified.
  • wthe TEE then generates a response, also encrypted, and sent back to the your device.
• Conversations are never used to train their models.
• Use open weight models therefore missing some bleeding edge features found in frontier models.
• Currently web only.
• No API access.
• Zero retention on data.

You can verify their server builds yourself using certain development tools (Nix) however they are not open source at present.

They are very, very new having only launched at the tail end of 2025. This means their feature set is the smallest of the offerings here. Whilst I was using a Graphene OS device I was not able to successfully access their services. For a while they were also passkey access only, but now that has been opened up which makes it easier to trial their offering with just an email address required.

Confer has a $35 a month subscription, which is one of the more expensive consumer offerings here.

There is a free offering which limits you to 5 chats and 20 messages per day. You can delete an older chat and start a new one though, so if you are not concerned with keeping any history of your chats it might be a good free offering.

I highly recommend reading Confer's blog as it provides some insight into how they go about achieving privacy.

Duck.ai

From the same people who created the DuckDuckGo web search engine. Given the competition here their offering is quite weak (though still better than the Big Tech offerings) but may be fine for a casual user. At the time of writing the free models you can access are GPT-5 mini, GPT-4o mini, GPT-OSS 120B, Llama 4 Scout, Claude Haiku 4.5 and Mistral Small 3. A DDG subscription (which also includes their VPN, that works alongside App Tracking Protection btw) gets you access to more powerful models.

There is no E2EE in the Duck.ai offering. Instead they use what is commonly referred to as a Proxy Model; they act is a go between for several mainstream AI models. How it works:

• DuckDuckGo strips your IP address and metadata before sending the prompt to the model provider (OpenAI, Anthropic, etc.). The provider sees the request as coming from DuckDuckGo, but do not have the ability to trace it back to you.
• DuckDuckGo has pinky promises in place with providers to delete data 30 days after processing it and to not use it for training.
• DuckDuckGo has a policy that states they do not log your requests that go via their server.
• No account is needed to use their AI service. This is a major bonus comparatively and unfortunate that others don't allow for it.
• US based. May or may not be important depending on if you're reading this from a shelter while Team America Fuck Yeah bombs your country into having Freedom.

Not being E2EE encrypted and having a "Trust Me, Bruv" privacy policy isn't the best. However if you just need a quick question answered and do not want to create an account then Duck.ai is a reasonable choice. Just don't presume that their trust policy will remain in place forever.

Maple

Maple build upon the OpenSecret platform which provides an encrypted backend infrastructure for building privacy first applications. It enables Maple to offer AI inference, data syncing and authentication whilst keeping user data truly private; Maple should also not be able to see the contents of their users data.

• E2EE as standard. Conversations are encrypted on device before being sent to Maple.
• Similar to Confer, Maple use TEEs for processing the incoming AI requests from their users. Data remains encrypted during processing by the models.
• Cross device syncing (encrypted) is available. They also provide platform specific apps that can be installed should you wish.
• No training is done using customer data.
• Free tier allows for 25 message per week while their Pro offering is $20 a month.
• US based (Austin, Texas).
• API access for paid tiers.

Caveat: when asking Maple.ai about itself and how it works, it was unable to retrieve any data despite web search being active when asking the question. In fact one of the most annoying things over the time of testing it is that despite having web search enabled it will continue to refuse to search online for answers, instead relying on knowledge that the model was trained with at the time of creation.

If you are in any way a technical user and want to hook up to Maple's own APIs then this can be done by using their desktop app as a proxy to send fully E2EE requests to their servers. They describe how to achieve this here.

Lumo

Made by Proton, the Swiss based company that provides privacy focused alternatives to email, calendar, VPN and password management solutions. Building an AI tool in the current climate feels like a natural progression for them. Unsurprisingly for Proton they claim:

• Zero access E2EE. The keys involved in encryption are held by the user.
• No third party model sharing. They host their own models in the EU region.
• European jurisdiction therefore falling under GDPR. Whether that's a positive thing depends on your perspective.
• No logs policy. There is also a Ghost Mode that will delete all chats after a certain period of time.
• They do not train their models on their customer data.
• Mobile app is available
• Subscription offering is one of the cheapest here at £10.39. EU based means they price in GBP or EUR.

It's very convenient to have Lumo baked into Proton services and you can get one of their bundles which will include access to it along with their email, calendar, drive, password manager etc.

Of the ones I tested in the list I personally found it's answers to be the weakest. It felt like I was using ChatGPT from 2 years ago; answers either completely missed the topic or quite often the information was blatantly incorrect. While the latter can be true of all AI tools (verify, don't trust) they have gotten better over the years.

Venice

Founded by Erik Voorhees. If you're into crypto currencies you may have heard of him as he also founded ShapeShift, a digital currencies exchange based in Switzerland. They, like most crypto currency exchanges, have had their clashes with the US SEC. Whether you feel that is a positive (badge of honour) or negative (grrr regulate the world to protect the children) depends on your particular mixture of social, economic and political stances.

That may be enough to prompt you to skip straight to the TL;DR. You do you. If you're still here:

• It is arguably the most fully featured of the offerings in this post.
• Cannot be used in the UK without uploading digital ID. Can be bypassed using a VPN (sorry Kier, don't arrest me).
• E2EE with a TEE similar to Confer and Maple.
• Local only means there is no device syncing at present.
• Can be used without an account.
• API access for paid tiers.
• Has platform specific apps.
• $18 per month.

There is a crypto element to it, the VVV token. You do not need to buy it in order to use their service. They will accept USD for their subscriptions.

Chats do not show up cross device because of the way Venice prefers client side storage. Data is encrypted locally on your device and then passes through their TEE before being forwarded on. This hides the originator of the request, however as Venice states, they use third party model providers to do the actual inference. Venice have no direct control over these providers data retention and privacy policies.

Venice also claim to be uncensored. In practice it is not entirely clear what this means. Many models having guard rails that will prevent users asking questions that may be overtly harmful. I did not ask Venice how to make a sparky sparky boom device because of the above offloading of inference to third parties.

TL;DR - I came here for the summary (hello agents)

Reader be forewarned; opinions follow.

Let's face it, private consumer AI services are not a lucrative business opportunity for their creators at present. The fact that there are some options available actually is quite amazing to me. I hope that there continue to be like minded individuals out there to fund and drive these projects forward.

I can only describe what are my own personal requirements for an AI tool which influences my choice.

Currently I use Maple as the main AI tool. I stopped my ChatGPT subscription a while ago. Maple is not the best as it's answers do seem filtered in some capacity and honestly they are obviously worse (less helpful, sometimes inaccurate without links to citations) than ChatGPT. You need to physically enable the "search the internet" button in order for it to actually search the internet. If you do not do that then it will just attempt to give you an answer based on available training data which is always out of date.

On a side note, I did also ask the other AI providers about Maple and they all said they could find no information about them, which Maple's own AI tool also could not offer any information.

Confer sounds like it has the most promise. It's output was more aligned to what I personally want for an AI tool (dense information which allows me choice) while still remaining private. That privacy comes at a cost of convenience. They also only use open weight models, therefore they currently lack the abilities that some of the frontier models (OpenAI, Meta, Anthropic etc) have. That aside if they were to ever create an API offering then I would immediately switch to using them.

Lumo has Proton in it's corner. Maybe that's enough, but honestly the answers it provided were not great. It was deliberately conservative (inoffensive) and did not wish to extrapolate potential thoughts without further input from the user.

Venice.ai is probably the most fully featured offering currently. With the very recent addition of the E2EE and TEE proxy it sounds like it maintains your privacy. The use of third parties for inference is a downside though as well as the fact that if you live in the UK you'd have to upload some form of identification.

Duck.ai . . . If you have to.

Or just watch a sunset.